Major Data Privacy Changes at Tech Companies Are a Sign of the Times

Recently there have been a string of announcements from large tech companies about a shift in focus from open platforms to more privacy-focused communications systems. This represents a sea change for the industry, which has historically been depicted as data hungry and privacy starved. The change highlights just how far public opinion has evolved in the United States in recent years.

The move of large tech companies to more privacy-centric platforms coincides with a broader move toward a nationwide data privacy standard. Currently California’s ambitious data privacy law, the California Consumer Privacy Act of 2018 (CCPA), dominates the privacy landscape. Outside of California, several other states are already using the California law as a model for new state-level privacy laws. Nationally, there is also a move to address privacy issues. For instance, the Consumer Data Protection Act, a bill sponsored by Sen. Ron Wyden (D-OR), would create a set of minimum cybersecurity and privacy standards and proposes a national “Do Not Track” system. It would also establish a right for the consumer to know what personal data is being collected and how it’s being used. This follows another high-profile privacy bill floated in December called the Data Care Act of 2018. That bill would introduce a “duty to care” approach to regulation and would expand the Federal Trade Commission’s ability to enforce privacy rules. These proposed bills were followed by an independent report last month released by the Government Accountability Office recommending that Congress develop comprehensive internet privacy legislation. And on February 26, 2018, the House Subcommittee on Consumer Protection and Commerce held a hearing titled “Protecting Consumer Privacy in the Era of Big Data.” During the hearing, House Republicans seem to agree on the need for a nationwide data privacy standard. However, they were not enthusiastic about emulating existing regulations such as the CCPA, which they view as unduly burdensome.

 

Although the U.S. regulatory landscape continues to inch along, the speed at which public opinion is evolving should lead business to analyze  privacy practices and proactively build out more robust privacy controls, both as a function of expanding regulation and as an accommodation to evolving consumer expectations.