Your browser is not supported. Please update it.

21 January 2021

Big Tech gushes over GDPR, predicting US copycat by 2022

Just as Faultline had almost given up hope after last week’s political angle at CES left us hanging, a data privacy session at the virtual event provided some poignant technology predictions for the Biden administration – delivered in warts-and-all fashion by execs from Amazon, Google, and Twitter.

A distinct lack of finger-pointing between the three speakers, representing their respective technology titans, might seem like a disappointing outcome for the neutral observer that tuned in expecting a data privacy war of words. However, the unanimous agreements about the challenges facing the technology industry over the next four years, and which issues the next US administration might fit onto its overfilled plate, made for a compelling discussion.

Panelists gushed over Europe’s privacy laws and pined for a US copycat of GDPR, some two and a half years since the data protection law was set in stone, with Twitter’s Chief Privacy Officer, Damien Kieran, putting his neck on the line by predicting that a US data privacy law will pass in the next two years.

His cautious optimism stems from such regulation being long overdue. “The stars have been aligned for some time, but with the new administration coming in we can see that change,” said Kieran.

High on Twitter’s privacy priority list is the fixing of cross-border initiatives, which Kieran said the Biden administration can choose to either fix as part of a federal order, or as part of federal law. His personal preference is for the Biden administration to go down the federal law path to data privacy in this instance, although Kieran’s confidence with the current FTC is clearly running thin.

“I think it’s super important to educate the teams of the FTC, because they don’t fully understand the complexities about the way these services operate,” he declared.

The cross-border challenges Kieran referenced at CES relates to Twitter’s mantra of offering a global experience for its users. Consumers don’t want to open the Twitter app and have a different experience from country to country, yet challenges around privacy and the localization of data has the potential for the “Balkanization” of the internet and services, according to Kieran.

“This is challenging on the business side, but even more challenging for consumers. We have to rely on free movement of data across borders,” he added.

Kieran referenced early positive changes with the EU-US Privacy Shield, which was designed for companies to sign up to improved privacy standards before the data of EU citizens is shipped off to the US, although this alone is not nearly enough and still has the potential to damage consumer trust. “This is something we’re actively focused on, and we are engaged with regulators on both sides of the Atlantic and also with consumers,” continued Kieran.

While a giant of social media, Twitter’s data clout – and indeed its reputation for how consumer data is handled – pales in comparison to Google’s.

Google’s Chief Privacy Officer, Keith Enright, described Europe as an “exceedingly important voice in data and privacy protection” and called the passage of GDPR in 2018 as “a tremendous catalyst to adjusting data privacy.”

Almost echoing Kieran’s outlook, Enright pointed to the US being closer than the country ever been before to nailing data privacy in law. “We are in a period of incredible uncertainty, with multiple legal regimes in a state of unprecedented flux right now. Collaboration between public and private sectors is needed to provide the strongest possible protection,” said Enright.

However, the respective Chief Piracy Officers of Google and Twitter weren’t exactly on the same page when it came to Kieran’s criticism of the FTC, with Enright challenging the widespread perception that the most aggressive privacy regulation happens anywhere other than the US. “You have to recognize that the FTC has been as aggressive as anyone else. I would much rather have regulators engage with me from a well-reasoned position,” said Enright.

As for what Google hopes for from the 46th US President, Enright wants the Biden administration to start by reading a framework for data privacy legislation that Google released a couple of years ago. Google is apparently looking for strong, consistent protection for individual rights, uniformity of controls, and data portability, according to Enright.

A big focus on transparency around AI and ML is also a big focus for both Twitter and Google going into 2021, with the piracy execs seeing transparency as the key to building consumer trust as technologies become more ubiquitous to everything we do online.

As the only non-lawyer on the CES data privacy panel, as well as being barely five months into the role of Amazon’s Alexa Trust Director, Anne Toth should have been like a fish out of water, but she sure held her ground.

Picking up the GDPR theme, Toth applauded how the law served as a catalyst for features that didn’t exist before, such as data portability, the ability for consumers to request and access all data, and even request an organization to delete all data it has on you.

“Start-ups are in the enviable position of not having to retrofit privacy features into a product, they are able to build systems with the understanding that data will be accessed, and users will have that control. We owe a debt of gratitude for that,” she explained.

However, Toth is skeptical of any potential US equivalent. “Even if we get an omnibus privacy law, it’s not going to be GDPR. We are dealing with a forever patchwork quilt here, made up of privacy laws at the city level,” she added.

Toth took the opportunity to predict that the experience of Vice President Kamala Harris as Attorney General of California will be an important factor in getting things done in data privacy. Faultline mentioned before the new year that Harris’ close ties to Silicon Valley could put the nerves of technology giants at ease after four years of hounding under the Trump administration.

But don’t expect a happy ending here. Pressure is still mounting on Amazon, Apple, Facebook, and Google in the form of a 449-page congressional report from the House Judiciary Committee detailing a plan to prevent these four companies becoming even more powerful over the next four years.

That said, Facebook’s absence at CES and on this particular panel session was profound. Of course, it’s possible that the company’s reputation preceded itself and CES organizers decided to tear up the invite to Mark Zuckerberg’s extensive legal team.