Big Tech’s funding of weak state data privacy laws may help it secure a favorable federal standard down the line

Big Tech lobbyists are pushing to advance weak privacy laws in states across the US, according to The Markup. The report investigated proposed privacy bills in 20 states and found evidence of “industry-backed frameworks” in 14, including the one recently passed in Virginia. These frameworks allegedly favor Big Tech interests over consumers’. Though each bill differs, those supported by tech lobbyist groups share two key similarities: Companies can’t be sued for privacy violations; and consumers have to opt out of, instead of opting in to, data tracking. Bills that didn’t meet these requirements, The Markup found, failed to gain Big Tech support and were rewritten or abandoned altogether.

Virginia’s Big Tech-supported privacy bill stands in contrast to the California Consumer Privacy Act (CCPA) and may serve as a template for future state proposals. According to Protocol, the text of Virginia’s “industry-approved'' bill was originally presented to legislators by Amazon and received support from Microsoft. Consumer advocacy groups criticized the bill’s opt-out framework and claimed it didn’t cover enough necessary data, like personal information obtained from social media sites. Meanwhile, Microsoft has been trying to pass its own preferred privacy bill in Washington, along with similar bills in Arizona, Hawaii, Illinois, and Minnesota. Critics claim these bills offer business-friendly alternatives to California’s comparably stricter, further-reaching privacy protections.

By supporting weak state data privacy laws in the short term, large tech firms could make a state-by-state approach appear less effective and spur support for Big Tech’s ultimate goal—a unified federal standard. Big Tech firms fought hard to oppose the CCPA and have warned against creating state-by-state, patchwork approaches to regulation. The logistical and legal challenges associated with navigating multiple state privacy requirements are a major concern, with 37% of US marketing technology decision-makers citing “building compliance programs” for the CCPA and Europe’s General Data Protection Regulation (GDPR) as leading challenges for privacy compliance, per a 2020 Advertiser Perceptions survey. Weaker state bills may provide Big Tech with citable alternatives when advocating for a federal standard, as Facebook, Microsoft, Google, and others have done.

Big Tech’s strategy in drafting weak state laws is part of a longer-term goal of passing a business-friendly federal data privacy standard. By advocating for watered-down privacy bills, Big Tech is helping create the very same patchwork it claims to want to avoid. In an interview with The Markup, former FTC chief technologist Ashkan Soltani claims, “The effort to push through weaker bills is to demonstrate to businesses and to Congress that there are weaker options.” Ultimately tech firms could use this patchwork of state laws to push their own federal agenda. That’s all bad news for consumers, who may be left choosing between a tepid, tech-friendly federal standard or an even weaker assortment of tech-backed state laws.