For the past year, discussions involving data privacy have heated up in Congress, and new federal legislation now seems inevitable. Today, a leading industry group, supported by Google, Amazon, and Facebook, proposed a “grand bargain” with lawmakers, arguing that any new federal data privacy bill should preempt state privacy laws and repeal the sector-specific federal ones entirely.
The Information Technology and Innovation Foundation’s (ITIF) proposal lays out a few basic characteristics for legislation that the industry has frequently discussed in the past, like requiring more transparency, data interoperability, and users to opt into the collection of sensitive personal data. All 50 states have their own laws when it comes to notifying users after a data breach, and ITIF asks for a single breach standard in order to simplify compliance. It also calls to expand the Federal Trade Commission’s authority to fine companies that violate the data privacy law, something industry leaders have asked for in the past.
But the “bargain” would also preempt state laws like California’s new privacy act, and repeal every other existing piece of federal privacy legislation, including landmark laws like Health Insurance Portability and Accountability Act (HIPAA) and Family Educational Rights and Privacy Act (FERPA). Every sector- or issue-specific privacy law would be removed, and state and local lawmakers would be unable to draft stricter, more specific regulations in the future.
The Children’s Online Privacy Protection Act (COPPA) would be one of the repealed laws. It was authored by Sen. Ed Markey (D-MA) in the late ‘90s, and IT was one of the first pieces of legislation governing the collection of data. The law imposes requirements on companies when it comes to collecting data on children under 13 years of age, which has become a sticking point for a number of tech companies. Both Google and Facebook have been sued multiple times for violating COPPA, and the law is one of the main reasons many web services cut off at age 13.
Markey, who oversees tech regulation as part of the Senate Commerce Committee, says throwing out COPPA is a step too far.
“As Congress works to provide the American people with a comprehensive federal privacy law, we should build upon—not dismantle—existing safeguards,” Markey said, responding to ITIF’s proposal. “Getting rid of COPPA is literally like throwing the baby out with the bath water.”
But industry groups like ITIF argue that a “patchwork” of privacy legislation would stifle innovation and increase service prices for consumers. “Privacy regulations aren’t free—they create costs for consumers and businesses, and if done badly, they could undermine the thriving U.S. digital economy,” said ITIF senior policy analyst Alan McQuinn, co-author of the report. “To avoid throwing a wrench into the digital economy and imposing expensive compliance burdens on businesses across all sectors, any data privacy regulations should create rules that facilitate data collection, use, and sharing while also empowering consumers to make informed choices about their data privacy.”
Sen. Richard Blumenthal (D-CT) has worked alongside Markey in the past, calling for the Federal Trade Commission to investigate companies like Google for potential COPPA violations. To Blumenthal, the industry’s latest proposal is self-serving. “If Big Tech thinks this is a reasonable framework for privacy legislation, they should be embarrassed,” Blumenthal said. “This proposal would protect no one – it is only a grand bargain for the companies who regularly exploit consumer data for private gain and seek to evade transparency and accountability.”
“Big tech cannot be trusted to write its own rules – a reality this proposal only underscores,” Blumenthal said. “I look forward to rolling out bipartisan privacy legislation that does in fact ‘maximize consumer privacy,’ and puts consumers first.”