By: Nicole Harvey

Over the past few years, development in the artificial intelligence (“AI”) space and personal data collection both surged astronomically.  In fact, recent analysis indicates that approximately 90% of the world’s data was created in the last two years.  As a result, data privacy has moved to the forefront of American political conversation.  So much so that multiple tech giants, including Mark Zuckerberg and Jeff Bezos, attended President Trump’s second inauguration.  The President’s inaugural committee gave the tech CEOs prominent seats in front of cabinet members.  Political spectators perceived the unusual move as a signal that big tech will hold a prominent spot on President Trump’s agenda.

The President seemed to confirm that suspicion the following day when he announced an AI development project that would provide $500 billion in federal funding to private tech companies.  Congress, however, has remained relatively quiet on data privacy.  Legislation was proposed during the last two sessions of Congress but died in committee.  In fact, opposition to the last bill was so strong that it forced The House Energy and Commerce Committee to cancel a hearing to mark up the legislation.

Lack of action at the federal level has left state legislatures to fill the void.  At the end of January, nineteen states had data privacy laws on the books and eight other states had legislation pending.  The state laws vary greatly.  New Jersey has one of the strongest, which includes a universal opt-out mechanism, empowers the New Jersey Attorney General with rule-making authority, and offers a consumer-friendly private right of action clause.

The architect of New Jersey’s data privacy law, Senator Raj Mukherji, claims he experienced significant pushback from the tech industry.  TechNet, a trade association that represents Apple, Comcast, Google, Meta, and Salesforce, among others, led the charge.  The association wrote to several New Jersey legislators imploring them to vote the bill down, taking issue with most of its major provisions.

TechNet advocates for a federal data privacy law because “[t]he growing patchwork of state privacy laws is confusing consumers and having a chilling effect on our economy, especially for small businesses that are struggling to keep up with an ever-changing compliance landscape.”  NetChoice, another tech association that also represents, Google and Meta, along with amazon, X, AOL, and others, promotes a similar position.  The association’s vice president and general counsel, Carl Szabo, said in a statement, “[p]art of the problem with the wide variety of state laws on the books is that it is incredibly hard for small businesses to afford compliance with many different and sometimes conflicting laws.”

NetChoice was one of thirty-nine signatories to a recent letter calling on Congress to pass a national data privacy law.  The letter asks Congress to preserve the tech industry’s ability to process data for “beneficial purposes” such as offering goods and services.  However, it also advocates for a law that would give consumers the right to “[k]now whether a company is processing their personal information[,]” and ask companies to correct or delete such data.  The proposal also includes a carve-out for small businesses that would exempt companies that process fewer than 200,000 people’s data.

It is unsurprising that the tech industry is throwing its weight and wallet around to influence data privacy legislation.  Big tech is big money.  Experts value the global big data and analytics market at over $348 billion with revenue projected to triple by 2029.  U.S. companies have a 51% share in that market.

The tech industry makes a strong argument that having a wide array of state laws governing data privacy is a burden on small businesses.  Approximately 49% of small businesses have fewer than five employees, let alone in-house counsel.  For an online boutique owner who has customers all over the country, for example, navigating nineteen different privacy laws would be difficult to say the least.  Additionally, they very well may not possess the technical knowledge or skill to ensure they are in compliance with such laws even if they do understand their obligations.  Any federal legislation should be sure to address that concern.

On the other hand, some of the tech industry’s stances raise eyebrows.  New Jersey’s privacy law provides for a private right of action and vests rulemaking power in the New Jersey Attorney General.  TechNet opposed both of those measures.  While it is encouraging that big tech advocated for pro-consumer policies in their recent letter to Congress, it is concerning that they seem to be against a strong enforcement framework that would ensure those policies are actually effectuated.

From a compliance standpoint, enacting federal data privacy law is a must.  From an economic standpoint, ensuring the American tech market continues to flourish is also a must.  Congress should find a federal solution that protects consumers without stifling progress.

The rapid growth of data collection and AI technologies has made data privacy a pressing issue that demands immediate attention.  While state-level legislation has stepped in to fill the gaps left by federal inaction, the resulting patchwork of laws poses significant challenges for businesses, particularly small ones.  The tech industry’s call for a unified federal data privacy law is valid, but its resistance to strong enforcement mechanisms raises concerns about genuine consumer protection.  Congress must strike a delicate balance by creating comprehensive federal legislation that safeguards consumer rights while fostering innovation and economic growth in the tech sector.

 

Student Bio:  Nicole Harvey is a third-year evening student at Suffolk University School of Law and a staff member for the Journal of High Technology Law.  Nicole is also an Intelligence Analyst at the Office of the Massachusetts Attorney General.  She received a Bachelor of Science degree in Politics, Philosophy, and Economics, with a concentration in Law & Justice, and a minor in Law & Public Policy from Northeastern University in 2019.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL, Suffolk University Law School, or the Office of the Massachusetts Attorney General.