Charter stood out during a Hill privacy hearing for its unqualified support for making an opt-in requirement for sharing Web user data part of any new federal privacy legislation that emerges, but all the witnesses were in agreement that federal legislation should preempt state efforts like California's new privacy law.
That came during a Senate Commerce Committee hearing Wednesday (Sept. 26) on data privacy protection, which featured representatives from Amazon, Apple, Google, Twitter, and AT&T as well as Charter. Committee chairman John Thune (R-S.D.) made it clear it was not a case of if legislation would emerge--there is clearly bipartisan support--but what it would ultimately look like.
While the other players testifying provided a mix of qualified "no" and "yes" answers when asked it they would support an opt-in regime for collecting and sharing online user information, Rachel Welch, SVP policy and external affairs, for Charter, had no such reservations.
Arguably opt-in would have the biggest impact on the edge providers, since they are the major collectors and sharers of user data, and that clearly appeared to be the case at the hearing, though ISP AT&T also was not ready to jump on the opt-in bandwagon.
The answers to whether they would support opt-in went something like this:
Amazon: It favors clarity and simplicity but is concerned that overlaying such a regulatory imperative on every transaction could discourage innovation.
AT&T. No, generally, though yes for personally identifiable information.
Google: It recognizes preserving the notion of choice, transparency and control, but when users have to engage in such a diverse range of actions, much of which they expect to be seamless, individual opt in would impair usability, so a balanced approach is needed.
Apple: Opt in is appropriate in many circumstances, but not all. There is some risk of going overboard.
Twitter: Echoes Google. Says if there were opt in for everything, it would be difficult and challenging.
Charter: Default opt in is the right approach, and it is good for businesses because if a consumer believes their data is protected, they will participate more, not less.
The witnesses provided answers to questions involving several key issues to be worked out in any privacy legislation.
They were asked if they supported freeing up more funds for Federal Trade Commission enforcement of privacy. It was 'yes' all around.
They were asked, twice actually, if they supported giving the FTC rulemaking authority--currently it can only sue to enforce companies' commitments.
The first time around--queried by Sen. Bill Nelson (D-Fla.), ranking member of the committee, there was much finessing of that answer.
AT&T: The company does not support unfettered discretion, but it would support giving the FTC the tools to do its job.
Amazon: It thinks the answer is yes, but the issue is complex and "details matter."
Google: The company suggested the FTC has already been an effective and rigorous privacy enforcer. But it would be interested in having the conversation after first looking at how effective its authority already is, and if that is not sufficient, expanding it.
Nelson appeared to be looking for simple yes or no answers, but wasn't getting them.
Twitter: It supports engaging in more dialog with the committee, but when pressed by Nelson for an answer to the question, said it supported balancing protections with the freedom to innovate. Nelson moved on.
Apple: The company agrees with Google that the FTC already has a good track record and that whatever enforcement mechanism is sought ought to be informed by what's working now.
Charter: If the committee finds the FTC needs added tools, it should get them.
The question was asked again, by Sen Brian Schatz (D-Hawaii), ranking member of the Communications Subcommittee. Schatz interpreted AT&T's answer as a "qualified yes," and when AT&T agreed, it produced a parade of "qualified yes" answers from the rest of the witness table.
All the witnesses also said they supported federal preemption of state privacy laws, including California's tough new privacy law, with one qualification from Apple.
Apple VP Guy (Bud) Tribble said that while he was for preemption, any federal legislation would have to set a sufficiently high bar for protecting consumer privacy.
AT&T said federal privacy legislation should not become the 51st layer of regulation, so, yes, state efforts should be preempted by federal law.
More than one witness talked about preventing a patchwork of laws that would be confusing for consumers. Welch agreed, putting in another plug for making opt-in part of that federal regime.
Schatz added his own caveat. The senator said the companies may not want to navigate that potential patchwork of state laws, but, as Tribble said, the federal law would have to be meaningful if preemption were to be made part of the privacy legislation.
He chided the companies about seeking the "holy grail" of preemption, and suggested it was a bit of "sleight of hand" to support federal legislation, while also wanting preemption and not give full-throated support to providing the FTC the tools--rulemaking authority in particular--to enforce a federal privacy framework.
Schatz added he didn't think there would be enough votes in the Senate to replace, for example, a progressive California law with a nonprogressive federal law.
All the witnesses agreed that it was important for federal legislation to define what personally identifiable information (PII) is. Welch added that opt-in protection should not be confined just to sensitive info.
