Tech executives say they want data privacy legislation without strongest regulations

Tech executives say they want data privacy legislation without strongest regulations
© Greg Nash

Lawmakers grilled executives from technology companies, who said Wednesday that they supported legislation for privacy regulation but often dodged backing specific policies. 

The Senate Commerce Committee hauled in representatives from Twitter, Amazon, Google, Apple, AT&T and Charter to question their privacy practices and what type of new consumer data regulations they're open to.

Executives from the companies were often quick to agree, or offer a “qualified yes” to broad commitments of support for new privacy legislation and increased government regulation regarding data privacy, but demurred when pressed for details on what they would support.

ADVERTISEMENT

When representatives did specify, they said they want some of the strongest provisions, like a mandatory opt-out for data collection, to be excluded from the hypothetical legislation.

During Sen. Amy KlobucharAmy KlobucharThe Hill's Coronavirus Report: Teachers' union President Randi Weingarten calls Trump administration plan to reopen schools 'a train wreck'; US surpasses 3 million COVID-19 cases The Hill's Coronavirus Report: DC's Bowser says protesters and nation were 'assaulted' in front of Lafayette Square last month; Brazil's Bolsonaro, noted virus skeptic, tests positive for COVID-19 Hillicon Valley: QAnon scores wins, creating GOP problem | Supreme Court upholds regulation banning robocalls to cellphones | Foreign hackers take aim at homebound Americans | Uber acquires Postmates MORE’s (D-Minn.) line of questioning each internet company in attendance agreed that they supported data privacy legislation, but largely declined to agree to specific details she put forward.

When she asked if they would be interested in a 72-hour public notification requirement in the wake of cybersecurity breaches, each declined.

And Google and Twitter chose to tout the work they did to simply their user agreements when asked if they would support requirements for more basic language in user agreements

Sen. Brian SchatzBrian Emanuel SchatzData shows seven Senate Democrats have majority non-white staffs Overnight Defense: Lawmakers demand answers on reported Russian bounties for US troops deaths in Afghanistan | Defense bill amendments target Germany withdrawal, Pentagon program giving weapons to police Senators push to limit transfer of military-grade equipment to police MORE (D-Hawaii) argued specific updates were needed to give the Federal Trace Commission teeth to regulate the internet and telecommunications companies — a point executives said they would consider, but did not firmly agree to.

ADVERTISEMENT

Schatz pointed out that currently, the FTC can only penalize companies after it establishes consent decrees with them, instead of immediately penalizing them for violating regulations.

“There is no economic consequence for violating existing rules or statutes on privacy,” he said, calling it “absurd”. “Only if you violate that consent decree is there the authority to fine.”

Google’s chief privacy officer, Keith Enright, declined to agree but said “we certainly would be interested in engaging in a conversation about what an extension of [the FTC’s] authority would look like and what the proper contours might be,” expressing a sentiment shared by the other executives testifying.

But each agreed that they would prefer national privacy legislation that would require federal law to preclude state law to avoid a “patchwork” of regulatory hurdles that vary from state to state.

They also said new regulations should avoid being as onerous as the new General Data Protection Regulation (GDPR) regulations imposed in Europe.

Len Cali, Senior Vice President Global Public Policy at AT&T, expressed concern that the new rules were “strengthening incumbent” internet players in Europe by boxing out smaller ones that could not afford to afford to comply with the new regulations.

And each executive, except Charter’s Rachel Welch, said that they did not want a default “opt-in” option for consumers to agree to have their data collected, out of concern that it would disrupt functions of their apps that automatically collect some users’ data.

California’s new privacy law was frequently referenced during the hearing, features a mandatory opt-out option that lets users decline share data with tech and telecom companies.

Though the executives tried to stick to their preplanned scripts, lawmakers were able to pull some new details from them.

Enright confirmed to Sen. Ted CruzRafael (Ted) Edward CruzLincoln Project offers list of GOP senators who 'protect' Trump in new ad How conservative conspiracy theories are deepening America's political divide Gianforte halts in-person campaigning after wife, running mate attend event with Guilfoyle MORE (R-Texas) that Google does indeed have a “Project Dragonfly” but did not confirm the details of what the project entails, despite Cruz’s probing.

“I am not clear on the contours of what is in scope or out of scope for that project," Enright said declining to link the project to reports that said Dragonfly is a code name for a search engine Google is developing to comply with Chinese privacy and censorship laws.

The product has earned Google intense scrutiny, both within its own ranks from frustrated employees and with lawmakers like Cruz, Sen. Marco RubioMarco Antonio RubioLincoln Project offers list of GOP senators who 'protect' Trump in new ad GOP Miami mayor does not commit to voting for Trump The Hill's Morning Report - Presented by Facebook - Trump wants schools to reopen, challenged on 'harmless' COVID-19 remark MORE (R-Fla.) and Sen. Tom CottonTom Bryant CottonLincoln Project offers list of GOP senators who 'protect' Trump in new ad Mellman: Roberts rescues the right? Hillicon Valley: Pompeo floats TikTok ban | Civil rights groups slam Facebook after call | Election security funding included in proposal MORE (R-Ark.).

The three have questioned why Google is reportedly working with China despite the company saying it would end its contract with the Pentagon.

The next step following the hearings is to draft and ultimately pass privacy legislation that both Republicans and Democrats are willing to agree on, though a specific timeline for this remains to be seen.

“The question is no longer whether we need a federal law to protect consumers’ privacy,” said Committee Chairman Sen. John ThuneJohn Randolph ThuneClash looms over next coronavirus relief bill Trump second-term plans remain a mystery to GOP Republicans fear backlash over Trump's threatened veto on Confederate names MORE (R-S.D.) during the hearing. “The question is what shape that law should take.”