Happy Wednesday! We're officially accepting NBA Finals predictions, but only ones featuring my Miami Heat. Send those (and news tips) to cristiano.lima@washpost.com.
Speaking at a panel at the Global Privacy Summit in Washington on Tuesday, a trio of top congressional aides talked about how the privacy landscape has shifted in recent years, even as lawmakers have struggled to advance any bills out of committee.
The session offered a frank window into the state of talks around one of the biggest, yet slowest-moving, agenda items in U.S. tech policy. Here are the highlights:
The two biggest sticking points may be unsticking
For years, partisan disagreements over two aspects of privacy legislation have emerged as seemingly insurmountable obstacles — whether a federal law should override state laws, and whether a law should allow individuals to file lawsuits against companies for violating their privacy.
Democrats, keen to expand on the privacy protections already passed at the state level and to empower individuals to sue violators when regulators fail to act, have generally opposed federal preemption and supported creating a private right of action.
Republicans, who worry about forcing businesses to comply with a patchwork of state laws and deal with a deluge of individual privacy lawsuits, have typically supported preemption and opposed the private right of action.
John Beezer, a senior adviser to Senate Commerce Chairwoman Maria Cantwell (D-Wash.), said that while those sides once appeared to be two immovable camps, there has been more discussion about how you can have a “gradation” of those concepts — meaning a law could override certain but not all aspects of state laws, and provide a tailored private right of action.
“I'm not going to say those things are resolved, but I would say they're substantially less of an obstacle than they used to be, from my perspective,” Beezer said.
GDPR was once the model. Now? Not so much
Going at least as far back as 2018, congressional hearings on data privacy legislation focused in large part on how the European Union’s landmark privacy law, the General Data Protection Regulation, could serve as a template for U.S. regulation.
“It might shock people. We don't necessarily see GDPR as the model,” said Tim Kurth, chief counsel to Rep. Cathy McMorris Rodgers (R-Wash.) on the House Energy and Commerce Committee. Kurth cited concerns that poorly crafted privacy legislation could hurt “this advertising engine that’s given a lot of growth in different sectors” in the United States.
For a long time, privacy advocates pushed for U.S. protections to be as strong as Europe’s. But in the years since its passage, questions have mounted about the effectiveness of GDPR, particularly amid concerns that the E.U. has struggled with enforcement and the law hasn't slowed the runaway profits of Silicon Valley giants capitalizing on user data.
Syd Terry, chief of staff to Rep. Jan Schakowsky (D-Ill.), noted during the panel that we’ve seen the power of giant tech companies “grow in Europe post-GDPR.”
“If the privacy law here produced a similar outcome, I would view that as a failure,” he said.
Kids' safety is driving talks. But the end-game may be bigger
While Facebook’s Cambridge Analytica data scandal initially lit a fire under lawmakers looking to pass privacy standards, now concerns over kids’ online safety are spurring talks, particularly in the wake of Facebook whistleblower Frances Haugen’s disclosures, aides said.
But despite calls for Congress to act now and expand privacy protections for kids, several of the aides said they still hope to seize on the momentum to push for a broader set of protections.
“I think it would be a mistake to not try to go comprehensive,” Terry said.
“The more we focus on the comprehensive, the better off we are,” Kurth said.
Time is tight, but perhaps not too tight
With the midterm elections looming, the timing constraints weren’t lost on the trio of congressional aides speaking at the summit. But they’re not ruling out action in 2022.
“I typically reject conventional wisdom in terms of like running out of time … in my experience, there’s always floor time for good legislation, and I think that the speaker would prioritize this if and when it’s ready,” Terry said.
Some of the aides alluded to talks picking up of late, without offering much more detail. The Wall Street Journal recently reported that senior aides, including from Cantwell’s and McMorris Rodgers’s offices, planned to meet to try to “forge a bipartisan agreement” on privacy.
Beezer said it was a “sensitive time” for discussions, without elaborating, but said he was “optimistic” about recent progress in talks. “Maybe we'll see something soon,” he later said.
