Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Privacy Notices, Opt-In Clauses Debated as U.S. Regulators Shape Federal Privacy Law
Tech privacy counsel convened in Washington, DC, in March for a panel on data privacy laws and consumer control at a Senate Judiciary Committee hearing.
Google, Intel and other company representatives and privacy advocates served as panelists for the GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation hearing, which analyzed data protection laws in California and the European Union and further shaped a looming U.S. federal privacy law.
Senators and panelists debated the merits of opt-in, consent-focused data protection laws, such as the EU's General Data Protection Regulation (GDPR) vs. opt-out policies, as found in the California Consumer Privacy Act (CCPA).
“The way one would know that they're protected is they have to be able to opt in as opposed to opt out. And I'm really concerned about that, California is opt-out,” said Sen. Dianne Feinstein (D-CA). “Europe is opt-in. So you've got an opt-in standard if you're a country that it's relevant to, in at least 28 countries.”
Panelist Alastair Mactaggart, chairman of the Californians for Consumer Privacy, who helped draft the CCPA, argued that opt-in requirements can cause “click fatigue” for consumers and drive users to mindlessly click “yes” on privacy notices because they feel it's the only way to access a service they need.
He and other panelists, including Mapbox policy lead Tom Lee, advocated for an opt-out feature accessible in Web browsers, which would allow consumers to select a one-time button that would remove them from certain data collection processes.
“Opt-in doesn't escape the problem of mountains of fine print. … It standardizes the language to some extent, but it still puts the burden of making that decision, parsing these legal agreements on each individual user,” Lee said. “While opt-in might be appropriate in some circumstances where there's particularly sensitive data between the entities, opt-out with rules of the road that make sense is a better user experience and probably a better way to go.”
Opt-in requirements flood users with lengthy, legalese-filled privacy policies, critics of the policy feature said. Sen. Dick Durbin (D-IL), and Sen. John Kennedy (R-LA), both pointed at the length and unclear language of sites' privacy notices and consent forms as a threat to consumers.
Durbin said “no one reads privacy notices,” adding the burden should be on tech companies to ensure consumers are adequately informed on what they're consenting to. Kennedy questioned Google senior privacy counsel Will DeVries on the company's lengthy terms of use, which he said stretches on for more than five pages.
“You could hide a dead body in there; no one would find it,” Kennedy said.
He wasn't the only senator who used the hearing to grill Google. Sen. Josh Hawley (R-MO), questioned DeVries on the Mountain View, CA-based company's location tracking policies.
Hawley, the former attorney general of Missouri, claimed Google collected location history from Android phone users, even when location data services were turned off, something he said is not clearly communicated to consumers.
“So the consumer cannot meaningfully opt out,” Hawley said.
Google, according to DeVries, only uses data from opted-out users if the information is necessary for the phone's basic functions.
As in previous hearings on a potential federal data privacy law, the topic of preemption arose. Panelists said they would support preemption in a federal law, though many noted they would only back it if California's CCPA standards were used as “the floor” for protection, not the ceiling. Feinstein said she would “not support any federal privacy bill that weakens the California standard.”
Tech companies have pushed for federal preemption, in part, as a way to override California's law, which goes into effect next year. Critics have called the bill too punitive and claimed it doesn't provide a clear enough definition of personal data. Other proponents for a federal privacy law have cited the challenges of a growing number of state-level proposed privacy bills.
“The patchwork of state legislation will create significant new barriers to the innovative use of data. Only large law firms benefit from this use of data, because business owners of all sizes will need lawyers to offer products and services nationwide,” said David Hoffman, the associate general counsel and global privacy officer of Intel Corp. “These legal costs will slow small, innovative data-oriented startups.”
*****
Caroline Spiezio covers the intersection of tech and law for Corporate Counsel, an ALM sibling of Cybersecurity Law & Strategy. She's based in San Francisco. Find her on Twitter @CarolineSpiezio.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Overview of Regulatory Guidance Governing the Use of AI Systems In the Workplace
Businesses have long embraced the use of computer technology in the workplace as a means of improving efficiency and productivity of their operations. In recent years, businesses have incorporated artificial intelligence and other automated and algorithmic technologies into their computer systems. This article provides an overview of the federal regulatory guidance and the state and local rules in place so far and suggests ways in which employers may wish to address these developments with policies and practices to reduce legal risk.
Is Google Search Dead? How AI Is Reshaping Search and SEO
This two-part article dives into the massive shifts AI is bringing to Google Search and SEO and why traditional searches are no longer part of the solution for marketers. It’s not theoretical, it’s happening, and firms that adapt will come out ahead.
While Federal Legislation Flounders, State Privacy Laws for Children and Teens Gain Momentum
For decades, the Children’s Online Privacy Protection Act has been the only law to expressly address privacy for minors’ information other than student data. In the absence of more robust federal requirements, states are stepping in to regulate not only the processing of all minors’ data, but also online platforms used by teens and children.
Revolutionizing Workplace Design: A Perspective from Gray Reed
In an era where the workplace is constantly evolving, law firms face unique challenges and opportunities in facilities management, real estate, and design. Across the industry, firms are reevaluating their office spaces to adapt to hybrid work models, prioritize collaboration, and enhance employee experience. Trends such as flexible seating, technology-driven planning, and the creation of multifunctional spaces are shaping the future of law firm offices.
From DeepSeek to Distillation: Protecting IP In An AI World
Protection against unauthorized model distillation is an emerging issue within the longstanding theme of safeguarding intellectual property. This article examines the legal protections available under the current legal framework and explore why patents may serve as a crucial safeguard against unauthorized distillation.