California’s Legislature is poised to vote Friday on a landmark Internet privacy bill, one that could quickly become a bellwether for the rest of the country.
But the measure is opposed by large Internet providers and tech companies, in an unusual alliance that could doom efforts by privacy groups to reverse deregulatory actions taken by President Trump and his allies at the start of the year.
The bill under consideration in California is a near-mirror image of rules put in place by the Federal Communications Commission in 2016. The nationwide regulations sought to place new limits on Internet providers who wished to use customer data — such as online browsing history and location information — to sell targeted ads. But the rules later were overturned by Trump and Republican majorities in Congress.
Now, in a bid to restore some of those rules, California is considering its own broadband privacy measure. It is widely opposed by large, established Internet providers such as Cox Communications, T-Mobile and Verizon. Google, Facebook and other massive tech companies also oppose the bill — over concerns, analysts say, that the expanded privacy regulations could indirectly affect the websites’ own ability to gather and monetize user data.
With just hours until the end of California’s legislative session, the bill — AB 375, authored by Assemblyman Ed Chau (D-Arcadia) — will need to be fast-tracked through the state Senate and Assembly by early Saturday in order for it to wind up on the governor’s desk. The first votes on California’s privacy bill could come shortly before 3 p.m. Friday; if the bill fails to advance, lawmakers may choose to pick up where they left off in January.
Supporters of the bill say there’s much more at stake than California’s own policies.
“This becomes law here, likely Oregon will follow in February and the 18 other states active in this will start rolling in,” said Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, a California-based technology advocacy group. More than 20 states have considered passing their own Internet privacy bills in recent months, according to the National Conference of State Legislatures.
But opponents argue that the bill is being rushed to completion. Deep changes to the legislation as recently as Tuesday show that the bill is not ready for prime time, according to a joint letter sent Thursday to policymakers by a coalition including the companies mentioned above as well as AT&T, Comcast and the Internet Assn., a Washington trade group that represents tech firms. A spokesman for the Internet Assn. declined to comment for this story.
“Foundational concepts are lacking, including a clear definition of what businesses the bill covers,” the letter says. “The bill would also lead to recurring pop-ups to consumers that would be desensitizing and give opportunities to hackers.”
Some of those same arguments are finding their way into industry-backed advertisements blanketing media properties in the area, according to Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy organization. The ads, he said, “play off of Equifax breach fears” and do not disclose their origins.
The 11th-hour legislative battle comes at a sensitive time for the biggest firms in Silicon Valley, whose fortunes have rapidly shifted this year amid widespread allegations of sexual discrimination and monopolistic behavior by some tech companies.
The issue also has seen tech’s most powerful titans striking a rare truce with the broadband providers who typically serve as the Valley’s foil in policy debates. As both groups expand their use of commercial data, state regulations that could hinder that effort represent a common danger. With the FCC’s repealed regulations giving way to multiple state-level proposals, companies now face the prospect of a regulatory patchwork that could become an even bigger headache than the federal rules they lobbied to end.
Fung writes for the Washington Post.