Media coverage
West Coast voorbereiding
Tech wants Washington to step up in global privacy rules race
-- By Steven Overly
8/24/18, 11:32 AM CET
ASPEN, Colorado — Tech companies long averse to regulation are starting to embrace the
idea of federal data privacy rules as they nervously eye foreign governments’ moves toward
more tightly regulating their expansive businesses.
It’s too late for tech to escape sweeping new privacy rules like Europe’s General Data
Protection Regulation. But clear rules from the U.S. could serve as a global standard as
countries around the world look to impose or tighten privacy laws.
As it stands, Europe’s first-mover regulations are already resonating globally. Implemented
in May against corporate outcry, GDPR requires companies to disclose what information they
collect and give consumers more control over it. That notion is now being exported, sparking
countries like Brazil, India and China to advance their own rules.
Those are major growth markets for Silicon Valley. As the industry expands, a global
patchwork of regulation would force companies to contort their products and services to fit
the demands of different governments — all at a cost to their bottom line.
“We do need to adopt more robust privacy protections here in the United States to convince
the rest of the world we are responsible and that they don’t need to … more aggressively
regulate than is actually warranted,” said Julie Brill, a former FTC commissioner and the
deputy general counsel at Microsoft.
“We can bury our heads in the sand and continue to say everything is fine, but in five years it
won’t be,” Brill added. “And we will be very far behind in terms of our ability to act on the
global stage.”
Action from the U.S. may not be able to directly shape foreign laws in the deregulatory mold
preferred by the industry. Some tech officials, though, hint at working in the long term
toward global standards rooted in compatible technologies. And in the meantime, there’s
immediate concern that foreign governments see a void and are quickly stepping up to fill it
in Washington’s absence.
Even a representative for Google, which fervently resists most Washington regulation,
signaled the company could support new federal rules that plug “gaps” in existing law so
long as they don’t impose one-size-fits-all policies on consumers with varying expectations
of privacy.
“We see the writing on the wall,” Wilson White, Google’s director of public policy and
government affairs, said regarding international privacy rules. “There is this newfound effort
to define these frameworks of how we deal with data privacy, and we support that general
trend.”
The global shift toward privacy regulation was among the most hotly debated topics this
week at a forum the Technology Policy Institute hosts in Aspen each year. While no
consensus was found on what policy should be implemented and who should enforce it, there
appeared to be agreement that Washington failing to act would mean ceding ground to
foreign powers.
“I am of the view that more privacy protections is not really about ‘if,’ it’s about ‘when,'”
said Rohit Chopra, a Democratic FTC commissioner. “For me, I want to make sure the U.S.
is not sitting on the sidelines when it comes to privacy. I want us to lead.”
Concerns about consumer privacy protections have simmered in Washington for years, but
they boiled over in March when the New York Times uncovered that political consulting firm
Cambridge Analytica improperly obtained the data of millions of Facebook users and the
social network had not previously notified those affected. Facebook immediately became the
poster child for Silicon Valley malaise and CEO Mark Zuckerberg was summoned to
Washington for congressional hearings.
Europe was at that point already in the final stages of fully implementing its strict privacy
rules that would apply to any company with customers on the continent. Since May, GDPR
has put American tech companies under Europe’s proverbial thumb, a power dynamic that
rankles some leaders in both Silicon Valley and Washington.
And Europe is already exploring other regulations on data and artificial intelligence —
further ratcheting up the pressure on the U.S. to act.
“You can safely assume that the European Union is not going to slow down in its reflection,
is not going to slow down in trying to put in place these guardrails for industry, for society,
we think are necessary for the digital economy,” said Peter Fatelnig, the EU’s minister-
counsellor for digital economy policy in the U.S.
Brazil’s president recently signed a law to protect consumer data based largely on Europe’s
rules. China, meanwhile, implemented cybersecurity regulations with data privacy
components last year. And while India is much earlier along in its efforts, proposed rules
there bear some similarities to GDPR.
Not all pressure on Washington is coming from overseas, either. California passed its own
consumer privacy legislation in June, despite fierce opposition from the tech industry, though
it won’t go into effect until January 2020. Tech industry advocates worry other states could
copy the law or impose their own.
Lawmakers, Trump administration players and advocacy groups are working to craft federal
privacy policies, though so far nothing concrete has taken shape and it’s unclear whether
actual enforceable rules will result. Nevertheless, they’re likely to find that at least some in
the tech industry will come to the table.
