Free subscription to the Capitol Journal keeps you current on legislative and regulatory news.
Trump Administration Likely to End ESG Rules Environmental, social and governance regulations will probably be rolled back next year, when President-elect Donald Trump takes office. Likely targets include...
CA AG Backing Social Media Warning Label Bill in 2025 California Attorney General Rob Bonta (D) said he’s planning to sponsor legislation next year to require social media platforms to have warning...
Big Changes Ahead for Obamacare? During his campaign President-elect Donald J. Trump said he had the “concepts of a plan” to replace the Affordable Care Act, which he attempted to kill in...
Several measures on state ballots last week pertained to industries SNCJ focuses on. Here’s a recap of that Election Day activity. Healthcare Voters in 10 states considered ballot measures dealing...
TX to Consider Sweeping AI Bill in 2025 Texas Rep. Giovanni Capriglione (R) released draft legislation for the state’s 2025 session that would provide for comprehensive regulation of artificial...
There is almost no part of our lives these days that is not impacted by technology. Virtually every step we take, every song we listen to, everything we do online, every show we watch on TV and on and on and on has become a data point to be bought and sold and, in many cases, manipulated for political gain.
So it should not be surprising that state and federal lawmakers have grown increasingly anxious to regulate the awesome power that tech companies hold over our lives, from trying to ensure the privacy of those many data points to regulating the content on social media platforms.
They are not the only ones. A Pew Research poll from last April shows that 56 percent of Americans want more regulation of Big Tech companies. A whopping 68 percent of those polled think Big Tech has too much influence on society and the economy.
With that in mind, the second part or our annual SNCJ Preview examines some of the issues and challenges facing state and federal lawmakers and regulators overseeing Big Tech in 2022.
Three states have adopted comprehensive data privacy laws since 2018 - California, Virginia, and Colorado. To date, only the California Consumer Privacy Act (CCPA) is in effect, though a voter-approved expansion of the law - the California Privacy Rights Act, which among other things creates the California Privacy Protection Agency – goes into effect on July 1, 2023. The Virginia Consumer Data Protection Act law begins enforcement on Jan.1 2023, while the Colorado Privacy Act also goes into effect on July 1, 2023.
They are all similar to one another and all generally based on the European Union’s General Data Protection Regulation, though all also have significant differences.
The big question is how many states might follow suit in 2022.
According to the National Conference of State Legislatures (NCSL), at least 38 states cumulatively introduced 160 data privacy measures in 2021. In at least 25 states, those measures were comprehensive proposals, defined as “broadly regulating the collection, use and disclosure of personal information and providing an express set of consumer rights with regard to collected data, such as the right to access, correct, and delete personal information collected by businesses.”
As of right now, measures in six states - Massachusetts (SD 1726), Minnesota (HF 1492), New York (AB 680, AB 6042, SB 567, SB 6701), North Carolina (SB 569), Ohio (HB 376) and Pennsylvania (HB 1126) – are still active. How many get to the finish line is yet to be seen, as is how many more get introduced in the new legislative year.
As always, enforcement has been one of the major sticking points, specifically the inclusion of a private right of action that allows individuals to sue privacy violators on their own rather than waiting for the state to act. A private right of action is very popular with privacy advocates, and just as unpopular with Big Tech, which wants any actions to be handled by the state attorney general’s office.
The private right of action tenet has been particularly challenging in Washington, where a major comprehensive privacy bill has cleared at least one chamber of the state legislature in each of the last two years only to die in the opposite chamber over the inclusion of the private right of action provision.
Although Congress has a handful of its own comprehensive data privacy proposals to consider, given the current dynamic of hyperpartisanship in D.C. that is bound to only get worse in an election year, any action on this front is almost certainly going to come at the state level.
Jennifer Huddleston, policy counsel with Net Choice, a coalition of e-commerce companies and trade associations, says her group remains hopeful that Congress will act before too many more states adopt their own laws, creating what she calls a “confusing and restrictive” patchwork of laws that do more harm than good for both consumers and companies.
