National data-privacy legislation quickly gaining support on Capitol Hill and in Silicon Valley had its day in a House hearing Tuesday, paving the way for a possible vote this summer and the first significant tech regulation in more than two decades.
“This is the best chance for a national privacy law,” Rep. Cathy McMorris Rodgers, R-Wash., said at the start of the hearing.
Sharp battle lines have been drawn on the bipartisan American Data Privacy and Protection Act, reflecting a high-stakes showdown over how vast reservoirs of personal data are collected and used by some of the world’s largest companies.
On one side is Apple Inc.
which has preached strict privacy guidelines as part of its walled-garden ecosystem; the equation is far more nuanced for Alphabet Inc.’s Google
and Facebook parent company Meta Platforms Inc.
both of which are heavily dependent on targeted advertising.
Apple Chief Executive Tim Cook strongly threw his support behind the bill. In a letter to Congress last week, Cook urged U.S. lawmakers to advance national privacy protections as a “fundamental human right.”
A witness list of privacy experts were slated to testify before the House Committee on Energy & Commerce, chaired by the bill’s co-author, Rep. Frank Pallone, D-N.J.
One of the first witnesses, Caitriona Fitzgerald, deputy director at the Electronic Privacy Information Center, cited more than 20 years of unsuccessful attempts to craft a comprehensive federal privacy law. “The system is broken: Technology companies have too much power, and consumers too little,” she said. The prospective bill is an essential building block, she added.
Some technology organizations and privacy advocates, however, see plenty of flaws in the bill, which they argue does not go far enough to mirror stronger state laws.
The Software & Information Industry Association, TechNet and the Computer & Communications Industry Association sent a letter to Congress on Monday with concerns over the American Data Privacy and Protection Act.
“This is a rather weak, watered-down version of [California Privacy Rights Act] and [Europe’s General Data Protection Regulation],” Vuk Janosevic, CEOof data-privacy company Blindnet, told MarketWatch. Still, he remains “cautiously supportive” of it.
A final weakness is the legislation’s reference to vague “best practices” that leave gray areas, while GDPR and CPRA offer tech companies clear guidanceon data protection, immunization and governance, according to Janosevic.