New U.S. data privacy laws loom on the horizon, and tech companies are hoping business-friendly federal rules supersede more restrictive state laws.
UNITED NATIONS – The CEO’s of Apple and Google backed new U.S. data privacy laws on Wednesday, telling a conference in Belgium that new European privacy rules implemented this year are a step in the right direction.
Apple CEO Tim Cook:
“We should celebrate the transformative work of the European institutions tasked with the successful implementation of the GDPR.”
The General Data Protection Regulation filled a vacuum in the management of personal data, establishing new rights for individuals and responsibilities for businesses.
Neil Richards is a professor of law at Washington University:
“One of the aspects of European privacy law that isn’t getting a lot of attention but is very, very important is the requirement in the GDPR that European data that gets sent to the U.S. for processing has to be processed in compliance with European law.”
In a world where data is routinely shared across borders, that rule has had a big impact.
“Companies in the U.S., in order to process European data, are having to abide by that European standard. It’s getting a lot harder for them to argue that they can’t apply that company-wide.”
In the wake of the Cambridge Analytica scandal and mounting concern from individuals about how their personal data is being used, new U.S. privacy laws are likely in the cards.
But those laws could about out in two different ways. If states like California move first, tech companies would need to navigate a complex web of regulation.
“California is a very interesting state. You do have a lot of global tech companies headquartered there, so you might expect the law to be more friendly, but actually what’s happened, California has actually been a leader on more progressive, more restrictive, more regulatory privacy law in the interest of protecting digital consumers.”
Californians will soon have the right to block the sale of their personal data and still receive the same service from companies when they do so – two rights Apple’s Tim Cook notably failed to mention in his speech Wednesday.
Another option is for Congress to pass a federal data privacy law, which would likely be more business-friendly. Cook has a preference:
“We at Apple are in full support for a comprehensive privacy law in the United States.”
Google and Apple may have a joint interest in more business-friendly data privacy laws, Richards thinks the two firms will have a different experience weathering a climate of greater scrutiny over how tech companies manage and monetize personal data.
“I think some companies have learned, sometimes the hard way, that the future of their business depends upon their customers trusting them. I think it’s a lot easier for companies like Apple or Microsoft that sell products for money to develop consumer trust than for other companies – the Googles, perhaps the Facebooks of the world – whose business depends upon processing customer data and selling those customers’ preferences for ads. That’s a much more difficult business model to promote trust.”