Google is set to testify that it "made mistakes" but has learned from the past and improved its privacy protections at a Senate committee hearing on privacy today.
Executives from Twitter, Apple, Amazon, AT&T, and Charter Communications are also set to testify. The hearing is being convened by Republican senator John Thune of South Dakota for the Senate Committee on Commerce, Science, and Transportation. The committee will look into how giant tech companies handle users' data, and look at these companies' privacy policies.
The hearing is partly inspired by Europe's stringent new General Data Protection Regulation (GDPR), which took effect in May. Though it doesn't go as far as GDPR, California's new Privacy Act also takes effect in 2020, prompting the Internet Association, which represents dozens of tech companies, to call for national rules that would supersede California's new law.
Against this backdrop, Keith Enright, Google's chief privacy officer, will testify that Google admits it "made mistakes" around privacy in the past, according to written testimony released by the company. He will add that Google has learned from its mistakes and "improved [its] robust privacy program."
It did seem to need improvement. In 2011, the company settled a case with the Federal Trade Commission and agreed to 20 years of privacy audits after the government sued it for violating user privacy with its new social network Google Buzz. A year later, it agreed to pay a $22.5 million civil penalty for misrepresenting its privacy practices to Apple Safari users.
This past July, Google was hit with an astounding $5 billion fine by the European Union for violating antitrust laws. That's different from a privacy violation, of course, but it does indicate a company that is accustomed to writing its own rules. Then, in August, the Associated Press revealed that Google tracks Android users' locations and shares that info with some apps--even when users have specifically turned location tracking off. (TheNextWeb's Gary Eastwood tested this by turning off his location tracking and wandering into a Walmart. Sure enough, he received a promotion from that Walmart moments after he'd left.)
Fewer resources for innovation.
According to Reuters, Amazon's representative plans to argue that complying with GDPR has taken resources away from "inventing new features for our customers." Twitter's representative, on the other hand, will call for a "robust privacy framework" that protects users' rights without crippling innovation.
Twitter's stance is unusual--in general tech companies have sought to avoid laws governing privacy, preferring to be self-regulating. But now that GDPR and the California Privacy Act are law, they may believe they're better off influencing a new national law rather than being subjected to different rules in every state.
And, at least initially, Congress seems like it might be inclined to enact such a law. Thune wrote in The Hill: "The question is no longer whether we need a national law to protect consumers' privacy. The question is what shape that law should take."
Will Congress really vote in a law that protects user privacy? And how would such a law affect both users and the advertisers--many of them small businesses--who rely on companies like Google and Amazon to zero in on their target customers? We'll have to wait to find out.