“If we simply sit back and say, ‘No, we’re going to let everything go and everything is fine,’
we’re kind of ignoring the moment that we’re in and paradigm shift that has occurred over
the past several months,” said Microsoft’s Brill.
Related stories on these topics: Data protection (in Data and Digitization), Data protection (in
Technology), Platforms, Privacy (in Data and Digitization), Privacy (in Technology)
To view online: https:
//www.politico.eu/pro/tech-wants-washington-to-step-up-in-global-privacy-
rules-race/
To update your POLITICO Pro notification preferences, visit
www.politico.eu/notification
Google - main establishment
Brexit
Privacy Shield
Facebook: A new survey today from the Pew Research Center found that a majority of
Facebook users have adjusted their privacy settings over the past year, as the company has
come under scrutiny for its handling of user data. Fifty-four percent made changes to their
privacy preferences on the platform during that time period, and the behavior changes didn’t
stop there — 42 percent said they have taken breaks from Facebook of several weeks or
longer, and a quarter have deleted the Facebook app from their mobile devices. The ratio of
those who took at least one of the those actions was nearly three-in-four, 74 percent. H/T
Cristiano Lima.
US justice department signals pursuit of tech giants
Richard Waters, Hannah Kuchler
Hannah Kuchler and Richard Waters in San Francisco
956 words
6 September 2018
00:38
Financial Times (FT.Com)
FTCMA
English
Copyright 2018 The Financial Times Ltd. All rights reserved. Please do not cut and paste FT articles and redistribute by
email or post to the web.
Attorney-general says he is exploring concerns over competition and free speech
The US justice department signalled that it intends to pursue technology companies over competition and
free speech issues, after President Donald Trump warned last week that Google, Facebook and Twitter
should be careful where they tread.
Just as Sheryl Sandberg, chief operating officer of Facebook, and Jack Dorsey, chief executive of Twitter,
appeared to pass unscathed through a Senate intelligence committee hearing about Russian interference
on US elections, Jeff Sessions, the attorney-general, announced a new line of attack.
He said he would hold a meeting with state attorneys-general to discuss what he called the “growing
concern” about whether social media platforms “may be hurting competition and intentionally stifling th e
free exchange of ideas”.
Last week, Mr Trump attacked big technology companies including Google, Facebook and Twitter for
smothering rightwing views. All three deny any anti-conservative bias.
The president had said in July that he would investigate what he claimed was a “discriminatory and illegal
practice” of limiting the visibility of some tweets. He added last week that Google, along with Facebook and
Twitter, “are really treading on very, very troubled territory, and they have to be careful”.
Mr Dorsey spent a further four hours answering questions on censorship and content policies from the
House energy and commerce committee on Wednesday afternoon, where many Republicans followed the
president and accused Twitter of having an anti-conservative bias.
The Twitter boss said he was registered as an independent voter, and is the son of a Democrat and a
Republican.
Democrats on the House committee said the hearing on Twitter’s content policies was being used simply
as an attempt to stir up the Republican base.
Mr Dorsey accepted there was growing concern about the power of social media companies. “People view
us as the public square and it comes with certain expectations,” he said, but he added: “We believe it is
dangerous to ask Twitter to regulate opinions or be the arbiter of truth.”
Mr Dorsey laid out plans to make changes to Twitter’s site — for example, getting better at detecting
problematic content even before it is flagged by users — and to the company. It was considering hiring
more employees outside liberal San Francisco, he said.
In the Senate hearing earlier, Facebook and Twitter pushed back against a suggestion that they should be
legally liable if illegal drug dealers show off their wares on their websites.
The two companies are currently not liable for almost all user-generated content, under section 230 of the
US Communications Decency Act.
But Congress passed legislation last year removing the exemption for content that promotes sex-trafficking
and on Wednesday, Senator Joe Manchin asked the companies whether they would be “open” to a similar
dilution of the legislation to fight against drug dealing.
Ms Sandberg and Mr Dorsey told the Senate hearing that their companies rely on the “safe harbour” of
section 230.
Mr Dorsey argued that without section 230, Twitter would have to restrict free speech further. “The only
reason we’re able to speculate we can increase more health in a public square is because of CDA 230 so
we’d need to finely balance what those changes are and what that means,” said Mr Dorsey.
Ms Sandberg said that the rule enabled Facebook to “look for things [illegal content] proactively without
increasing our liability and so we would want to work very closely on how this would be enacted”.
