The bill under consideration in California is a near-mirror image of rules put in place by the Federal Communications Commission in 2016. The nationwide rules sought to place new limits on Internet providers who wished to use customer data — such as online browsing history and location information — to sell targeted ads. But the rules were later overturned by Trump and Republican majorities in Congress.
Now, in a bid to restore some of those rules, the state of California is considering its own broadband privacy measure. It is widely opposed by large, established Internet providers such as Cox Communications, T-Mobile and Verizon. Google, Facebook and other massive tech companies also oppose the bill — over concerns, analysts say, that the expanded privacy regulations could indirectly affect the websites' own ability to gather and monetize user data.
With just hours until the end of California's legislative session, the bill will need to be fast-tracked through the state senate and assembly by the end of Friday or early Saturday in order for it to wind up on the governor's desk. The first votes on California's privacy bill could come shortly before 3 p.m. Pacific time on Friday; if the bill fails to advance, lawmakers may choose to pick up where they left off in January.
Supporters of the bill say there's much more at stake than California's own policies.
"This becomes law here, likely Oregon will follow in February and the 18 other states active in this will start rolling in," said Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, a California-based technology advocacy group. More than 20 states in all have considered passing their own Internet privacy bills in recent months, according to the National Conference on State Legislatures.
But opponents argue that the bill is being rushed to completion. Deep changes to the legislation as late as Tuesday show that the bill is not ready for prime-time, according to a joint letter sent Thursday to policymakers by a coalition including the companies mentioned above as well as AT&T, Comcast and the Internet Association, a Washington trade group that represents tech firms. A spokesman for the Internet Association declined to comment for this story.
"Foundational concepts are lacking, including a clear definition of what businesses the bill covers," the letter reads. "The bill would also lead to recurring pop-ups to consumers that would be desensitizing and give opportunities to hackers."
Some of those same arguments are finding their way into industry-backed advertisements blanketing media properties in the area, according to Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy organization. The ads, he said, "play off of Equifax breach fears" and do not disclose their origins.
The 11th-hour legislative battle comes at a sensitive time for the biggest firms in Silicon Valley, whose fortunes have rapidly shifted this year amid widespread allegations of sexual discrimination and monopolistic behavior by some tech companies.
The issue has also seen tech's most powerful titans striking a rare truce with the broadband providers who typically serve as the Valley's foil in policy debates. As both groups expand their use of commercial data, state regulations that could hinder that effort represent a common danger. With the FCC's repealed regulations giving way to multiple state-level proposals, companies now face the prospect of a regulatory patchwork that could become an even bigger headache than the federal rules they lobbied to end.
Companies hate regulatory patchworks.