Interest Groups Exert Influence as Support Grows for Federal Privacy Law

As calls for comprehensive national privacy legislation grow louder in the United States, Big Tech and Big Business are deploying armies of lobbyists and monied interests to influence state and federal legislation. Legislators from both parties have rallied around the need for stronger consumer protection laws. This sentiment was echoed at a recent hearing held by the Senate Commerce, Science, and Transportation Committee.

The Committee Chair, Senator Maria Cantwell (D-CA), recently reintroduced the Consumer Online Privacy Rights Act, while the committee’s Ranking Member, Roger Wicker (R-MS), has introduced the SAFE DATA Act. While the competing bills contain many similarities, the sticking point may be over the inclusion of a private right of action.

Business and consumer privacy advocates both agree that the current patchwork of state privacy laws is untenable. But that’s where their agreement stops. The Chamber of Commerce, which represents the interests of more than three million businesses, released its principles for a privacy framework earlier this year. According to the Chamber, “Congress should adopt a federal privacy framework that preempts state law on matters concerning data privacy in order to provide certainty and consistency to consumers and businesses alike.”

While the Chamber’s statement doesn’t wade deep into the weeds of data privacy policy, it does advocate for “safe harbors and other incentives,” and enforcement provisions that, “only apply where there is concrete harm to individuals.” The Chamber is also pushing for a carrot-based approach to compliance to “encourage collaboration as opposed to an adversarial enforcement program.” To achieve this, they suggest giving businesses a cure period and not affording citizens a private right of action. They also support the inclusion of, “risk-based data security and breach notification provisions,” as a part of any national privacy framework, although they express concern over a one-size-fits-all approach and instead insist that, “businesses have flexibility in determining reasonable security practices.”

The Chamber of Commerce isn’t the only major lobbying group looking to exert its influence. Big Tech has provoked public anger for its pernicious activities and has come under increased focus from lawmakers to reign in its most harmful practices. In an attempt to stave off GDPR-style legislation that resulted in a record $888 million fine for violating the EU’s privacy regulations, Amazon has spearheaded a campaign to weaken or kill privacy bills across the U.S.

According to reporting by Reuters, Amazon “has killed or undermined privacy protections in more than three dozen bills across 25 states.” The architect of this campaign, Jay Carney, served as former President Obama’s press secretary until he left the White House in 2015 to join Amazon. There, he built a lobbying machine with around 250 employees. Reuters reporting reveals that the company eschews public positions on legislation in order to operate behind the scenes through an array of Amazon-funded trade groups, targeted political donations, and intimidation.

One of Amazon’s primary concerns is the regulation of biometrics, which includes voice recordings, like Alexa. A Washington state bill seeking to give consumers more control over such data was passed, but only after Amazon, “chiseled away at its privacy protections by convincing lawmakers to insert alternative language, often verbatim.” After intense pressure from Amazon lobbyists, lawmakers narrowed the definition of biometric identifier and exempted voice recordings.

Though a recent Morning Consult poll found that 83 percent of Americans want Congress to pass a national privacy bill, deep divisions among lawmakers and intense pressure from interest groups signal an uphill battle for the enactment of comprehensive federal data privacy legislation. “We are headed toward a face-off between comprehensive state privacy laws that mirror the GDPR and federal proposals that maintain a fractured privacy legal framework with carve-outs and limitations on enforcement, notes Jody Westby, CEO of Global Cyber Risk and ADCG advisory board member. “Meanwhile, the U.S. Departments of Commerce is trying to maintain the old status quo on cross-border data flows by negotiating a new Privacy Shield program,” she warns, adding, “it could be the perfect storm.”