The final Senate Intelligence committee hearing on Russian interference in US elections was being closely
watched for further clues about whether Washington will pursue tech regulation after a string of
controversies.
Senator Mark Warner, the Democratic vice-chair of the committee, warned at the start of the session: “The
era of the wild west in social media is coming to an end. I’m sceptical that ultimately you’ll be able to truly
address this challenge on your own. I believe Congress is going to have to act.”
Mr Warner proposed a whole range of changes, from identifying bots on the platforms to questioning what
he said was a “flawed” advertising model. But Republicans are reluctant to impose mandatory rules on the
companies, pushing them instead to provide more context and clarity to users to help users make their o wn
decisions.
Senator Richard Burr, the Republican chair of the committee, said the problem was a “first amendment
challenge”. “We cannot regulate around the first amendment,” he said.
Twitter’s share price fell 6.1 per cent to $32.73 on Wednesday, while Facebook gave up 2.3 per cent to
$167.18. Alphabet, Google’s parent company, slipped 1 per cent to $1,199.10.
The committee criticised Alphabet after Larry Page, chief executive, declined an invitation to appear.
Read Sheryl Sandberg’s opening comments
Read Jack Dorsey’s testimony
The testimony came as a new poll, conducted after the controversy over the use of Facebook data by
Cambridge Analytica, showed that Americans might be spending significantly less time on the site, taking
breaks of up to weeks at a time.
The poll from the Pew Research Center said 42 per cent of US adults who use Facebook have taken a
break from the site in the past year, and that 54 per cent had adjusted their privacy settings.
The number of Facebook’s US monthly active users held steady in the past quarter, but the company has
not released recent figures for how long each user is spending on the site. If time spent is declining in the
US, the world’s largest advertising market, this could hit future revenue.
US tech groups’ executives to make case for national privacy law
Hannah Kuchler
Hannah Kuchler in San Francisco
1248 words
25 September 2018
12:36
Financial Times (FT.Com)
FTCMA
English
Copyright 2018 The Financial Times Ltd. All rights reserved. Please do not cut and paste FT articles and redistribute by
email or post to the web.
Big players switch approach amid fears state legislation could become default position
Executives from Google, Amazon, Apple and Twitter will ask US lawmakers for greater regulation this
week, in a dramatic change to their approach.
Until now, the companies have lobbied politicians to leave them alone. But when they make their latest
appearance before US senators on Wednesday, tech bosses are expected to argue for a comprehensive
national privacy law to supersede state legislation.
The executives, who include Keith Enright, Google’s chief privacy officer, and Damien Kieran, Twitter’s
global data protection officer, are likely to offer more transparency and more access to data for consumers.
The hope is that, by pushing for a national law, they can avoid stricter rules at the state level. California
passed sweeping privacy legislation this summer, while Massachusetts passed a bill strengthening
protections for consumers suffering data breaches. Legislators in Illinois are proposing a controversial ban
on the collection of facial recognition data.
Tech companies fear that these state laws could become the default for the entire US, in the same way that
California’s legislation regulating auto emissions became the national standard, because companies are
often unwilling to leave large states or create different services for different territories.
Senators ‘should not fall for the standard line’
The California privacy legislation was signed into law in June after tense negotiations between privacy
activists and Silicon Valley companies.
The new legislation establishes a broad definition of what constitutes personal information, including
aggregated data, and imposes restrictions on when data can be sold to third parties, giving consumers the
option to pay more to opt out of the sale of their data. The law is also armed with fines for data breaches,
much like the EU’s General Data Protection Regulation (GDPR), which was introduced in May.
The tech companies say that the strict rules adopted in California will hurt businesses and potentially lead
to websites closing, as happened in the EU following the introduction of GDPR. They hope that a new
federal law would override the state legislation.
Alastair MacTaggart, a real estate developer turned privacy activist, said Washington was taking privacy
seriously for the first time, but warned against diluting the rules he had helped to create for California.
“Senators should push the companies. They should not fall for the standard line, which has been that jobs
will be destroyed, the economy will suffer, and you won’t have this great innovation engine,” he said. “That
is just not true — all we are doing is offering some pretty basic rights to consumers.”
Half of Americans do not trust the government or social media sites to protect their data
The US has historically had distinct privacy laws for separate sectors, such as finance or healthcare, or for
categories of people, such as children. Large sections of the economy that deal in data are not covered by
existing legislation. But as the use of data has exploded, so too have large data breaches, such as the leak
of Facebook information to Cambridge Analytica, the political consultants, or the hack of the credit rating
agency Equifax.
