With the looming presidential election, a United States Supreme Court majority that is hostile to civil rights, and a conservative effort to rollback AI safeguards, strong state privacy laws have never been more important.
But late last month, efforts to pass a federal comprehensive privacy law died in committee, leaving the future of privacy in the US unclear. Who that future serves largely rests on one crucial issue: the preemption of state law.
On one side, the biggest names in technology are trying to use their might to force Congress to override crucial state-level privacy laws that have protected people for years.
On the other side is the American Civil Liberties Union and 55 other organizations. We explained in our own letter to Congress how a federal bill that preempts state law would leave millions with fewer rights than they had before. It would also forbid state legislatures from passing stronger protections in the future, smothering progress for generations to come.
Preemption has long been the tech industry’s holy grail. But few know its history. It turns out, Big Tech is pulling straight from the toxic strategy that Big Tobacco used in the 1990s…
TLDR:
Skip to today, and Big Tech is pursuing the same approach, often in the same states.
They too have funded front groups, hired an armada of lobbyists, donated millions to campaigns, and opened a firehose of lobbying money to replace real privacy laws with fake industry alternatives as ineffective as non-smoking sections.
Part of the problem is that the government is all for this, especially law enforcement.
Iirc the bar is much lower to get a subpoena for data on someone versus getting a warrant for that same person.
This is why privacy is so important. It’s not just ads you need to worry about.
they don’t bother with subpoenas sometimes anymore; they just buy the information they want now.
Use SHIT they can’t control. Use the fediverse. Use Monero. Use protonmail. Use all these things. Give them the middle finger.
On fedi almost all data public by default. Not much privacy here except pseudonym.
All social media is inherently privacy invasive because you are either voluntarily or unwittingly giving the social media data about yourself.
But only the data that is explicitly intended to be public. There’s no single entity installing invasive apps or logging your traffic through partner network sites.
Facebook had half the internet using your Facebook login as authentication at one point
At least there’s still the EU limiting the power of these companies, I guess…
Yes, at least their attempts at destroying privacy comes directly from the government.
Thanks to chief lobbyist Mr. Kutcher
Small Tech too spreads software we don’t control, withholds a libre license text file, bad!
In 2022, industry front groups co-signed a letter to Congress arguing that “[a] growing patchwork of state laws are emerging which threaten innovation and create consumer and business confusion.” In 2024, they were at it again this Congress, using the term four times in five paragraphs.
Big Tobacco did the same thing.
Is this really a fair comparison though? A variety of local laws about smoking in restaurants makes sense because restaurants are inherently tied to their physical location. A restaurant would only have to know and follow the rules of their town, state and country, and the town can take the time to ensure that its laws are compatible with the state and country laws.
A website is global. Every local law that can be enforced must be followed, and the burden isn’t on legislators to make sure their rules are compatible with all the other rules. Needing to make a subtly different version of a website to serve to every state and country to be in full compliance with all their different rules, and needing to have lawyers check over all of them would create a situation where the difficulty and expense of making and maintaining a website or other online service is prohibitive. That seems like a legitimate reason to want unified standards.
To be fair there are plenty of privacy regulations that this wouldn’t apply to, like the example the article gives of San Francisco banning the use of facial recognition tech by police. But the industry complaint linked in the article references laws like https://www.oag.ca.gov/privacy/ccpa and https://leg.colorado.gov/bills/sb21-190 that obligate websites to fulfill particular demands made by residents of those states respectively. Subtle differences in those sorts of laws seems like something that could cause actual problems, unlike differences in smoking laws.
Needing to make a subtly different version of a website to serve to every state and country to be in full compliance
do they need to? I don’t think so. they could just follow privacy best practices everywhere, if they can’t afford to do whatever they want with user and visitor data.
they don’t want this solution, however, but in my understanding instead to force every state to have weaker privacy laws
do they need to? I don’t think so.
Why not? How can you be sure that all these laws are going to be about all the same things and not have many tricky edge cases? What would keep them from being like that? Again, these laws give unique rights to residents of their respective states to make particular demands of websites, and they aren’t copy pastes of each other. There’s no documented ‘best practices’ that is guaranteed to encompass all of them.
they don’t want this solution, however, but in my understanding instead to force every state to have weaker privacy laws
I can’t speak to what they really want privately, but in the industry letter linked in the article, it seems that the explicit request is something like a US equivalent of the GDPR:
A national privacy law that is clear and fair to business and empowering to consumers will foster the digital ecosystem necessary for America to compete.
To me that seems like a pretty sensible thing to be asking for; a centrally codified set of practices to avoid confusion and complexity.
Can you elaborate how Big Tobacco used these tactics? You mention them in the title but only go back at the end for a snippit
Here’s a post demonstrating how mainstream tech media is complicit.