Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Tech privacy counsel convened in Washington, DC, in March for a panel on data privacy laws and consumer control at a Senate Judiciary Committee hearing.
Google, Intel and other company representatives and privacy advocates served as panelists for the GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation hearing, which analyzed data protection laws in California and the European Union and further shaped a looming U.S. federal privacy law.
Senators and panelists debated the merits of opt-in, consent-focused data protection laws, such as the EU's General Data Protection Regulation (GDPR) vs. opt-out policies, as found in the California Consumer Privacy Act (CCPA).
“The way one would know that they're protected is they have to be able to opt in as opposed to opt out. And I'm really concerned about that, California is opt-out,” said Sen. Dianne Feinstein (D-CA). “Europe is opt-in. So you've got an opt-in standard if you're a country that it's relevant to, in at least 28 countries.”
Panelist Alastair Mactaggart, chairman of the Californians for Consumer Privacy, who helped draft the CCPA, argued that opt-in requirements can cause “click fatigue” for consumers and drive users to mindlessly click “yes” on privacy notices because they feel it's the only way to access a service they need.
He and other panelists, including Mapbox policy lead Tom Lee, advocated for an opt-out feature accessible in Web browsers, which would allow consumers to select a one-time button that would remove them from certain data collection processes.
“Opt-in doesn't escape the problem of mountains of fine print. … It standardizes the language to some extent, but it still puts the burden of making that decision, parsing these legal agreements on each individual user,” Lee said. “While opt-in might be appropriate in some circumstances where there's particularly sensitive data between the entities, opt-out with rules of the road that make sense is a better user experience and probably a better way to go.”
Opt-in requirements flood users with lengthy, legalese-filled privacy policies, critics of the policy feature said. Sen. Dick Durbin (D-IL), and Sen. John Kennedy (R-LA), both pointed at the length and unclear language of sites' privacy notices and consent forms as a threat to consumers.
Durbin said “no one reads privacy notices,” adding the burden should be on tech companies to ensure consumers are adequately informed on what they're consenting to. Kennedy questioned Google senior privacy counsel Will DeVries on the company's lengthy terms of use, which he said stretches on for more than five pages.
“You could hide a dead body in there; no one would find it,” Kennedy said.
He wasn't the only senator who used the hearing to grill Google. Sen. Josh Hawley (R-MO), questioned DeVries on the Mountain View, CA-based company's location tracking policies.
Hawley, the former attorney general of Missouri, claimed Google collected location history from Android phone users, even when location data services were turned off, something he said is not clearly communicated to consumers.
“So the consumer cannot meaningfully opt out,” Hawley said.
Google, according to DeVries, only uses data from opted-out users if the information is necessary for the phone's basic functions.
As in previous hearings on a potential federal data privacy law, the topic of preemption arose. Panelists said they would support preemption in a federal law, though many noted they would only back it if California's CCPA standards were used as “the floor” for protection, not the ceiling. Feinstein said she would “not support any federal privacy bill that weakens the California standard.”
Tech companies have pushed for federal preemption, in part, as a way to override California's law, which goes into effect next year. Critics have called the bill too punitive and claimed it doesn't provide a clear enough definition of personal data. Other proponents for a federal privacy law have cited the challenges of a growing number of state-level proposed privacy bills.
“The patchwork of state legislation will create significant new barriers to the innovative use of data. Only large law firms benefit from this use of data, because business owners of all sizes will need lawyers to offer products and services nationwide,” said David Hoffman, the associate general counsel and global privacy officer of Intel Corp. “These legal costs will slow small, innovative data-oriented startups.”
*****
Caroline Spiezio covers the intersection of tech and law for Corporate Counsel, an ALM sibling of Cybersecurity Law & Strategy. She's based in San Francisco. Find her on Twitter @CarolineSpiezio.
|ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.