A new national privacy bill, an essential legislative building block that has proved elusive for years, appears to suddenly be on a fast track in Congress despite years of gridlock for tech regulation.
Congress has failed to pass a federal data-privacy law amid a yearslong push by states like California as well as European and Asian regulators to pass laws that set basic parameters protecting citizens on the internet. The California Consumer Privacy Act and Europe’s General Data Protection Regulation have helped establish a rudimentary structure in which consumers have the right to know the personal information that a business collects about them, and the right to have that data deleted or choose to opt out.
The bipartisan American Data Privacy and Protection Act — crafted by House Energy and Commerce Chair Frank Pallone, D-N.J., ranking member Rep. Cathy McMorris Rodgers, R-Wash., and Sen. Roger Wicker, R-Miss., ranking member of the Senate Commerce Committee — addresses two sticking points that have kept the U.S. from passing such a law: Democrats insisted on a broad private right of action for individuals, while Republicans wanted to preempt all state laws.
The draft legislation for a national privacy law includes an agreement that would preempt most state laws, with some exceptions, as well as a limited private right of action that lets individuals seek legal damages for privacy violations. The compromise could save businesses a lot of money if it passes, as a report this year from the Information Technology & Innovation Foundation estimated a patchwork of state privacy laws could cost as much as $1 trillion more than a single federal law.
“This bipartisan and bicameral effort to produce a comprehensive data-privacy framework has been years in the making, and the release of this discussion draft represents a critical milestone,” Wicker, Pallone and Rodgers said in a statement.
California’s landmark privacy law: What it does, what has changed and what it means for investors
The bill, which focuses on consumer protection to make data more secure and companies more transparent, is designed to stand alone and not be tacked onto antitrust legislation. A hearing on the bill is scheduled June 14, with witnesses to be announced.
“We have made the case for years that stronger privacy protections for kids and families is the first step to making the internet a healthier and safer place for young people and all consumers,” Jim Steyer, chief executive of the nonprofit Common Sense, said in a statement. “We have been disappointed that this issue, which the vast majority of Americans believe should be addressed, has eluded agreement for too long. This is the year that there should be, once and for all, a national privacy law agreement.”
The missteps of Facebook parent company Meta Platforms Inc. FB with privacy breaches as well as an epidemic of ransomware attacks has cemented across-the-board support for some form of national privacy law. Nearly all Americans (92%) believe it is vital for Congress to pass new legislation to protect consumers’ personal data, and a clear majority (62%) favor federal regulation over individual state regulations, according to a study from Privacy for America late last year.
“The consumer temperature and sentiment has changed in the last few years on the importance of personal data and the power of social media,” Balaji Ganesan, CEO of data-security company Privacera, told MarketWatch.
Initial reaction to the bipartisan House-Senate bill has earned a wide swath of support from tech organizations like TechNet and Software & Information Industry Association, FTC Commissioners Christine Wilson and Noah Phillips, as well as tech executives.
Read: California’s landmark privacy law is Facebook’s next ‘nightmare’
The bill “represents bipartisan negotiations on a national privacy bill. It also reflects the work of privacy, civil rights and consumer advocates over the past decade,” the Electronic Frontier Foundation said in a statement. “Should this bill move forward, we urge Congress to make this bill stronger — not weaker — to ensure that it does not freeze progress on improving privacy rights, does change company practices through strong enforcement, and does not diminish the privacy rights Americans across the country currently have.”
While tech giants and the associations they are part of have fought tooth and nail to oppose antitrust efforts and other pushes to regulate their business models, a few have adopted more conciliatory postures on data privacy rules. Apple Inc. AAPL, -0.92% Chief Executive Tim Cook, a vocal advocate of consumer privacy laws as recently exemplified in a national TV campaign, quickly threw his company’s support behind the new bill.
Apple’s privacy-themed ad — a not-too-subtle dig at Meta and Alphabet Inc.’s GOOGL, +0.23% GOOG, +0.37% Google — is a “brilliant campaign that plays well against Google Pixel, who can’t assure consumers the same privacy protection,” Nicole Penn, president at The EGC Group, told MarketWatch.
In-depth: Facebook and Apple are at war, with the biggest battle still on the horizon
Meta, whose Chief Executive Mark Zuckerberg has repeatedly advocated a national privacy bill of some form over the years, declined to comment. Google and Amazon did not respond to email messages on the privacy bill.
Near-unanimous support of the national privacy legislation offers a political bookend to a bipartisan bill from Sen. Amy Klobuchar, D-Minn., that faces virulent resistance from Big Tech and divided support on Capitol Hill. This is because Klobuchar’s American Innovation and Choice Online Act attempts to rein in digital monopolies, a hot-button issue in Silicon Valley that has produced a furious lobbying effort by Google, Amazon.com Inc. AMZN, -0.64% and tech trade groups to quash it before a planned vote this month.
On Wednesday, however, Klobuchar and lawmakers from both parties said they had the Senate votes needed to pass the legislation. “We wouldn’t be asking for a vote if we didn’t think we could get 60 votes,” Klobuchar said at a press conference.
For more: After three years of promises, attempt to regulate tech comes down to a single bill
If there is any common ground between the two parties, it will most likely focus on a national privacy bill, says Michael Petricone, senior vice president of CTA, a nonprofit whose 1,500 members range from small businesses to giants such as Apple, Amazon, Google and Facebook.
“The revised legislation still fails to address significant concerns about our national security and global competitiveness,” Moore said. “Before rushing this to the Senate floor, we need a bipartisan hearing to explore the broad ramifications of such a sweeping measure. There has been no hearing with the FBI, NSA or CIA to examine potential security risks despite continued warnings from security experts.”
With days dwindling for a vote before Congress takes its summer break in August, those in Silicon Valley and Capitol Hill wonder how tech legislation has failed to come up for full votes despite widespread support across the aisles and from voters.
See also: The clock is running out for Congress to pass tech legislation
Urgency and demand for tech regulation last year and in 2020 — when congressional hearings magnified data breaches, online election interference and content moderation — has faded amid a focus on gun control, abortion rights, the war in Ukraine, inflation and whispers of a coming recession. Should Republicans regain control of Congress in November’s midterm elections, as expected, consumer advocates and lawmakers anticipate an abrupt shift in regulatory interest to Section 230 of the Communications Decency Act and the moderation of content on social media.