But Terry also acknowledged that it wouldn’t be the first time Congress has promised action on privacy and failed to deliver. “If my boss were here, she would say definitively that we're going to get it done this year. Of course, you've been promised that before,” he said.
Our top tabs
Tim Cook escalates app store regulation fight at privacy conference
The Apple chief warned that proposed legislation intended to bolster competition could “undermine” privacy and security protections on Apple products, Cat Zakrzewski reports. Cook’s remarks represent his most visible effort so far to fight legislation that would loosen Apple’s grip over its app store.
“For months, Cook, Apple lobbyists and industry trade groups have made similar arguments in private phone calls and letters to Washington lawmakers and their staffs,” Cat writes. “But the chief executive used his keynote speaking slot at a conference in Congress’s backyard to escalate the fight, bringing greater public attention to Apple’s attack on the legislation.”
In Russia, TikTok has created an alternate universe
Research by European nonprofit Tracking Exposed underscores how TikTok has taken a less transparent approach in Russia than other global tech giants, Will Oremus reports. Pro-war hashtags continued to proliferate on TikTok in Russia for weeks after the company suspended new video uploads and live streams from Russia and stopped letting Russian users see posts from outside the country.
“In just one month, TikTok went from being considered a serious threat to Putin’s national support for the war to becoming another possible conduit for state propaganda,” said Giulia Giorgi, a researcher at Tracking Exposed. “Our findings show clearly how TikTok’s actions influenced that trajectory.”
TikTok acknowledged that it has blocked Russian users since March 6 from seeing any content from elsewhere in the world, even old content — a measure the company says it took to protect its users and employees from Russia’s draconian “fake news” law, passed March 4.
T-Mobile tried to exclusively buy customer data from hackers
A third-party hired by the company gave the hackers $200,000 to try to prevent data on T-Mobile customers from continuing to be sold online, Motherboard’s Joseph Cox reports. The saga was detailed in court documents that were unsealed as U.S. authorities announced the seizure of one of the world’s largest hacker forums and the arrest of its administrator. The documents didn't name T-Mobile but details of the case lined up with a breach of the company, Motherboard reported.
“The news unearths some of the controversial tactics that might be used by companies as they respond to data breaches, either to mitigate the leak of stolen information or in an attempt to identify who has breached their networks,” Cox writes. T-Mobile did not respond to a request for comment from Cox.
Rant and rave
Some people seemed skeptical of Tim Cook's speech about the dangers of legislation targeting app stores. Principled LLC chief executive Debra J. Farber:
🧐 Any other #privacypros find Tim Cook’s IAPP keynote odd? How can providing more CHOICE & CONTROL (where users accept risk for #sideloading an app) lead to worse #privacy outcomes? Also, #security provides controls to enforce privacy & is NOT the foundation of privacy. #GPS22 https://t.co/4KMtdyw17a
— Debra J. Farber (0.0.512836) (@privacyguru) April 12, 2022
Stanford Cyber Policy Center research scholar Graham Webster:
This seems like the Apple variant of the Zuck argument that if FB can’t exploit data, China will GET US!
— Graham Webster (@gwbstr) April 12, 2022
If Apple can’t charge exorbitant fees while gatekeeing the OS for security reasons, the data gremlins will GET YOU! https://t.co/s9lc2IHE20
Our colleague Will Oremus:
Apple CEO Tim Cook using his headlining keynote at the Global Privacy Summit to warn against proposed antitrust legislation that would hurt Apple's App Store model 🥴 https://t.co/MEpGT3ofaV
— Will Oremus (@WillOremus) April 12, 2022
Agency scanner
Inside the industry
Privacy monitor
Workforce report
Trending
Daybook
- Microsoft President Brad Smith speaks at the IAPP Global Privacy Summit at 10 a.m. today.
Before you log off
Automatic hat removal system... pic.twitter.com/bZ78nA0mFk
— Rock & Tattoo Lady...😷 (@PenelopeRuzy) April 12, 2022
That’s all for today — thank you so much for joining us! Make sure to tell others to subscribe to The Technology 202 here. Get in touch with tips, feedback or greetings on Twitter or email.