The Senate Committee on Commerce, Science and Transportation will hold a hearing Wednesday on “Examining Safeguards for Consumer Data Privacy,” intended as an opportunity for lawmakers to learn about “possible approaches to safeguarding privacy more effectively.”
That’s great except for two small things.
No consumers were invited to speak on safeguarding consumer data privacy.
No consumer advocates were invited to speak on safeguarding consumer data privacy.
Who was invited? That would be representatives of some of the country’s biggest tech and telecom companies — businesses that have a highly vested interest in collecting and exploiting as much consumer data as they can get their mitts on.
“If the purpose of the hearing is to educate lawmakers, you’d want a diverse set of voices,” said Ernesto Falcon, legislative counsel for the Electronic Frontier Foundation, a privacy-rights advocacy group. “That’s not happening.”
What’s on tap instead, he told me, is “allowing industry to define what would make a good privacy law.”
Witnesses scheduled to address lawmakers Wednesday include senior officials from AT&T, Amazon, Google, Twitter, Apple and Charter Communications.
Each one of these companies relies on consumer data for a significant portion of its revenue, either as the foundation of marketing efforts or as a commodity to be sold to others.
A likely upshot of the hearing, Falcon said, is that each company will make the case for why a federal data-privacy law should preempt state laws. And there’s a good reason for that.
They’re terrified of a landmark privacy law passed by California in June and set to take effect at the beginning of 2020.
The California Consumer Privacy Act — AB 375 — provides state residents with sweeping rights, including the ability to find out what kinds of information a business has collected and what it plans to do with it.
It allows consumers to request that a company delete any personal information it holds, to be able to opt out of the sale of such info and to sue if reasonable security practices aren’t maintained to prevent data breaches.
The law also defines “personal information” as broadly as possible to encompass personal identifiers, biometric data, internet browsing history, location and any inferences a business might make based on a consumer’s digital footprint.
The California statute represents a huge shift in the balance of marketing power, recognizing that consumers have a right to control what companies know about them and what they do with all that information.
The law doesn’t go as far as recently enacted European privacy rules, but it’s still the toughest, most consumer-friendly privacy regulation ever adopted in this country.
What we’ll likely see Wednesday, therefore, is Big Data telling lawmakers that they feel consumers need to be better protected and that they benevolently support federal safeguards to accomplish this.
What they’ll really be saying, though, is that they want Congress to adopt rules that are far less stringent than what California has passed, and they want the federal rules to trump anything imposed by states.
“We don't know what this committee was thinking when it decided it was a good idea to hear only from powerful tech interests that are fighting against real privacy laws,” said Ed Mierzwinski, senior director of the federal consumer program for the U.S. Public Interest Research Group.
“Sure, there are minor differences in their individual messages, but none of them represent consumers or citizens, and as a group would welcome a terrible federal law that lets them do what they want to collect, analyze, use and sell our information,” he said.
“They'd be happy to make state privacy leadership obsolete.”
Sen. John Thune (R-S.D.), chairman of the committee, said in a statement that “consumers deserve clear answers and standards on data privacy protection.”
“This hearing will provide leading technology companies and internet service providers an opportunity to explain their approaches to privacy, how they plan to address new requirements from the European Union and California, and what Congress can do to promote clear privacy expectations without hurting innovation,” he said.
That’s fine and dandy, but doesn’t Congress want to know what consumers and consumer privacy experts have to say?
Frederick Hill, a committee spokesman, said that “we expect there will be opportunities for other voices at future hearings on privacy.”
Cool. When will those hearings be held?
No additional hearings are scheduled, Hill replied.
I contacted each of the companies set to testify this week. I asked what points they hoped to get across to lawmakers, how they felt about California’s privacy law and what they’re looking for in a possible federal law.
I didn’t learn much.
AT&T said it has “long supported federal legislation to protect consumer privacy through a clear and consistent set of safeguards that apply equally to all platforms.” Google said it has “long been supportive of thoughtful privacy legislation that both protects consumers and encourages all businesses to continue innovating.”
The other companies either declined to comment or ignored my questions.
Falcon at the Electronic Frontier Foundation said a congressional hearing isn’t a venue for spirited debate. However, it’s important to have informed participants who can prevent lawmakers from being misled.
“If you don’t have witnesses that are able to point to assertions that are misleading, then those misleading assertions are the ones that will sink into the heads of senators,” he said.
If nothing else, here’s what lawmakers need to keep in mind: The federal government can and should set regulatory base lines for businesses. But states — as conservatives keep telling us — know their citizens best and should have the last word.
Enact a federal privacy law. Please.
But make it clear that any such law will be superseded by stronger provisions at the state level.
Because Republicans believe in states’ rights.