Dec 26, 2018

Why privacy regulations are no longer a pipe dream

Illustration: Aïda Amer/Axios

Just over a year ago, the notion of passing a consumer privacy law was laughable. Now the tech giants that once said rules would break their business now want Congress to draft bills.

Driving the news: Google CEO Sundar Pichai told Congress at a recent hearing that the search giant supports legislation, the latest tech executive to agree that a national privacy policy is needed. And Democrats now in charge of the House are itching to make good on their promise to slap some rules on Big Tech after a year of scandals.

The big picture: Tech giants have made their fortunes peddling users' personal data. A broader public recognition of how powerful their data is (and dangerous in the wrong hands), coupled with a growing distrust in social media and tech companies, have given policymakers more leverage to put in place new regulation — even in an administration focused on de-regulation.

The backstory: Early in the Trump administration, the Republican-controlled Congress overturned the FCC's privacy rules for internet service providers such as AT&T and Comcast. Trade groups for tech companies lobbied behind the scenes to undo the rules, even though the rules didn't apply to web platforms like Google and Facebook.

But that's when the momentum toward federal privacy rules really picked up. Here's how the narrative turned:

1. The data scandals started rolling in. The biggest was Facebook's Cambridge Analytica disaster, in which user data leaked to third-party developers. CEO Mark Zuckerberg was hauled before Congress to explain how it happened.

  • Last week, the Washington D.C. attorney general sued Facebook for being "fast and loose" with user data.
  • Google said this month it was shutting down its social network Google+ earlier than planned after a software bug exposed private profile data to app developers. It's closure was triggered by another security issue.
  • Also over the past year, a number of major companies, including Marriott and UnderArmor, have disclosed data breaches or hacks affecting 100 million customers or more.
  • Several media investigations — like the NYT's piece on apps tracking location data 24/7 — show how pervasive tracking is and how that information can be used.

2. Public perception turned. The percentage of Americans concerned that the government wouldn't do enough to regulate tech companies jumped to 55% in February of this year, according to an Axios-SurveyMonkey poll. (Still, most Americans said they largely think tech companies have had positive effects on society.)

3. In Europe, the strict General Data Protection Regulation took effect in May and represented a sea change in how companies notify consumers about their data collection practices.

  • That forced companies dealing in data — which is essentially all major companies these days — to request permission before sharing personal data with third parties, and give consumers access to the data that firms have collected about them.
  • Because of the high fines associated with not complying with the law, GDPR is now becoming the global standard for how businesses mine consumer data. Some argue that, as a result, the U.S. should have a similar standard.

4. The White House got interested. Staffers in the National Economic Council recognized the global swirl around data privacy and began meeting with major corporations to get feedback on a potential privacy framework.

5. States took matters into their own hands. California passed a law putting restrictions on Google, Facebook and other companies in the business of gathering data directly from consumers. Vermont also passed its own privacy law this year aimed at data brokers.

  • That patchwork of different rules makes it tough for internet companies to do business across states — so they'd rather have a national law to pre-empt the states.

6. And the Democrats won the House. After the springtime Zuckerberg hearings, House Democrats vowed to make passing privacy legislation a priority if the House flipped after the mid-terms.

  • And 15 Democratic senators have introduced a privacy bill that would require apps, websites and other services that collect data to protect customer information and be subject to fines for misusing data.

Between the lines: Tech companies may say they're on board with privacy rules of some sort, but they've stopped short of committing to specific provisions, such as letting consumers opt in to data collection instead of forcing them to opt out.

What's next: When proposals get fleshed out in early 2019, industry lobbyists will be working hard to shape the details.

Go deeper

CDC: Coronavirus antibodies could give "short-term immunity," but more data is needed

CDC Director Robert Redfield briefs reporters on April 8. Photo: Mandel Ngan/AFP via Getty Images

Coronavirus antibody tests are still relatively unreliable, and it's unclear if people who get the virus are immune to getting it again, the Centers for Disease Control and Prevention cautioned on Tuesday.

What they're saying: The agency explicitly warned against using antibody tests to determine whether someone should return to work or to group people within schools or prisons.

Trump accuses Twitter of interfering in 2020 election

President Trump speaks to the press as he departs the White House in Washington, D.C., on Thursday. Photo: Mandel Ngan/Getty Images

President Trump responded via tweets Tuesday evening to Twitter fact-checking him for the first time on his earlier unsubstantiated posts claiming mail-in ballots in November's election would be fraudulent.

What he's saying: "Twitter is now interfering in the 2020 Presidential Election.They are saying my statement on Mail-In Ballots, which will lead to massive corruption and fraud, is incorrect, based on fact-checking by Fake News CNN and the Amazon Washington Post," the president tweeted. "Twitter is completely stifling FREE SPEECH, and I, as President, will not allow it to happen!"

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 8:30 p.m. ET: 5,584,091 — Total deaths: 349,894 — Total recoveries — 2,284,242Map.
  2. U.S.: Total confirmed cases as of 8:30 p.m. ET: 1,680,301 — Total deaths: 98,875 — Total recoveries: 384,902 — Total tested: 14,907,041Map.
  3. Federal response: DOJ investigates meatpacking industry over soaring beef pricesMike Pence's press secretary returns to work.
  4. Congress: House Republicans to sue Nancy Pelosi in effort to block proxy voting.
  5. Business: How the new workplace could leave parents behind.
  6. Tech: Twitter fact-checks Trump's tweets about mail-in voting for first timeGoogle to open offices July 6 for 10% of workers.
  7. Public health: CDC releases guidance on when you can be around others after contracting the coronavirus.
  8. What should I do? When you can be around others after contracting the coronavirus — Traveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  9. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Updated 50 mins ago - Politics & Policy