Congress is running out of time to clamp down on the tech industry’s handling of online privacy, despite the bipartisan outrage at Silicon Valley that followed the 2016 election and a cascade of data scandals at companies like Facebook.
With just weeks to go before the August break, the window for action is slipping away — a victim of unresolved partisan divides, legislative turf squabbles and lagging engagement from the White House. The limited legislative days left this year are expected to be dominated by budget and debt ceiling battles, and the intensifying election campaign will further suck up political oxygen going into 2020.
Sen. John Kennedy (R-La.), who has called it “embarrassing” and “disgraceful” that Congress hasn’t moved forward on consumer privacy, again lamented the delay at a hearing this week.
Story Continued Below
“We’ve been talking for what, two years about a privacy bill? Haven’t seen one, don’t know if we’ll ever see one,” Kennedy said. “We need a microwave, not a Crock-Pot here.”
The need for Congress to step in is even more acute following Friday’s news that the Federal Trade Commission has approved a $5 billion data-privacy fine for Facebook that Democrats widely condemned as insufficient, Sen. Mark Warner (D-Va.) said in a statement that evening.
“With the FTC either unable or unwilling to put in place reasonable guardrails to ensure that user privacy and data are protected, it’s time for Congress to act,” Warner wrote.
Yet a sense of malaise has crept into the legislative effort that contrasts with what initially seemed a consensus among Republicans and Democrats on the privacy issue.
Members of both parties expressed a desire to act following last year’s revelation that Cambridge Analytica, a political data firm that had worked for President Donald Trump’s campaign, improperly gained access to personal information on up to 87 million Facebook users. The controversy forced Facebook CEO Mark Zuckerberg to submit to a marathon grilling in Congress, and prompted leaders of tech firms including Apple and Microsoft to call for federal standards on privacy.
Members of both parties also saw a need to have an American answer to the tough European Union privacy rules that took effect last year, which so far are the world’s strictest standards governing companies’ handling of consumer data.
But Capitol Hill’s months-long attempt at legislating has become ensnared in numerous sticking points. Those include disputes over whether a federal law should override tougher privacy rules in states like California, as well as whether the federal standards should apply to corporate data breaches and whether individual consumers should be able to sue companies over privacy violations. Lawmakers also disagree over how much to boost the powers of the FTC, the main federal agency that oversees corporate privacy practices.
The issue of federal versus state law has been particularly problematic. While many Republicans favor a national standard to supplant state rules, House Speaker Nancy Pelosi and other California Democrats warn they will bat down any effort to weaken their state’s sweeping privacy law, which goes into effect in 2020.
Democrats won’t cave on the issue, predicted Alastair Mactaggart, the driving force behind California’s privacy law, who has been making the rounds on Capitol Hill.
“Twenty percent of the House Democratic caucus is from California. The speaker’s from California. One of the leading Democratic contenders for president is from California,” Mactaggart said at a U.S. Chamber of Commerce event this week. “It’s hard for me to see with that kind of weight in Congress how those representatives roll over and say ‘Hey, no problem, eviscerate our law.'”
At the same time, the Trump administration’s interest in privacy appears to be waning.
Last year, officials from the White House National Economic Council and the Commerce Department talked about the need for federal action on privacy, and Commerce’s National Telecommunications and Information Administration collected hundreds of comments from industry and the public that were intended to help form an administration position on the issue.
But eight months later, the White House hasn’t shared any roadmap for protecting consumer data, and some of the key officials involved in the effort, including tech adviser Abigail Slater and NTIA chief David Redl, left this year with no replacements announced. Trump’s public complaints about tech companies have focused mainly on his accusations that Google, Facebook and Twitter are biased against conservatives — the topic of a White House gathering of right-wing social media activists this week.
The administration hasn’t provided much guidance about what it would deem acceptable in a privacy deal, according to several senators involved in the privacy negotiations.
“We’re pretty much working on our own,” said Senate Commerce Chairman Roger Wicker (R-Miss.), whose panel is one of three — along with Judiciary and Banking — that have staked claim to aspects of the privacy debate.
Wicker, who has been negotiating with his panel’s ranking member Maria Cantwell (D-Wash.) after she stepped back from a broader privacy working group, said Wednesday that he hopes “to preview a bipartisan product in the coming weeks.” But no Senate committee has reached a legislative deal yet, and congressional leaders acknowledge that it will only become harder given the accelerating 2020 campaign.
“What we ought to be doing is tackling basic issues like data privacy, where we have 350 million constituents to represent and a whole group of businesses who are asking us to regulate,” said Sen. Chris Coons (D-Del.).
Coons said Congress is missing its “critical window to legislate,” adding that the privacy issue “keeps sliding from month to month, without having some clear understanding of who’s in a working group, how do we resolve jurisdictional issues, how do we relay a groundwork for a reasonable path forward.”
In the House, Democrats and Republicans haven’t been talking much on the issue and appear even further apart on privacy. Although Rep. Jan Schakowsky (D-Ill.), the Energy and Commerce Committee member leading the effort, recently suggested she’s open to proceeding to legislation without Republican support, she confirmed to reporters this month she won’t unveil a bill before the August recess.
“Clearly the clock is ticking,” said Rep. Cathy McMorris Rodgers (R-Wash.), the top Republican on Schakowsky’s consumer protection subcommittee, calling bipartisan dialogue still “a work in progress.”
Democratic Reps. Anna Eshoo and Zoe Lofgren, who both represent parts of Silicon Valley, are working on their own bill. Eshoo, a close ally of Pelosi, said this week that “it’s essential that the congresswomen that represent the Valley are the ones that do this,” an apparent jab at the efforts of Energy and Commerce members like Schakowsky.
Meanwhile, tech companies have continued to rack up eye-popping data privacy headlines. Facebook alone has taken hits over everything from its questionable data-sharing arrangements with other tech firms to its insecure storage of hundreds of millions of passwords to its decision to pay teens to install software to spy on their phones and web activity.
Facebook is also negotiating a possible settlement with the FTC over its privacy practices, which the company has said could result in a fine of up to $5 billion.
“We just keep trying to push for it, but there hasn’t been a lot of movement,” said Sen. Amy Klobuchar, a Minnesota Democrat and 2020 presidential candidate. “I think we should have had data privacy in place years ago.”
Cristiano Lima contributed to this report.