It’s becoming more likely that the U.S. will pass its own version of Europe’s General Data Protection Regulation. Facebook’s Cambridge Analytica scandal appeared to set things in motion earlier this year, and the subsequent passage of a sweeping privacy law in California has spurred major internet companies to get on board.

Amazon, Apple, AT&T, Charter, Google and Twitter support a comprehensive consumer privacy law in the U.S., executives from those companies said during a Senate hearing Sept. 26 held by the Senate Commerce Committee. Here’s what you need to know about their game plan.

How we got here
Companies have issues with the consumer privacy law that California passed in June. Until it takes effect in over a year, they are racing to find ways to delay or squash it, to the point that they’re willing to support a federal privacy law that would preempt it. Companies want to avoid complying with a patchwork of regulations from multiple states, if others follow California’s example.

What the internet companies want
They want to regulate themselves. But with the passage of California’s privacy law, that’s no longer an option, so they’re aiming for something less burdensome than the GDPR and California’s privacy law but just stringent enough to satiate the amplified calls for better consumer privacy protections. Len Cali, svp of global public policy at AT&T, acknowledged the “growing agreement of the need for new and comprehensive federal privacy law.”

What the internet companies will accept
If Congress passes a federal privacy law that mandates companies to disclose how they track people online, that’s fine by Google and Twitter since they already do that; none of the other companies were pressed by the senators to weigh in on that. If the law imposes any restrictions on the sale of people’s data, also fine because all of the companies testified that they do not sell people’s personal information. At one point Cali said AT&T may sell people’s information with their consent but later corrected himself and said the company does not sell people’s information. And if the FTC is charged with enforcing the law, all the better. The FTC is already responsible for ensuring that companies abide by their own privacy policies — and has not been very harsh with privacy violators like Google and Facebook — so why shouldn’t the regulatory body should be in charge of enforcing a federal privacy policy?

What the internet companies need
Clarity. If Congress is going to pass a law regulating how companies collect and manage people’s personal information, then companies want to know what exactly qualifies as personal information — and hope it’s limited to sensitive and personally identifiable information like their name or email address, as opposed to something obscure like their web browsing history.

What the internet companies don’t want
To have to ask for permission before they can collect people’s personal information. They also don’t want a law preventing them from encouraging people to give them their information. That would nullify retailers’ loyalty programs that track people’s purchases while providing them with discounts in exchange, said Cali, who may have also been thinking how such a stipulation would bar AT&T from discounting people’s subscription fees in exchange for tracking them around the web.

  • LinkedIn Icon