American startups need surveillance reform

American startups need surveillance reform
© Getty Images

There’s an ongoing debate on the Hill over government surveillance that will impact companies with users abroad, especially startups. 

With a good idea and a connection to the open internet, a small startup anywhere in the U.S. can reach users all over the world, expanding their business and contributing to economic and job growth back home. 


But that open global marketplace for even the smallest and newest companies can be at risk if policymakers in other countries create trade barriers in the name of protecting their citizens’ privacy. And while large companies might have the resources and legal teams to navigate those trade barriers, startups often rely on streamlined data sharing agreements to make sure they’re operating legally abroad.


Take, for instance, the Privacy Shield, a transatlantic deal that lets thousands of companies bring European users’ data across the Atlantic to be processed and stored. While a recent review of the Privacy Shield by the European Commission found that the agreement adequately protects Europeans’ privacy, the review points out places for improvements in U.S. surveillance law to ensure European’s fundamental privacy rights are protected. 

“The practical implementation of the Privacy Shield framework can be further improved in order to ensure that the guarantees and safeguards … continue to function as intended,” the report states, calling for transparency and oversight improvements, as well codifying Obama-era privacy protections for non-U.S. persons.

Now Congress has a chance to show that it takes those concerns — and the impact they have on U.S. businesses, including startups — seriously. Section 702 of the Foreign Intelligence Surveillance Act is an online spying law that expires at the end of this year, and Congress has already begun the debate about what changes to make as it reauthorizes the law.

Much of the debate over Section 702 has rightly focused on the impact of this surveillance on national security and civil liberties. But lawmakers should factor in how this debate is perceived abroad and how that perception can harm U.S. businesses, especially the small startups that don’t have the resources to navigate complex international data rules on their own.

As the European Commission noted in its report on Privacy Shield, this year’s Section 702 expiration presents a “unique opportunity for strengthening the privacy protections contained in [the Foreign Intelligence Surveillance Act].” 

And some lawmakers are already attempting to bolster privacy, transparency, and oversight protections in Section 702. There are some proposals out — including one from House Judiciary Committee members, a more aggressive version of the bill from Sens. Patrick LeahyPatrick Joseph LeahySenate passes disaster aid bill after deal with Trump GOP senators work to get Trump on board with new disaster aid package Chances for disaster aid deal slip amid immigration fight MORE (D-Vt.) and Mike LeeMichael (Mike) Shumway LeeOn The Money: Senate passes disaster aid bill after deal with Trump | Trump to offer B aid package for farmers | House votes to boost retirement savings | Study says new tariffs to double costs for consumers Senate passes disaster aid bill after deal with Trump Hillicon Valley: Google delays cutting off Huawei | GOP senators split over breaking up big tech | Report finds DNC lagging behind RNC on cybersecurity MORE (R-Utah), and an even more aggressive bill from Sens. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Facebook won't remove doctored Pelosi video | Trump denies knowledge of fake Pelosi videos | Controversy over new Assange charges | House Democrats seek bipartisan group on net neutrality Manning: Additional Assange charges are feds using the law 'as a sword' Overnight Health Care — Presented by PCMA — Senators unveil sweeping bipartisan health care package | House lawmakers float Medicare pricing reforms | Dems offer bill to guarantee abortion access MORE (D-Ore.) and Rand PaulRandal (Rand) Howard PaulO'Rourke: Trump 'provoking' war with Iran by sending troops to Middle East Overnight Defense: 1,500 troops heading to Mideast to counter Iran | Trump cites Iran tensions to push through Saudi arms sale | Senate confirms Army, Navy chiefs before weeklong recess Trump to send 1,500 troops to Middle East to counter Iran MORE (R-Ky.) — that would make changes to the law, including boosting transparency and oversight of the surveillance and codifying the NSA’s decision earlier this year to end “about” collection. “About” collection was the controversial process of collecting communications not just to and from identified foreign intelligence surveillance targets, but collecting communications that merely mention an identifier linked to a target.

But other lawmakers, seemingly unconcerned by the privacy violations and potential threats to U.S. business, are pushing ahead with proposals would make the law worse. The Senate Intelligence Committee recently passed a bill that would, among other things, extend the law for eight years and create a path forward for the intelligence community to restart “about” collection. And the House Intelligence Committee is quickly moving forward with a new bill that would expand Section 702 surveillance.

Ignoring the concerns about Section 702 surveillance both at home and abroad is not the right answer for lawmakers or for the constituents and small businesses in their districts and states. 

With the Section 702 expiration date looming, lawmakers have a chance to respond to both the privacy concerns of their constituents and the concerns of U.S. businesses — especially startups that rely on simplified access to their global users — who are watching the conversation about U.S. surveillance unfold abroad. 

Kate Tummarello is a policy analyst at Engine , an advocacy and research organization that supports tech startups. She has a background in privacy and security issues, including her work as a journalist and as a digital rights activist.