Privacy has been at the fore in recent years as the European Union and the state of California each passed landmark consumer protection laws that paved the way for sweeping change. While big tech companies are still preparing for a growing patchwork of regional regulations, they are also preparing for a potential federal privacy law in the US.
Google and Twitter’s data protection officers, as well as Amazon’s head of trust for Alexa, discussed the data protection landscape at CES 2021 on Tuesday, calling for new regulations each time, while claiming that tech companies need to make their data collection more transparent.
In the discussion, Keith Enright, Google’s chief data protection officer, confirmed that the company is still on the right track to phasing out third-party cookies from its Chrome browser by 2022. Here are the issues the three technical leaders focused on with the future of privacy regulation in Europe and the United States focused.
The European standard
The European Union has long valued privacy and data protection, two rights enshrined in the EU treaties and the EU Charter of Fundamental Rights. However, Enright said the implementation of the General Data Protection Regulation in 2018 will be a crucial moment for all global companies.
“GDPR … has been a huge catalyst for companies around the world to adapt their privacy programs through a more European perspective,” he said.
When asked, Amazon’s director of trust for Alexa Anne Toth said the regulation had significantly improved general awareness of data protection. “I don’t know the GDPR has changed a lot for European customers,” she said, noting Europe’s longstanding data protection obligations. “I think it’s having more of an impact on data subjects – individuals – around the world who live in countries that don’t have omnibus data protection laws.”
Stars align in the United States
With the Biden administration taking office, the United States could soon have a federal data protection law.
Damien Kieran, Twitter’s chief privacy officer, is “optimistic” that you will be around in the next two years and calls it “long overdue”. He also said cross-border data disputes between the EU and the US will add an additional imperative, although this could be addressed through executive regulation, if not through legislation.
Enright agrees that the “stars are now better aligned” to pass law, particularly following the passage of California’s privacy laws, the California Consumer Privacy Act, and the more recent California Privacy Rights Act.
“If history is a lesson, it will be a catalyst for a tremendous amount of state-level legislative activity over the next few years,” he said. “That increases the chances dramatically if we can develop the political will at the federal level.”
The consequences of global fragmentation
Executives lamented regional regulatory efforts and concerns about the “Balkanization” of the Internet.
Twitter’s Kieran said that different regulations have the potential to disrupt a platform’s “global experience”. He doesn’t want the user experience to change from one region to another.
“I think the challenge of what we see with the Privacy Shield or the localization of data outside of the European context is this potential for the Balkanization of the Internet, the Balkanization of Services and the Localization of Services,” he said, claiming that this is a challenge for both businesses and consumers.
“Twitter should be a place where I can join the global conversation,” said Kieran. “If my global conversation is limited to the data in the 28 European countries, it is not a global conversation, but a European conversation.”