As a result, half of Americans do not trust the federal government or social media sites to protect their data
online, according to a 2016 study from the Pew Research Center on Internet and Technology.
Lawmakers are exploring ways to introduce a comprehensive national privacy law. Democratic senator
Amy Klobuchar and Republican senator John Kennedy have introduced the bipartisan Social Media
Privacy Protection and Consumer Rights Act of 2018, while Democratic senators Ed Markey and Richard
Blumenthal have been working on the Consent Act.
“How many more breaches do we need when public trust in our companies is going out of the window
before we decide to act and put some rules in place?” asked one Democratic staffer. “It is really important
to act in this space.”
Firms call for ‘proper balanced approach’
The Senate commerce committee will question US tech executives on Wednesday with the aim of trying to
understand how companies are coping with the EU’s GDPR and preparing for the new California statute,
which will go into effect in 2020.
Senators will also probe how dependent the companies’ business models are on consumer data — and how
they price it, debating whether consumers should be allowed to “opt out” or asked to “opt in” to data
collection, if they should have the right to sue companies, and whether they should have to prove “concrete
harm” was done to them if they do.
Tim Day, the senior vice-president of C_TEC, the US Chamber of Commerce’s technology engagement
centre, said he did not believe the California law was the “proper balanced approach” and had concerns
about other proposed state laws.
“I think a world with those states, in addition to California and GDPR, is not workable for consumers and
business,” he said.
The lobbying group, which represents big tech companies and smaller firms, plans to publish its own
proposed legislation by the end of next month. The organisation has spent months consulting more than
200 companies, and wants punishments for data breaches to be focused on proving harm was done to
consumer, which can be difficult in privacy cases. Under the California law, a victim needs only to prove
their data were leaked in order to pursue a case with the regulator.
But Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, a non-profit that pursues
consumers’ digital rights, said he had “zero confidence” that the industry would pursue strong federal
legislation.
“They have never supported a privacy bill or privacy regulation ever,” he said. “They should get the side
eye for saying this now.”
From property to privacy
Alastair MacTaggart is suddenly in demand in Washington. The wealthy real estate developer from
California is surprised that he has become a privacy activist, let alone one of the most successful
campaigners in America.
“I never set out to be an activist. I’m a business guy. I’m boring. I’m a dad. I don’t really want to do this for
the rest of my life,” he said.
His activist career started after a conversation with a friend who worked at Google, who told him that
people would be shocked if they discovered how much the company knew about them.
He developed a fascination with online tracking and ended up campaigning for a privacy initiative to be put
on the ballot in California. Before it could be put to the public, it was rushed through as law in a unanimous
vote in the Californian state legislature.
Mr MacTaggart has likened Google to the new library of Alexandria, and repeatedly insisted that he was
not against the industry and believed in business.
“The fact that these people in Washington are calling me does to me suggest that they don’t want either
industry people, or those who think all business is terrible. For whatever reason, I’ve fallen into the middle
of the space.”
But as a real estate developer, subject to many regulations, he dismissed the idea that privacy is an unfair
burden to technology companies.
“These guys are like real estate developers who never had any building codes. Now they are looking at it
saying their profits will be hit by putting sprinklers in,” he said. “Guys, you are the richest industry on the
planet.”
The Financial Times Limited (AAIW/EIW)
Document FTCMA00020180925ee9p003s5
Big data
Data collection is at the heart of cancer research — whether researchers are
analyzing results of clinical trials, mapping human genomes, collecting human tissue
samples in biobanks, or comparing survey results over decades to discover whether
behaviors like drinking increase the risk of cancer. But biomedical researchers fear
that the EU’s new General Data Protection Regulation (GDPR) will make it harder to
share information across borders or outside their original research context.
For more than a dozen years, Meunier has argued that Europe is failing to pool its
funding and know-how in transnational research. Now, “the situation is getting worse
and worse,” she warned.
European Commissioner for Research Carlos Moedas wants the EU to fund a
moonshot-style mission for cancer in its post-2020 budget | Hans Punz/AFP via
Getty Images
Patients, scientists and industry pushed hard to ensure carve-outs for medical
research. But, researchers say they’re already experiencing a chilling effect, with
people reluctant to share information for fear for breaching the dreaded GDPR,
which mandates steep penalties for using an individual’s data without the right
consent.
Those rules were “originally written for people who are using Facebook or Google,
and health research is falling in the trap,” Meunier said.