While there’s now widespread consensus among tech giants on the need for a GDPR-style federal privacy law in the US, progress has been slow, and some are now concerned that Congress could be running out of time.
When Europe first implemented the gold-standard GDPR privacy law, Apple was one of the first companies to pledge to offer similar protections to its customers globally, not just to EU citizens …
However, the company went on to argue that it’s not enough to rely on companies to voluntarily do the right thing and that the US needs its own version of GDPR.
Others have since joined the call, including Microsoft, Google, and even Facebook. This is less surprising than it might seem even for companies where users are the product: it’s better for a company to know ahead of time what it can and can’t do than to make business decisions based on practices which may later be outlawed.
There is bipartisan support for federal privacy legislation, but an Axios report today notes that little progress has been made to date.
The most closely-watched effort to produce a national privacy law is a working group with six members of the Senate Commerce Committee, traditionally a leader on internet issues.
Members of the group had indicated that they hoped to have produced a proposal by Memorial Day, sources said.
That milestone has now come and gone — although the group has added influential members, a possible sign of progress — with multiple sources telling Axios they expect to see a draft proposal this summer […]
Other lawmakers have also failed to produce privacy proposals.
The Senate Judiciary Committee sent letters earlier this year to companies asking about their data collection practices, according to a source. But there’s no indication of plans to move forward with a specific bill.
Democrats had signaled privacy legislation would be a priority when they retook the House last year. But major House committees haven’t moved forward with a bill, either.
There seem to be three main sticking points. First, ensuring that the law doesn’t place too great a burden on small businesses, who are not as well placed as large companies to absorb compliance costs. Second, disagreement between Republicans and Democrats on the role of the FTC. Third, concern among Democrats in particular that the federal government would be overriding privacy laws already being created at the state level.
The piece does, however, note concern about the clock ticking on a GDPR-style federal privacy law.
Reaching consensus on bipartisan legislation is historically more difficult in an election year, so policymakers intent on crafting a stricter standard for the likes of Google and Facebook are running out of time.
In Europe, GDPR just had its first anniversary, with a total of €56M ($62M) in fines issued to date. As consumer concerns grow, even Apple has had to boost its privacy standards, and there is a focus now on the sharing of personal data by iPhone apps.