The urgent necessity of enacting a national privacy law
The following is adapted from remarks delivered by Kent Walker, President of Global Affairs, at Beyond the Basics: The Many Pillars of U.S. Privacy Law, an event hosted by R Street Institute at The National Press Club in Washington, DC. Google also published an accompanying white paper on Responsible Data Practices.
Information is all around us. Americans sometimes take it for granted, but from the moment we walk out our front doors, information powers everything we do.
After a two-years-and-counting pandemic, when people have taken to tech at an unprecedented pace, they’re more aware of both the possibilities and the privacy challenges.
They may have even heard about the shadowy world of data brokers who buy and sell information to actors they’ve never heard of, for purposes that they can’t see or control, in ways that may risk their privacy and security.
And they may have a greater appreciation for the need for consistency across the country — not a patchwork of 50 different state laws, but a law that organizations and people can rely on as they go about their daily lives
There is a range of views when it comes to technology and technology regulation. But when it comes to national privacy regulation, there is a clear consensus: Americans want it.
A Pew Research poll found that 75 percent of people support government regulation of consumer data.
And the absence of a comprehensive federal privacy law has left a vacuum that states are trying to fill by scrambling to pass their own, often inconsistent, laws — a trend that actually risks fragmenting consumer protections.
People are counting on all of us to address this issue — and fast. The good news is that after many years of discussion, today, there seems to be a growing consensus on this. We are starting to see interest from both parties, from many different constituencies. They are coming together on how to do this well.
President Biden in his State of the Union address highlighted the importance of privacy, and there are growing reports that Congress is making progress toward comprehensive privacy legislation. We’ve long supported that goal, and we welcome the forward movement.
When data is misused, when consumers find their trust is misplaced, it hurts not just the whole digital ecosystem, but the potential for future innovation.
And let me be clear: We at Google get it, and we’ve rethought and adapted our own approaches to product development to promote privacy and security.
For example, because digital services should keep your information for only as long as you find it helpful, we introduced auto-delete controls to let you easily delete your location history, web history, and YouTube history.
Try to do that with any other business that holds data about you.
We were the first platform to make it easy for people to download or transfer personal data when they want to switch to other services.
And today, we keep more people safe online than anyone else in the world — because if it’s not secure, it’s not private.
To set new standards for responsible data use, we’ve also done what we do best – built new technological solutions, investing in privacy-preserving technologies.
Privacy-preserving technologies don’t just promote privacy by design, they achieve privacy through innovation. They help us minimize the collection of identifying data. They reduce the risk of data being misused — without undermining the tremendous value that people get from information services.
As an example, at the start of COVID, we had an unprecedented partnership with Apple to develop Exposure Notifications, helping public health authorities supplement contact-tracing. Our North Star had to be designing a system with privacy protections baked in. So we worked with public health officials, privacy experts, regulators, used our most advanced technology to keep data safe, and established strict guidelines – all of which built public trust and adoption, saving thousands of lives.
Now we’ve got a complex business, and we haven’t always gotten everything right, but we’ve learned from those experiences, and we know what’s possible when private industry and regulators work together.
Of course it’s not enough for some organizations to operate responsibly — we need a law that establishes consistent rules and reins in bad actors.
So how do we do that? What’s the best path forward?
We're not focused on pie-in-the-sky proposals like creating an entirely new agency to regulate all the different uses of digital tools. We don’t want snappy soundbites; we want sound solutions.
The reality is that all companies are becoming digital companies, each with the potential to create new technologies and use information in new ways. We need consistent rules across the economy, and across the country.
Instead of chasing theoretical approaches, we want to support the practical, real-world privacy work already being done by Congress.
Current legislative privacy proposals like the ones put forward by Senators Cantwell and Wicker reflect important areas of agreement on the practical points that matter to people. And we hope they will work closely with Chairman Pallone and Ranking Member McMorris Rodgers to move legislation through the committees expeditiously.
We can build on the work that has already happened in this space, like proposals put forward by Senators Cortez Masto and Fischer and Representatives Stevens and Gonzalez to promote privacy-preserving technologies.
With the right leadership from the White House and leadership in Congress, we can get this done – this year.
So what are the sticking points? Issues like when and how consumers can file suit? The scope of FTC rulemaking? How federal and state laws will work together?
Those issues are debated in some form nearly every time Congress passes new business regulations, including the sectoral privacy laws Congress has already passed. So, none of this is new or unresolvable. With the right working group and some reasonable compromises, these points can be reconciled.
In fact, those conversations are already happening. Of course there has been no shortage of positions when it comes to privacy, ranging from ideas of notice and choice to proposals around new duties of care or loyalty.
One possible finesse would be a responsible data approach that works in practice, across a growing digital economy.
For example, we could start by giving consumers reasonable baseline assurances around transparency and control.
And we could build on that, by requiring responsible data practices — like privacy reviews and data minimization — that could be easy to implement and promote shared processes for protecting people’s data. Norms around good development processes could improve privacy practices for everyone.
But the time to act is now.
A U.S. privacy law would align us all on the privacy measures that people want and promote confidence in U.S. companies and our digital ecosystem.
It would increase trust in U.S. leadership, as we promote cross-border data flows and compatible, pro-privacy, pro-innovation rules around the world.
It would give everyone much-needed clarity and consistency so that organizations spend less time trying to navigate inconsistent rules and more time preventing harm and responsibly innovating – the kind of work that yields research breakthroughs and a stronger U.S. economy.
There’s no question that getting it done will take thoughtful compromises. Compromises by different groups in Congress. Compromises by advocates. And compromises by companies, including Google, who are used to doing business in certain ways. But that’s what we need to get this done.
Whatever final legislation comes out of the negotiations won’t be perfect, and it won’t address every concern. But we urge both businesses and advocates not to make the perfect the enemy of the good. Or of better, more consistent protections for all Americans.
In closing, I’ll say this: Google is an engineering company — and we look at problems from an engineering perspective. When we spot an issue with our services, we make fixing it a priority, and we often move engineers from other projects to help.
This is that all-hands-on-deck moment for privacy.
The vast majority of Americans want a federal privacy law. In fact, we’ve never seen such broad-based, bipartisan consensus about the need for that law.
It’s a moment for Congress to come together, on a bipartisan basis, and deliver for the American people.
Lawmakers and regulators face an important challenge, and an important opportunity. We pledge our support for that effort, and we hope that a broad cross-section of stakeholders will join together in support of their work.