The Senate Commerce Committee is getting ready to host a much-anticipated hearing on consumer privacy—and consumer privacy groups don’t get a seat at the table. Instead, the Committee is seeking only the testimony of big tech and Internet access corporations: Amazon, Apple, AT&T, Charter Communications, Google, and Twitter. Some of these companies have spent heavily to oppose consumer privacy legislation and have never supported consumer privacy laws. They know policymakers are considering new privacy protections, and are likely to view this hearing as a chance to encourage Congress to adopt the weakest privacy protections possible—and eviscerate stronger state protections at the same time.
The upcoming hearing at the Senate Commerce Committee may be the launch pad for this strategy of undoing stronger state laws.
It is no coincidence that, in the past week, two leading industry groups (the Chamber of Commerce and the Internet Association) have called for federal preemption of state data privacy laws in exchange for weaker federal protections. For example, laws in California and Illinois require companies to have user consent to certain uses of their personal information (Nevada and Minnesota have these requirements for Internet access providers), while the industry proposals would only require transparency. That means that companies would be allowed to collect information without your permission as long as they tell you they’re doing it. The upcoming hearing at the Senate Commerce Committee may be the launch pad for this strategy of undoing stronger state laws.
Since we can’t be there to say this ourselves, we’ll say it here: EFF will oppose any federal legislation that weakens today’s hard-fought privacy protections or destroys the states’ ability to protect their citizens’ personal information. EFF has had a long and continuous battle with some of the testifying companies, such as Google and AT&T, regarding your right to data privacy, and we’re not going to give up now.
To be clear, we would look closely at a sensible federal legislation that offers meaningful protections for data privacy. Uniform laws offer predictability, making life easier for smaller companies, nonprofits and others that may struggle to meet the rules of different states. But a uniform law is only a good alternative if it’s actually a good law—not a weak placeholder designed only to block something stronger.
The State Consumer Privacy Laws That Big Tech and ISPs Want Congress to Nullify
California’s recently passed consumer privacy legislation has some valuable protections as well as room for improvement, but even this modest set of privacy protections is apparently too much for some big tech companies and the ISPs. If Congress passes the industry’s wish list, it won’t just kill the California privacy law. It will also preempt Illinois’ biometric privacy law, which landed Facebook in a class action lawsuit for allegedly collecting facial data without permission. And there’s more: Such a federal law would also block strong state data breach notification laws that forced companies like Equifax to tell us when they compromised the data of 145.5 million Americans. The upcoming one-sided congressional hearing will not yield valuable insights to the Senate Commerce Committee, but rather give the industry a lengthy amount of time to repeat talking points that reinforce their lobbyists’ arguments in hopes of persuading Congress to once again vote against our privacy rights.
The state legislators in California and Illinois who passed these laws did what they were supposed to do: protect the privacy of their residents. The absence of these state laws would mean that big companies face fewer consequences for compromising our personal information.
This Congress Has a Terrible Record on Protecting Privacy
There’s a reason states are taking action: They are filling a void. What did this Congress do when Facebook’s Cambridge Analytica scandal broke, besides hold a hearing? What did it do when Equifax failed to protect the personal data of 145 million Americans, causing lasting damage to their financial security, besides hold a hearing? Absolutely nothing. Despite overwhelming public support for privacy—a resounding 89 percent of Americans support privacy being a legal right and 91 percent believe we have lost control over our privacy—this legislature has taken little real action.
In fact, when this Congress has taken action on privacy hazards, whether from the government or from corporations, it has pro-actively stripped us of our privacy protections. When companies like AT&T, Verizon, and Comcast wanted to get away from strong federal broadband privacy regulations, Congress took the dramatic step of repealing those privacy protections. When the NSA requested an expansion of its warrantless surveillance program, Congress readily agreed.
Given this track record, Internet users should wonder whether the upcoming Senate Commerce hearing is just a prelude to yet another rollback of privacy protections. If so, policymakers can expect to hear the voices they excluded loud and clear in opposition.