Reuters Sep 27, 2018 15:57 PM IST
Major technology companies and internet service providers told a US Senate panel on 26 September they support federal legislation to protect data privacy but want Congress to preempt tough new rules adopted by California.
Companies support giving users control over their data, transparency over how data is used and the ability to move their data. The personal data includes web browsing history as well as other consumer data.
Senator John Thune, who chairs the Commerce Committee, said he is working on legislation but acknowledged it is not likely to win approval this year. Industry “wants a national approach, not a 50-state approach, and I think that provides us with some leverage and I think it also suggests they are going to have to be at the table and offering up good solutions for this,” Thune said.
Thune expects hearings later this year and wants to hear from consumer groups.
Senate Democrats said legislation, which would need 60 votes to advance in the 100-member body, would need to have tough provisions.
Senator Brian Schatz, a Democrat, noted that tech companies are worried about the impact of state laws but will need to support robust federal privacy rules.
In June California Governor Jerry Brown signed data privacy legislation aimed at giving consumers more control over how companies collect and manage their personal information, which Alphabet Inc’s Google and other big companies had opposed as too burdensome. The rules take effect in 2020.
Amazon vice president Andrew DeVore said at the hearing that California’s law was hastily written and the law’s definition of “personal information” goes beyond information that actually identifies a person. “The result is a law that is not only confusing and difficult to comply with, but that may actually undermine important privacy-protective practices,” he said.
Massive breaches of data privacy have compromised personal information of millions of U.S. internet and social media users, including notable breaches at large retailers and credit reporting agency Equifax.
“The Holy Grail is preemption” of state rules,” Schatz said. “You are only going to get there if this is meaningfully done.” He said Democrats would not replace a “progressive California law with a non-progressive federal law.”
One big question is whether the Federal Trade Commission would be granted authority to write rules on privacy as part of the legislation.
The companies did not rule out backing allowing the FTC to write rules, but wanted to see the details.
The U.S. Commerce Department said on Tuesday it was seeking comments on how to set nationwide data privacy rules in the wake of tough new requirements adopted by the European Union and California.
The European Union General Data Protection Regulation took effect in May. Breaking privacy laws can now result in fines of up to 4 percent of global revenue or 20 million euros ($23.2 million), whichever is higher, as opposed to a few hundred thousand euros.