Data privacy has taken center stage in recent years, as the European Union and the state of California have each adopted landmark consumer protection laws that have paved the way for wide-scale change. And while major tech companies are still adjusting to a growing patchwork of regional regulations, they are also readying for a potential federal data privacy law in the United States.
The chief privacy officers of Google and Twitter, along with Amazon’s head of trust for Alexa, discussed the privacy landscape at CES 2021 on Tuesday, each inviting new regulations while asserting that tech companies need to do a better job at being transparent in their data collection efforts.
In the discussion, Google privacy chief Keith Enright confirmed the company remains on track to phase out third-party cookies from its Chrome browser by 2022. Here are the themes the three tech executives focused on regarding the future of privacy regulations in Europe and the United States.
The European standard
The European Union has long valued privacy and data protection, two rights enshrined in the EU Treaties and in the EU Charter of Fundamental Rights. But Enright said the implementation of the General Data Protection Regulation in 2018 was a pivotal moment for all companies operating globally.
“GDPR… was a tremendous catalyst for companies all over the world to adapt their privacy programs through a more European lens,” he said.
When asked, Amazon’s director of trust for Alexa Anne Toth said the regulation has greatly improved general awareness about data privacy. “I don’t know that GDPR has changed much for European customers,” she said, noting Europe’s long-standing privacy commitments. “I think it’s had more of an effect globally for data subjects—individuals—who live in countries that don’t have omnibus data protection laws.”
Stars align in the United States
With the Biden administration coming in, the United States may soon have a federal data privacy law.
Twitter chief privacy officer Damien Kieran is “optimistic” that one will pass in the next two years, calling it “long overdue.” He also said that cross-border data disputes between the EU and U.S. will add an additional imperative, though that could be addressed with an executive order if not through legislation.
Enright agrees the “stars are better aligned” now to get a law passed, particularly after of the passage of California’s state privacy laws, the California Consumer Privacy Act and the more recent California Privacy Rights Act.
“If history is any lesson, that is going to be a catalyst for a tremendous amount of state-level legislative activity in the next couple of years,” he said. “That tends to dramatically increase the chances if we can develop the political will at the federal level.”
The consequences of global fragmentation
The executives lamented regional regulation efforts and their concern over the “balkanization” of the internet.
Twitter’s Kieran said that disparate regulations have the potential to disrupt how much of a “global experience” a platform can offer. He doesn’t want the user experience to change from one geography to another.
“I think the challenge of what we’re seeing with the Privacy Shield or localization of data outside of the European context is this potential for the balkanization of the internet, balkanization of services, localization of services,” he said, asserting that it’s challenging both for companies as well as consumers.
“Twitter is meant to be a place where I can join the global conversation,” Kieran said. “If my global conversation is limited to the data that’s in the 28 countries of Europe, that’s not a global conversation, that’s a European conversation.”