By Ben L. Culpepper
As our society becomes more intimate with our cell phones, the law is beginning to extend certain privacies to the cell phone that are analogous to the home.[1] Riley v. California explores this idea in detail where the Supreme Court held that our phones are almost an extension of our modern human anatomy.[2] Big tech companies, such as YouTube, Facebook, and Google who accumulate personal and private information from their users’ cell phones are feeling a tension with new privacy norms and emerging laws surrounding information stored on our phones.[3]
California has enacted a sweeping privacy law, California’s Consumer Privacy Act, which allows for users to opt out of and completely delete the personal data big tech companies store and sell to third parties.[4] Furthermore, along the same vein of supporting user privacy, California has included a private cause of action for users against tech companies who breach users’ rights.[5] Big tech, which lobbied aggressively against the legislation, is trying to make it more difficult for users to so easily delete the accumulated personal data.[6] For example: although people may have access to a portal where they can delete the accumulated data, tech companies are making it difficult to find the portal by burying it underneath mountains of information.[7]
In an effort to prevent the spread of California’s user-friendly privacy laws, big tech has responded by lobbying in other states for far more relaxed privacy laws.[8] Many states’ efforts to enact their own user-friendly privacy laws have been defeated by big tech lobbying.[9] States consider two types of privacy laws generally: an opt-in approach and an opt-out approach.[10] The opt-in approach is user friendly as it would create a default setting where big tech cannot sell users’ information, unless users opt in and allow big tech to sell such private information.[11] The opt-out approach is the converse of this. The default setting is that big tech has the right to collect and sell users’ information, unless the user opts out.[12] A private right of action in the courts may follow a breach by big tech in either model, but it does not necessarily follow.
At least two states, Connecticut and Oklahoma, have attempted to enact legislation following the opt-in approach which also provides a private cause of action.[13] These user-friendly bills are examples of legislation that faced immense pushback from big tech lobbying and ultimately failed.[14] Instead of adopting a user-friendly bill, Connecticut’s second attempt at a privacy bill followed the Virginia model, which is the friendliest to big tech.[15] Big tech is sending lobbyists to the states and pushing for the Virginia model in place of these user-friendly attempts at protecting user privacy.[16]
The Virginia model, a business-first idea, follows a complicated opt-out approach and does not provide a private cause of action if big tech breaches privacy agreements.[17] Furthermore, Virginians can only access their collected information via a portal, and then they can decide to alter or delete any accumulated information.[18] The bill was hailed a success by big tech spokespersons from Microsoft and Amazon.[19] Virginia’s bill stands in direct contrast to California’s bill.
Faced with this dichotomy, states across the U.S. are continuously facing their own challenges in enacting privacy bills. A user-friendly approach, an opt-in model, is sure to face criticism and backlash from big tech lobbyists. Perhaps the federal government will pass its own sweeping legislature; whatever the outcome may be, in the meantime, big tech is sure to have its footprint on any final product coming from the legislatures.
[1] See Riley v. California, 573 U.S. 373, 386-387 (2014) (discussing how a warrantless search of an arrestee’s home is unlawful in the same way a warrantless search of an arrestee’s phone is unlawful).
[2] Id. at 385 (“modern cell phones, which are now such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.”).
[3] Sara Fischer, Big Tech at War Over Privacy, Axios (Jan. 28, 2021), https://www.axios.com/big-tech-at-war-over-privacy-cb9bc9a4-ca65-420c-b0ad-d307f341e7ad.html.
[4] Todd Feathers, Big Tech is Pushing States to Pass Privacy Laws, and Yes, You Should be Suspicious, The Markup (Apr. 15, 2021), https://themarkup.org/privacy/2021/04/15/big-tech-is-pushing-states-to-pass-privacy-laws-and-yes-you-should-be-suspicious.
[5] Id.
[6] Zack Whittaker, Here’s Where California Residents Can Stop Companies Selling Their Data, TechCrunch (Jan. 2, 2020), https://techcrunch.com/2020/01/02/california-privacy-opt-out-data/.
[7] Id.
[8] Feathers, supra note 4.
[9] See, e.g., Feathers, supra note 4 (“During the [Connecticut] bill’s public hearing last February, Duff said he looked out on a room ‘literally filled with every single lobbyist I’ve ever known in Hartford, hired by companies to defeat the bill.’ The legislation failed.”).
[10] Feathers, supra note 4.
[11] Id.
[12] Id.
[13] Id.
[14] Id.
[15] Id.
[16] Id.
[17] Graham Moomaw, Virginia’s New Big Tech-Backed Data Privacy Law is the Nation’s Second. Critics Say it Doesn’t Go Far Enough, Va. Mercury (Mar. 30, 2021), https://www.virginiamercury.com/2021/03/30/virginias-new-big-tech-backed-data-privacy-law-is-the-nations-second-critics-say-it-doesnt-go-far-enough/.
[18] Id.
[19] Id. (reporting the approval comments from Microsoft and Amazon, both who lobbied intensely for this bill).
Image Source: https://www.nicepng.com/ourpic/u2q8t4w7a9w7y3t4_15-iphone-cartoon-png-for-free-on-mbtskoudsalg