Tech companies, embattled over privacy, warm to Federal regulation

US tech companies, battered over their handling of consumers’ personal data, are hoping to get ahead of the public and legal fallout by working with policymakers to help shape potential new federal privacy legislation.

The effort by tech coalitions such as the Information Technology Industry Council—representing internet giants such as Facebook, Amazon.com Inc., Alphabet Inc. unit Google and Salesforce.com —comes after the industry has fended off many types of federal action on privacy for years.

“There’s been such a shift” in industry views “that I really think the time is now,” Karen Zacharia, chief privacy officer at Verizon Communications Inc., said at a Brookings Institution conference on privacy legislation late last month. “We need to go forward and do it.”

The likely elements of the legislation, which are taking shape in talks among industry representatives, Trump administration officials and lawmakers, would include several features that politically powerful tech companies are urging.

Importantly, the legislation would almost certainly pre-empt state regulation of online privacy, by states such as California, which recently adopted its own tough new privacy law. Firms worry that state-by-state rules could create a burdensome patchwork of regulation.

Compared with the California law and new privacy rules in the European Union, the new US legislation is likely to be less stringent. Amid opposition from Republicans and many in the industry, federal rules probably wouldn’t offer many opportunities for consumers to file private lawsuits over violations, although that might change if Democrats take over one or both chambers of Congress as a result of the fall elections.

Federal legislation likely would hand much of the work of writing detailed privacy rules to the Federal Trade Commission, which has nominal authority in the area now but few regulatory weapons. Another issue that is getting attention is restricting the potential for bias by the companies and their business customers against users based on ethnicity and other categories.

It also appears unlikely that the bill could include some related but highly controversial items, such as legislation to set new legal standards for preventing consumer-data breaches or federal internet regulation. Existing laws affecting sensitive medical and educational data likely would remain unchanged.

In a statement, Facebook Inc. said it is “working with policymakers to craft privacy legislation that protects consumers, ensures people are in control of their information and promotes responsible innovation.”

The tech industry “is recognizing that doing nothing is not an option,” said Christopher Padilla, a vice president at IBM. “Business is playing a more active role in the dialogue. That’s crucial because if we don’t do something in collaboration with government, none of us will like what’s done to us.”

Google declined to comment.

A senior administration official said Commerce Department officials have been holding meetings on privacy principles with a range of industries as well as consumer groups and others.

“The goal of this outreach is to formulate a set of principles that enjoy broad support, with the objective of setting high-level goals for protecting privacy while promoting prosperity,” the official said.

The tech industry has long successfully warded off federal legislation, preferring voluntary industry commitments and light-handed oversight.

Even when Facebook CEO Mark Zuckerberg conceded to lawmakers in April that some oversight might be inevitable, big internet companies stopped short of publicly endorsing his qualified support for more privacy regulation.

But with the public outcry and federal scrutiny over data breaches continuing and the prospects for more state legislation growing, industry leaders are shifting their strategy.

“Recent legislative activity at the state level has heightened calls for federal privacy legislation,” said Rep. Greg Walden (R., Ore.), the chairman of the powerful House Energy and Commerce Committee, which helps oversee privacy policy. “From my perspective, it appears industry is trying to find a unified position, which I strongly encourage.”

Commerce Department officials have told tech representatives they are aiming to produce a draft set of principles within weeks that could launch more substantive negotiations over legislative language.

Businesses are particularly worried about features of the new California law that they say could disrupt business data practices, including for non-tech firms. US Chamber of Commerce President Tom Donohue recently warned of a “lawsuit bonanza” that could result from some provisions of the new laws. While federal legislation is by no means guaranteed, many in the industry don’t want to be left out of discussions on policy change.

“I think they feel a sense of urgency that they have not felt in the past,” one person involved said of the tech firms. Data breaches and the subsequent fallout “have put a fine point on the idea that change is coming.”