After years of ignoring the issue, lawmakers on Capitol Hill are suddenly engaged in a furious fight over enacting national legislation to establish basic online privacy rights for consumers. As with the crafting of much legislation dealing with complicated issues, legislators are relying on experts to help codify the consumer protections.
In a twist that is all too familiar in Washington, D.C., however, many of the groups that have positioned themselves as expert voices on consumer privacy are pushing for a bill that hews closely to tech industry interests. Lawmakers who are famously ignorant on technology issues are hearing largely from an army of industry lobbyists and experts funded by social media companies, online platforms, data brokers, advertisers, and telecommunication giants — the very same corporate interests that profit from the collection and sale of internet data.
Take the Center for Democracy and Technology, one of the most prominent privacy-centered Beltway think tanks. The group is considered to be well-respected among congressional staffers, routinely testifies before committees on privacy legislation, and is a prime mover in the national online privacy bill discussion.
Late last year, the organization circulated draft federal privacy legislation that would nullify major state-level regulations. In March, when the Senate Judiciary Committee held its first hearing of the session on how to formulate a federal consumer privacy standard, the center’s Privacy and Data Project Director Michelle Richardson testified.
The Center for Democracy and Technology is also awash in corporate money from the tech sector. Amazon, Verizon, and Google are among the corporate donors that each provide over $200,000 to the group. AT&T, Uber, and Twitter are also major donors.
Last Wednesday, the group hosted its annual gala, known as “Tech Prom,” which brought together lobbyists and government affairs officials from leading Silicon Valley and telecom firms. Facebook, Google, Amazon, and Microsoft purchased tables at the event and served as sponsors, a privilege that came in exchange for a $35,000 donation to the center.
“Every one of these groups working on privacy that takes corporate money should return it.”
These industry-funded think tanks are pushing legislation in a direction that would have weak enforcement mechanisms, give consumers limited means for recourse, and perhaps most importantly for the industry, roll back state-level privacy standards being enacted by state legislatures.
The stakes of the online privacy fight could have ramifications the world over. American standards on data collection could shape political and business decisions across the world, said Jeff Chester, president of the Center for Digital Democracy, a privacy think tank that opposes overturning of state-level privacy laws.
“This is much bigger than Cambridge Analytica,” Chester said. Cambridge Analytica was involved in a scandal when, while working on behalf of Donald Trump’s presidential campaign, the data analytics firm illicitly scraped consumer data from Facebook in order to build advanced voter-targeting methods. The events stoked outrage over Facebook’s security around its users’ private data.
Chester said the money lavished by the tech industry on privacy think tanks was tantamount to funding lobbyists. “These groups should not take a dime of corporate money. This is basically lobbying dollars,” Chester said. “I think every one of these groups working on privacy that takes corporate money should return it.”
Meanwhile, actual tech industry lobby groups are pushing federal legislation along the same lines as that proposed by the tech-funded think tanks. One of the largest lobbying groups for Silicon Valley, NetChoice, has rallied behind Sen. Marco Rubio’s, R-Fla., privacy bill. His bill would roll back state regulation and place enforcement authority largely under the Federal Trade Commission, a notoriously toothless federal agency with no rule-making power, instead of letting consumers directly sue tech companies under the law.
NetChoice lobbies on behalf of Facebook, Google, Twitter, Airbnb, and eBay, among other tech companies. (Pierre Omidyar, founder of The Intercept’s parent company, First Look Media, is the chair of eBay.)
The sudden moves around online privacy kicked into high gear with a state-level privacy law that passed in California last year. In June 2018, state legislators passed California Consumer Privacy Act, a surprise turn of events that enshrined the strongest consumer privacy standard in the country.
The law, set to take effect next year, gives California residents the power to view the types of data companies collect from them, request that the data be deleted, and allows residents to declare that their data not be sold to third parties. In response, similar bills are being proposed in several other states.
The lobbying push to water down and overturn the California law has been so intense that some federal legislators are raising questions about whether the urgency for a national standard is simply a vehicle for lobbyists to push pre-emption, provisions in the federal law that would supersede and roll back the state-level privacy laws.
“Are we here just because we don’t like the California law, and we just want the federal pre-emption law to shut it down?” asked Sen. Maria Cantwell, D-Wash., during one of the recent hearings on the bill.
The Center for Democracy and Technology’s proposal for a draft bill contained such a pre-emption provision. The proposed bill would overturn the California Consumer Privacy Act and the Illinois Biometric Information Privacy Act, which compels technology companies to obtain consent from customers before collecting biometric data, including fingerprints and facial recognition models. Both Google and Facebook could faced lawsuits under the Illinois law.
The Center for Democracy and Technology’s vice president for external affairs, Brian Wesolowski, defended the group’s draft proposal. “It’s a stronger bill than the California one when it comes to the privacy rights of all,” he said in an email to The Intercept, adding that the group maintains “clear lines between funding and policy positions.”
The proposed draft from the Center for Democracy and Technology, however, does not reproduce the California law’s right for consumers to opt out of data collection. The California law also provides consumers with what is called a private right of action — meaning that they can file a lawsuit if the state attorney general does not act when companies violate the law — while the Center for Democracy and Technology’s draft simply calls for companies to respond to complaints within 30 days.
Another think tank, the Center for Information Policy Leadership, which bills itself as a leading voice on privacy, has also called for a provision pre-empting state-level laws. In a memo for policymakers released last month, the group said the new federal bill should “preempt a patchwork of inconsistent state laws.” Similarly, another group, the Technology Policy Institute, has asked that a federal privacy law pre-empts state regulation and explicitly called for any new national standard to have “fewer restrictions on the use of information.”
Both groups receive funding from Amazon, Google, and Facebook — and both strongly defended their positions.
Markus Heyder, a vice president at the Center for Information Policy Leadership, told The Intercept in an email, “CIPL’s mission is not to advocate specific industry positions, but to help develop globally consistent policies and approaches to privacy regulation that maximize both the appropriate protection of consumers from privacy risks and harms and reasonable data use and innovation.”
David Fish, a spokesperson for the Technology Policy Institute, dismissed concerns about industry funding, noting that his group’s position is “not supported universally by industry.”
Just like NetChoice, the tech industry lobby group, the Center for Information Policy Leadership and the Center for Democracy and Technology have both called for a weak enforcement standard that rests largely with the Federal Trade Commission.
The push for pre-emption, however, is not shared by all privacy and consumer think tanks. Electronic Privacy Information Center, Public Citizen, and U.S. Public Interest Research Group are among several major advocacy organizations that have demanded that any federal standard not pre-empt state privacy law. “Federal privacy legislation that preempts stronger state laws would only benefit technology companies at the expense of the public,” the groups wrote in a letter to lawmakers.
Jeff Chester’s group, the Center for Digital Democracy, also signed the letter demanding a redline on pre-emption. None of the four groups that signed the letter take corporate money.