INTERNATIONAL – A US online privacy bill is not likely to come before Congress this year, three sources said, as legislators disagree over issues like whether the bill should preempt state rules, forcing companies to deal with much stricter legislation in California that goes into effect on January 1.
Without a federal law, technology companies, retailers, advertising firms and others dependent on collecting consumer data to track users and increase sales must adapt to the California law, potentially harming corporate profits over the long term.
The delay is a setback for companies ranging from Amazon and Facebook Inc to Alphabet Inc’s Google and retailers such as Walmart, who either directly collect shopper information to run their websites, or provide free services and derive revenues from advertising that relies on online data collection.
“This will be tremendously challenging … companies need to really focus on complying with California now because there is not going to be a life raft from a federal level,” said Gary Kibel, a partner specialising in technology and privacy at law firm Davis & Gilbert.
While the sources, who are involved in the negotiations, still think it is possible at least one discussion draft of the bill could land before the year ends, congressional negotiators must still agree on whether it is adequate to simply ask consumers to consent to collection of personally identifiable information and give them the opportunity to opt out and how the new law would be enforced.
They are also negotiating how much information should be deemed private and where one should draw the line in terms of exchange of consumer information with third parties, the sources said.
The effort to draft a federal bill is being led by Democratic Senators Richard Blumenthal, Brian Schatz and Maria Cantwell along with Republican Senators Jerry Moran, Commerce Committee chairman Roger Wicker and the Senate’s No. 2 Republican, John Thune.
Two sources said Senators Blumenthal and Moran’s staff are working on the federal bill and expected to release a draft before the end of the year. One of those sources said a draft of the House version of the bill could land in a few weeks.
California’s data privacy law will affect any major company with an online presence and requires companies with data on more than 50 000 people to allow consumers to view the data they have collected on them. It also lets consumers request deletion of data, and opt out of having the data sold to third parties. Each violation carries a $7 500 (R115 000) fine. Companies are also waiting for the state attorney general to roll out regulations around the law in California.
While it is only meant to protect California consumers, it is not known whether companies adapt their business practices to work under one set of rules for the most populous US state, and existing rules for the other 49 states.
“California will go into effect without Congress doing anything this year on the federal bill,” said a source with direct knowledge of the matter, who did not wish to be named and is pushing for a federal privacy bill.
“That’s a big problem because of the business impact this will have,” the source said.
Facebook did not respond to a request for comment. Google and Amazon declined comment. President and chief executive Michael Beckerman of the Internet Association, which counts Amazon, Facebook, Google, Microsoft as its members, said there was broad bipartisan consensus for a federal privacy law and urged Congress to act on it now.
Walmart did not comment and referred Reuters to the Retail Industry Leaders Association (RILA). Nicholas Ahrens, a vice president at RILA, which counts Walmart as a member, said the group is continuing to work with Congress toward a federal legislation and is hopeful a bipartisan solution can be reached.
Despite the immediate delay, the privacy bill remains one of the few pieces of legislation that many lobbyists still believe has a decent chance of becoming law because it is a bipartisan concern and does not cost taxpayers money.