“We want to be sure that we’re focusing on addressing harms without penalizing the beneficial uses of data,” she says.
Anyone who has ever been on Twitter or Facebook, which is now calling itself Meta, knows these platforms far too often devolve from social media into antisocial media. And – big surprise – the two major parties see the problem in very, very different lights, with Dems calling for greater regulation of hate speech and misinformation that is often spread via those platforms while Republicans complain that these very same platforms are actively working to stifle conservative voices.
According to the Computer and Communications Industry Association (CCIA), at least 30 states introduced bills this year to regulate in some way or another the content on social media platforms. Measures in Florida and Texas were eventually signed into law, but both are mired in legal challenges that, among other things, claim those measures violate the First Amendment of the U.S. Constitution.
U.S. District Judge Robert Pitman Judge agreed with that argument, striking down the Texas law (HB 20) On Dec. 1, and rejecting the state’s claim that platforms like Facebook are “common carriers” in the manner of telecommunications companies. U.S. District Judge Robert Hinkle issued a similar ruling against the Florida law in July, saying that virtually every tenet of the law is unconstitutional.
The CCIA and Net Choice were the main plaintiffs in both suits. As such, Huddleston could not comment too broadly on that specific litigation but says states with similar proposals should be paying close attention to what judges are saying in these rulings.
“Regardless of how one feels about the decisions regarding content moderation by various companies, many of these state proposals also risk serious First Amendment concerns,” she says.
In the wake of former Facebook employee Frances Haugen’s testimony before Congress detailing all the ways the company uses algorithms – the basic rules computers use to perform certain functions – to promote various forms of harmful speech, lawmakers are becoming increasingly open to regulating their use.
But algorithms are used for far more than just determining what you see on a social media site. These days, algorithms – most generated by artificial intelligence – can play a key role in who gets hired for a job, where people live and even how they are sentenced for breaking the law. And far too often, advocates say, inherent biases built into those programs are having a particularly negative impact on people of color.
A handful of proposals are now being worked up in Congress, including one that would require businesses to audit their automated systems used to make decisions in areas such as health care, housing, employment or education and report the findings to the Federal Trade Commission.
Last month, the New York City Council became the first municipality in the nation to adopt a statute that would ban Big Apple employers from using algorithm-driven hiring tools unless they also perform an annual audit that shows those tools do not discriminate based on an applicant’s race or gender. The measure would also require AI manufacturers to disclose more about how those systems work and to give job seekers the option to have a human being review their application.
Mayor Bill de Blasio has until Dec. 10th – the day this issue goes to publication – to sign, veto or allow the bill to become law without his signature.
There are of course many more tacks being taken to wrest some power back from Big Tech, some more feasible than others.
For one, there seems to be growing bipartisan sentiment in Congress for attacking the issue by altering federal antitrust laws. And there were numerous proposals in 2021 to tax digital services, with bills passing in Maryland, Texas, Massachusetts and West Virginia among others.
Those measures have predictably sparked litigation, but states are also increasingly taking the antitrust route as well. And they are not alone – Vox reports that hundreds of newspapers are also suing the tech giants, alleging the two firms monopolized the digital ad market for revenue that would otherwise go to local news.
There are also proposals being discussed in Congress that would expand the power of the Federal Trade Commission, or perhaps even create an entirely new federal agency to oversee the tech industry.
Much is yet to be determined, but there is one thing of which we can be certain: the battle over regulating Big Tech is likely to be one of the fiercest we see in the coming year.
-- By RICH EHISEN
At least 38 states have introduced bills or resolutions dealing with consumer data privacy in 2021, up from 30 states in 2020 and 25 in 2019, according to the National Conference of State Legislatures. At least 13 states have enacted or adopted such measures this year. Two of the enactments, in Colorado (SB 190) and Virginia (HB 2307/SB 1392), were comprehensive privacy bills similar to the California Consumer Privacy Act (CCPA) passed in 2018.