California's new privacy law has accomplished what previously seemed unthinkable: It spurred tech companies and the ad industry to call for federal privacy legislation.
This week, Silicon Valley's biggest companies -- including Amazon and Google -- and broadband providers showed up on Capitol Hill to urge lawmakers to pass a federal law that would override state privacy laws like California's. The Interactive Advertising Bureau similarly urged lawmakers to consider "sensible" legislation.
California's measure, slated to take effect in 2020, allows consumers to learn what personal information about them is held by businesses, and to opt out of the sale of that information. The California law's definition of personal information is broad enough to cover much of the data relied on by the ad industry, including web-browsing history, email addresses, IP addresses and other information that could be tied to a person.
Tech companies and ad groups argue those requirements are too tough. AT&T told the Senate compliance with California's measure "will require extensive changes to customer-facing policies and privacy controls, as well as internal systems and business processes."
Amazon added that the California law's definition of personal information is too broad, because it includes data that “could be linked with a person.”
The ad industry and many tech companies have long attempted to distinguish between "personally identifiable information" -- which they define as email addresses, phone numbers or other data that allows marketers to contact people -- and everything else, which they call "non-personally identifiable information."
Not everyone agrees that distinction makes sense. At this week's hearing, Senator Jon Tester (D-Montana) brought up a recent experience he had with retargeting. He said he had looked online for information about tires, and was later served with targeted ads for tires.
Tester asked Google how advertisers knew to send him tire ads. Google's chief privacy officer, Keith Enright, answered that those ads weren't based on "personal information" about Tester. The senator disagreed.
Tester isn't the only one to suggest that people's web-browsing history is the kind of personal information that warrants protection. In 2016, the Federal Communications Commission passed privacy rules that would have prohibited broadband providers from drawing on information about their subscribers' web browsing history for ad purposes, without first obtaining their opt-in consent. Those regulations were repealed by Congress last year.
Sen. John Thune (R-South Dakota), who chairs the Senate Commerce Committee, reportedly is readying a proposed bill. The details aren't yet known, but at least one Democrat warned this week that the initiative won't go anywhere unless it's relatively strong.
Brian Schatz (D-Hawaii) noted that a proposed law won't garner the 60 votes it needs to close debate, unless the law is "progressive."
“We’re not going to get 60 votes for anything and replace a progressive California law, however flawed you may think it is, with a nonprogressive federal law,” he said.