The ongoing congressional fight over federal data-privacy legislation is dominated by the fear that Facebook, Google, and other top tech companies have grown too powerful to be trusted with their users’ personal data.
But as Capitol Hill decides whether to bring down the hammer on Silicon Valley, experts and industry representatives are warning lawmakers not to take a myopic approach to the broader impact of privacy legislation. Because while tech platforms may be the target, a host of other industries—particularly retailers and small businesses—will also bear the burden of a new federal privacy regime.
“Whenever you hear a member of Congress talking about privacy, they’re talking about Facebook and Google,” said Daniel Castro, the vice president of the Information Technology and Innovation Foundation. “But the legislation they’re proposing affects the Targets and Home Depots. There’s a huge disconnect between what they’re talking about and what their policies would impact.”
That’s particularly true in California, where retailers are anxious over the landmark privacy law passed by the state last year. Nick Ahrens, the vice president for innovation at the Retail Industry Leaders Association, said state lawmakers were so fixated on sticking it to Silicon Valley that they failed to recognize how the legislation would hit the bottom line of brick-and-mortar businesses.
“That’s who they’re thinking about when they’re writing the law,” Ahrens told National Journal. “But maybe they aren’t thinking about all of the other players who utilize, and are the real users of, a lot of this technology, and who interact with consumers on a regular basis. ... [Retail] represents a multi-trillion-dollar part of the economy. So when you don’t take that into consideration, there are real implications.”
According to Ahrens, a federal privacy law resembling California’s could prevent retailers from storing information on their millions of employees, tangle them up in a mess of frivolous lawsuits, and, crucially, block the collection of personal data needed to implement customer-loyalty programs.
“We’ve got companies where 95 percent of their customer base is in their loyalty program,” he said. “If you’re messing around with 95 percent of a multibillion-dollar customer base, that’s a big deal.”
For now at least, Ahrens is careful not to accuse Congress of repeating what he says are Sacramento’s mistakes. But retailers are clearly concerned by the rhetoric coming from both parties—particularly the contention that the California law’s strong prohibitions on the collection and use of personal information should be a “floor,” not a “ceiling,” when it comes to a federal privacy bill.
“The idea somehow that the California law is perfect and we just need to build stronger things on top of it and then you’re good to go—that is a false choice,” Ahrens said, pushing back against the argument advanced by Sen. Richard Blumenthal at a privacy hearing late last month. Brian Dodge, RILA’s chief operating officer and Ahrens’ boss, was the sole industry representative to partially reject Blumenthal’s stance during his own testimony.
Those senators now in the thick of negotiations over a draft privacy law say they’ve heard extensively from retailers on the subject.
