Google CEO Sundar Pichai told lawmakers in December the internet giant acknowledges a need for national privacy regulations The newly installed US Congress is expected to see a fresh effort to develop new regulations for big technology firms, with a focus on tougher enforcement of privacy and data protection.
The wave of data scandals that have hit Facebook and other online platforms has prompted growing calls for action by lawmakers looking to curb abuses of how private information is used and give consumers more clarity.
Significantly, most tech companies are pledging to willingly accept new regulations to set a uniform standard in the United States following a sweeping set of rules that went into effect in the European Union in 2018, although few have offered details.
Federal regulations could pre-empt the enforcement of legislation enacted in California, which was modeled after the EU's General Data Protection Regulation.
"Whether big tech and little tech like it or not, 2019 will be a year of regulation," said Doug Clinton of the investment firm Loup Ventures, in a recent blog post.
The analyst said he expects the US to consider "the most important points" of GDPR including consent, access, portability and erasure of personal information.
Protecting data
Senator Brian Schatz and 14 other Democrats have endorsed a bill aimed at requiring online firms to safeguard personal information and stop the misuse of data.
"People have a basic expectation that the personal information they provide to websites and apps is well-protected and won't be used against them," Schatz said in a statement last month.
Lawmakers grilled Facebook co-founder and CEO Mark Zuckerberg in April, and now are considering legislation that could regulate how large tech firms collect and share personal data "Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same."
Another proposal unveiled in December by the Center for Democracy & Technology, a digital rights group in Washington, in consultation with industry and activist groups, covers consumer rights to access and correct data held by online firms, data portability, and limits on third-party access to data.
Significantly, it limits the kinds of data that companies can collect to what is needed for their services.
"Many apps collect your location information even if it has nothing to do with the service they are providing," said Michelle Richardson, head of data and privacy for the organization.
"We want to fundamentally change how companies collect and use data."
Since the revelations over the hijacking of personal data of tens of millions of Facebook users by the political consultancy Cambridge Analytica, tech firms have come under heightened scrutiny from lawmakers and privacy activists.
Cooperation, or not?
Instead of pushing back, big tech firms have offered to cooperate with lawmakers on a national privacy bill—although skeptics say this may be an effort to limit the reach of tougher state laws.
Google chief executive Sundar Pichai told a hearing in mid-December, "I'm of the opinion that we are better off with more of an overarching data protection framework for users, and I think that would be good to do."
Apple CEO Tim Cook said recently he would welcome tough US privacy rules and argued that personal data should not be "weaponized" by internet platforms Apple CEO Tim Cook early this year called for federal privacy legislation, while assailing the "weaponized" used of private data that is bought and sold online.
Alan McQuinn, policy analyst at the Information Technology and Innovation Foundation, a Washington think tank, said that following the passage of a California privacy law, "the tech sector is now trying to get out in front of having segmented privacy rules."
Yet details of any new privacy bill are likely to be complex, with battles looming on how far legislation should go.
McQuinn said there may be consensus on a need to boost transparency, consumer access and enforcement over misuse of personal data, but that many other issues are thorny.
He said there may be consensus on need for more transparency, data portability and consumer access and new enforcement mechanisms for abuse of private data.
But he maintained that GDPR has proven "incredibly burdensome" and caused some businesses to quit the EU or block their online presence.
"People don't realize that legislation doesn't just affect the internet giants, it affects your local grocery store and creates costs throughout the system," McQuinn said.
The analyst said requiring "opt in" consent for any type of data could have unintended consequences—hurting innovation and strengthening the biggest firms that have the resources to comply.
One possible solution is to create "tiers" of data categories requiring opt-in consent only for the most sensitive categories.
Despite broad agreement on the need for privacy rules, McQuinn said a divided government and hyperpartisan political environment will mean "this will be a difficult process."
Explore further: US unveils first step toward new online privacy rules