Tech accountability package: The way to kill privacy legislation
In recent months, the pressure from Congress on tech companies has grown with nebulous, and at times paradoxical, accountability proposals introduced on Capitol Hill. Bills have been proposed to change and regulate the way we protect freedom on the internet, privacy, and platform interoperability and competition.
With elections around the corner, summer recess looming, and a possible flip of the Senate and House in November, there is discussion about combining several or all of these bills together.
Combining these actions into a tech accountability package would be a mistake. Experts point out that seeking competition may come at the expense of privacy and security, and as Rep. Eric Swalwell (D-Calif.) argued, it is bad policy to weaken national security for the sake of regulating “Big Tech.” Additionally, the proposed bills vary substantially in their importance, bipartisan agreement, and effect on consumers and tech platforms.
Addressing data security and data privacy is the most important priority Congress could address this year, and it should be prioritized. It is the backbone for everything else that happens in our digital life. Questions around the function of platforms are based on the fundamental principles of privacy and data security. In fact, the drafters of the antitrust bills are aware that they are intertwined because they attempt to address cybersecurity concerns by giving carve-outs and security exemptions that attempt to address cybersecurity and privacy in an ad-hoc way. It is reactive instead of proactive. And, although the privacy bill might be an unexpected date to the Big Tech dance, it is the likeliest to pass Congress because it has the broadest support. The news that Sen. Roger Wicker (R-Miss.), Chairman Frank Pallone (D-N.J.) and Rep. Cathy McMorris Rodgers (R-Wash.) announced a negotiated compromise on a bill makes it even more likely that this is the one bill likely to pass this session.
The other legislation grouped under the term “tech accountability,” such as Section 230 reform and antitrust legislation are both less popular and provide questionable answers to the challenging questions of platform accountability and speech online. More importantly, they do little to address the underlying problems that a privacy bill should solve first. A recently amended draft of the leading proposed antitrust bill, The American Innovation and Choice Online Act, S. 2992, attempted to fix these problems, but critical issues remain. Passing this legislation would still lead to cybersecurity and national security concerns raised by security experts, which should really be tackled as a primary issue within a privacy bill.
A reasonable, consensus-based privacy bill should be the building block for any other action. As we’ve outlined at R Street, such a bill would reach across both sides of the aisle while upholding privacy and security for Americans. As we argue in our privacy project, “The current lack of federal privacy legislation affects the economy, national security and consumer safety and is—at its most basic level—not a controversial issue for most Americans.”
Bundling all of these challenging pieces of legislation into one omnibus package may be one way to move all of the legislation, but it’s more likely that one provision will be seen as a poison pill that tanks the whole lot. Instead, let’s move data security and data privacy legislation which, unlike other bills, will bolster our cybersecurity posture, improve privacy protections for consumers, and create strong building blocks upon which other Big Tech accountability could be built.
Tatyana Bolton is the policy director for R Street’s Cybersecurity & Emerging Threats team. She crafts and oversees the public policy strategy for the department with a focus on critical infrastructure cybersecurity, data security and data privacy, and diversity in cybersecurity.