In March, Virginia swiftly passed the Consumer Data Protection Act. According to an investigation by Protocol, the Virginia law was “industry-approved.” The law was presented to a Democratic state senator by an Amazon lobbyist. Most of the text of the law is also derived from a failed privacy law written by Microsoft for the state of Washington. (Related: Facebook, Google and eBay want the Supreme Court to make it harder to sue them and other big tech companies.)
An investigation conducted by nonprofit news organization The Markup found that Virginia’s case is not unique. Of the 20 proposed state privacy bills currently being considered across the country, at least 14 of them were built upon the same industry-backed framework established in Virginia. The website further believes that some of these laws might actually be weaker.
In Washington, Oklahoma, Florida and Connecticut, the appearance of tech-friendly provisions in proposed privacy legislation is directly linked to efforts by industry lobbyists. Industry pressure has already forced Texas lawmakers to pass a bill that’s even weaker than Virginia’s.
In North Dakota and Oklahoma, tech lobbyists had to step in to prevent state lawmakers from passing strong privacy laws. Similar lobbying efforts have been documented in other states, like Minnesota, Illinois, Hawaii and Arizona.
All of the industry-backed privacy laws comply with two key demands from big tech. First, the law has to require consumers to opt-out rather than into the sale of their personal data for targeted advertising. Second, the law must protect companies from being sued for violations. The bills that have not submitted to the demands of the tech giants have quickly died in committee or been rewritten.
Experts believe big tech’s push to write and pass their own privacy legislation was prompted by California after the state enacted sweeping privacy bills in 2018 and 2020.
For comparison, California’s laws create a “global opt out.” This means that, rather than every website requiring users to go through separate processes to opt-out of data policies, state residents can use a browser or a browser extension to automatically notify each website that they would rather not have their data sold. The California laws also allow consumers to sue big tech for violations.
Big tech’s goal is to get Congress to pass weak privacy law to supplant stronger state laws
“The effort to push through weaker bills is to demonstrate to businesses and to Congress that there are weaker options,” said former chief technologist for the Federal Trade Commission (FTC) Ashkan Soltani. “Nobody saw Virginia coming. That was very much an industry-led effort by Microsoft and Amazon. At some point, if multiple states go the way of Virginia, you might not even get companies to honor California’s [legislation].”
“Setting up these weak foundations is really damaging and really puts us in a worse direction on privacy in the U.S.,” said Hayley Tsukayama, a legislative activist working for digital rights nonprofit Electronic Frontier Foundation. “Every time that one of these bills passes, Virginia being a great example, people are saying ‘This is the model you should be looking at, not California.'”
Soltani and Tsukayama’s statements have been confirmed by tech lobbyists and the tech giants themselves. Google spokesperson Jose Castaneda told The Markup that it is advocating for “strong, comprehensive federal privacy legislation in the U.S.”
Executive Vice President for government relations Dan Jaffe of the Association of National Advertisers (ANA) said “it will not be good for business” if states adopt privacy laws that are similar to California’s. ANA has lobbied in states and helped write advertiser and tech giant-friendly federal legislation.
TechNet, a pro-big tech industry group that has been lobbying state lawmakers, said that the litigation costs for “good faith mistakes” could be “fatal to businesses of all sizes.”
Americans most likely very supportive of strong privacy legislation
Despite big tech’s considerable resources and lobbying power, groups within the U.S. are still dedicated to fighting back.
In Dec. 2020, the FTC wrote to nine social media and internet companies demanding more information regarding how these corporations collect, store and use consumer data.
In California, the passage of Prop 24 – the California Privacy Rights Act of 2020 – with over 55 percent of voters in favor shows that similarly strong legislation in other states will most likely be supported by the population.
Several bills that include opt-in frameworks, allow consumers to sue big tech and other provisions are already making their way through the legislatures of multiple states including New York, New Jersey, Nevada, Massachusetts and Maine.
But this patchwork of legislation across states will be difficult to navigate. Some experts believe that only strong, federal privacy legislation will prevent big tech from taking advantage of consumers’ data.
Microsoft, Google, Facebook, Apple and Amazon have already spent a combined $619,000 in their lobbying efforts in Connecticut. In response to the possibility of more state or federal legislation that will actually offer strong consumer protections, big tech can be expected to increase its lobbying efforts to try to shape the final form of the bills.
Learn more about how big tech corporations like Microsoft and Amazon are preventing strong privacy legislation from passing by reading the latest articles at TechGiants.news.