Tech giants call for national data regulations that subvert California's GDPR-style laws

Senators say that any federal law would need to be more progressive than a state's approach

Capitol Hill building

US Tech giants have said they would back a nation data regulation provided that it came into force before California's much tougher privacy legislation, in what's being seen as an attempt to avoid GDPR-style data protection laws.

During a hearing on Wednesday before the Senate Committee called 'Examining Safeguards for Consumer Data Privacy' members of Congress heard from six companies, including representatives from Google, Apple, Amazon and Twitter.

In his opening statement, the chairman of the committee, Senator John Thune said the question was no longer whether the US needed a federal law to protect consumer privacy, but rather what shape will that law take.

To replace current laws that are enforced at the state level, a countrywide privacy bill is being crafted, but senators are worried that tech companies will not like what is being put together, believing they will feel it's akin to the GDPR, which came into effect in March, or be similar to California's Consumer Privacy Act (CCPA) set to be implemented in 2020.

Instead, tech companies are working with lawmakers in an effort to avoid GDPR-style regulation that would place far greater restrictions on how and what data can be processed.

Advertisement
Advertisement - Article continues below

The representatives discussed three key points for a potential privacy legislation: a state law that pre-empts the California legislation; a promotion of privacy on their terms; and a block to the creation of a US version of the GDPR.

California Governor Jerry Brown signed the CCPA in June, which aims to give consumers more control over how companies collect and manage their personal information. The law, which is due to take effect in 2020, effectively replicates many of the provisions set out by GDPR inside the state of California, something which tech companies such as Alphabet Inc's Google and Amazon oppose as being too restrictive.

Referencing the GDPR, and also California's Law, AT&T senior VP of global public policy, Len Cali said: "What we're urging is a comprehensive federal law that looks at both these laws, learns from them, but does better than them."

At the hearing, Amazon VP Andrew DeVore said that California's law was hastily written and the law's definition of personal information went too far.

"The result is a law that is not only confusing and difficult to comply with, but that may actually undermine important privacy-protective practices," he said.

The drafting of tough data laws has played out simultaneously with high profile news stories such as the Cambridge Analytica scandal and the recent data breach to Equifax that affected around 145 million of its customers in the US, UK and Canada.

The tech companies are in favour of a federal law, provided it preempts California's 2020 legislation and doesn't emulate the GDPR. But the senators said that for a federal law to nullify a state law, it would have to be more progressive and robust than the state law which had already been voted for.

"I understand that from the standpoint of these companies, the holy grail is preemption," said Senator Brian Schatz. "We're not going to get 60 votes for anything and replace a progressive California Law, however flawed you may think it is, with a non-progressive federal law."

Matt Lock, director of sales engineers at Varonis said that the tech companies feared many other states would follow California's example and adopt tougher regulations.

"Tech leaders are afraid that consumer privacy laws similar to the GDPR will gain popularity among U.S. states and upend their business model, which often involves treating a person's data as a commodity to be bought and sold in exchange for a free service," he said.

Advertisement
Advertisement - Article continues below

"When an industry bands together to help steer the discussion in their favour it's because they fear strict laws down the road. California may be the first state to adopt GDPR-like laws, but it will not be the last."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019