US big tech suffers as federal privacy bill delayed

Congress is unlikely to pass a federal data protection bill this year as lawmakers continue to disagree on how it should be implemented, according to sources speaking to Reuters, meaning big tech companies will have to comply with much stricter state laws.

Many of the protections and rights for data subjects outlined in the California Consumer Privacy Act (CCPA) mirror those of the EU's General Data Protection Regulation (GDPR), making it one of the strictest and most progressive pieces of data security legislation in US history.

Under the CCPA, consumers will have the right to request the data that companies have collected on them, request the deletion of that data, and deny third-party access to it. Companies not up to CCPA snuff will be subject to steep sanctions, including fines of up to $7,500 for each intentional violation and up to $750 for every consumer affected in the event of a data breach.

The delay in passing federal data protection laws means that companies including Amazon, Facebook, Google, and even retailers like Walmart that depend on consumer data for their user tracking and advertising must comply with the robust restrictions of the new California law.

Major US tech companies, as well as associated businesses that depend on them, had been pushing for more lenient federal laws to be created to get ahead of the CCPA, set to come into force on 1st January 2020, but the prospect of passing any legislation in the midst of current congressional debates does not look promising.

"This will be tremendously challenging... companies need to really focus on complying with California now because there is not going to be a life raft from a federal level," said Gary Kibel, technology and privacy partner at Davis & Gilbert law firm, speaking to Reuters.

Despite the efforts of some senators to draft a federal bill by the end of the year, negotiations are still ongoing for matters such as how to adequately facilitate consumers' informed consent so they may choose to opt-out of personally-identifiable data collection, and how such a process would be enforced.

The information that can be considered private and the consumer information that can be freely exchanged with third parties are also up for continued congressional debate, though they are already included in California's new law.

Although negotiations over federal legislation are still underway, many lobbyists remain optimistic that the privacy bill will pass, given that data security is a bipartisan issue and the new law won't take a penny out of taxpayers' pockets.