As States Take Action Against TikTok, Major Privacy Legislation Seems Unlikely
Californians’ opposition to the ADPPA’s preemption provision may be the end of the comprehensive bipartisan privacy bill.
Em McPhie
WASHINGTON, December 7, 2022 — The comprehensive privacy legislation currently stalled in Congress could provide a strong solution to growing privacy and cybersecurity threats, including significant concerns about TikTok’s data collection practices, according to panelists at a Broadband Breakfast event Wednesday.
The American Data Privacy and Protection Act is a long-awaited bipartisan effort that garnered widespread support before being held back by Speaker Nancy Pelosi, D-Calif., due to its preemption provision. California officials have claimed that the ADPPA is weaker than the state’s existing privacy law.
If the ADPPA fails to pass now, it is even less likely to pass under a Republican-controlled House that will probably favor even less preemption, said Cameron Kerry, a visiting fellow at the Brookings Institution’s Center for Technology Innovation. “We may be back to impasse before we get to some kind of new compromise, and I don’t know that any new compromise can be better than what’s on the table today.”
Despite Pelosi’s opposition to the bill, the state law is actually fairly similar to the ADPPA, said Lauren Zabierek, executive director of the Harvard Kennedy School’s Cyber Project.
“There’s a couple of things where maybe California is just a little bit stronger, but there’s a lot of areas where it seems that the federal bill is actually much stronger,” she added.
This claim is backed up by a thorough comparison chart created in July by the Electronic Privacy Information Center and the Lawyers’ Committee for Civil Rights Under Law. Several industry groups also expressed agreement in a letter to Pelosi, noting that the ADPPA includes algorithmic bias testing, limits on targeted advertising to kids and other protections not present in the California law.
TikTok takes the digital privacy spotlight, with several states announcing limited bans
Social media platform TikTok is at the center of many privacy and cybersecurity debates, with the Federal Communications Commission’s Brendan Carr saying in November he believed banning the platform altogether was the only path forward.
Rick Lane, CEO of Iggy Ventures, said that he supported a general TikTok ban and predicted that it would happen within the next six months.
“The ability to collect very large amounts of data from Americans in order to build their AI is a core piece of the CCP’s efforts in terms of domination in world markets,” he said.
Brandon Pugh, policy counsel at the R Street Institute, agreed that Congress will likely call for further investigation into the security concerns surrounding TikTok, although not necessarily impose a complete ban.
In the absence of a national standard, states are likely to continue creating a disparate patchwork of privacy laws, Pugh said.
State governments are already mobilizing against TikTok. Maryland Gov. Larry Hogan and Texas Gov. Greg Abbott both announced Wednesday that TikTok would be prohibited on government devices. These directives followed a Nov. 29 executive order issued by South Dakota Gov. Kristi Noem that similarly banned the app from the devices of government employees and contractors.
Several other states have indicated that they will soon follow suit.
In a separate attack on the platform, Indiana Attorney General Todd Rokita filed two lawsuits against TikTok on Wednesday, calling the app “a malicious and menacing threat.”
The lawsuits claim that TikTok’s data collection practices violate consumer protection laws and that the company falsely markets the app as being safe for teenagers while presenting them with inappropriate content.
Child-specific privacy bill seems more likely to pass
Another piece of bipartisan privacy legislation making its way through Congress is the Kids Online Safety Act, which would create a broad “duty of care” requirement for tech platforms to shield underage users from harmful content. Broadband Breakfast panelists predicted that it is likely to pass during the lame duck period.
The group on the webcast indicated general support for KOSA, while also saying that it shouldn’t come at the cost of a more comprehensive federal privacy bill. The ADPPA already includes several protections for children, such as prohibiting targeted advertising to anyone 16 and under.
Several industry experts and organizations have raised more substantive concerns over KOSA.
“Instead of protecting kids, KOSA actively harms them—a pretty terrible tradeoff for violating the First Amendment, which this bill also does,” said Ari Cohn, free speech counsel for TechFreedom, in a press release Wednesday. Cohn was not on the Broadband Breakfast panel.
Online services would have to verify the ages of all users to comply with KOSA, Cohn argued, and this would violate users’ right to read and communicate anonymously.
TechFreedom was not alone in raising concerns. Organizations including Ranking Digital Rights and the American Civil Liberties Union opposed KOSA in a letter to senate leadership. The bill would force internet providers to use invasive filtering and monitoring tools and incentivize increased consumer data collection, they argued.
Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.
Wednesday, December 7, 2022, 12 Noon ET – What to Expect from Congress on Social Media and Privacy Regulation
With both Republicans and Democrats having concerns about social media and data privacy, how will the new Congress tackle these issues in the 118th Congress next year? We’ll also review the status of the substantial American Data Privacy and Protection Act in the 117th Congress. At one point, it seemed primed to become the strongest federal privacy legislation ever passed. Now, it might not even make it to the House floor after opposition to its preemption provisions.
Meanwhile, the Big Tech privacy landscape is rapidly shifting: Apple’s steps toward consumer privacy are cutting into ad revenue for companies like Meta, and Federal Communications Commissioner Brendan Carr has called for a complete ban of TikTok over data privacy concerns. What, if anything, will the 118th Congress do in response?
Panelists:
- Cameron Kerry, Distinguished Visiting Fellow, Governance Studies, Center for Technology Innovation, Brookings Institution
- Rick Lane, CEO, Iggy Ventures
- Brandon Pugh, Resident Senior Fellow and Policy Counsel, Cybersecurity and Emerging Threats, R Street Institute
- Lauren Zabierek, Executive Director, Cyber Project, Harvard Kennedy School’s Belfer Center for Science and International Affairs
- Drew Clark (moderator), Editor and Publisher, Broadband Breakfast
Panelist resources:
- TechTank, Brookings Institution
- The Path to Reaching Consensus for Federal Data Security and Privacy Legislation, R Street, May 26, 2022
- Marking Up Momentum: What’s Next for the ADPPA, R Street, July 21, 2022
- Making Digital Wallets Safe for Kids, Rick Lane, September 28, 2021
- Crouching Tiger, Hidden Dragon: Broad and Antiquated CDA 230 Immunity for TikTok Could Aid China’s Secret Efforts to Undermine U.S. Cyber-Security, Rick Lane, August 4, 2020
Cameron Kerry is a global thought leader on privacy, artificial intelligence, and cross-border challenges in information technology. He joined Governance Studies and the Center for Technology Innovation at Brookings in December 2013 as the first Ann R. and Andrew H. Tisch Distinguished Visiting Fellow. Previously, Kerry served as general counsel and acting secretary of the U.S. Department of Commerce, where he was a leader on a wide of range of issues including technology, trade, and economic growth and security.
Rick Lane is a tech policy expert, child safety advocate, and the founder and CEO of Iggy Ventures. Iggy advises and invests in companies and projects that can have a positive social impact. Before starting Iggy, Rick served 15 years as the Senior Vice President of Government Affairs of 21st Century Fox and was the first eCommerce and Internet Technology director for the US Chamber of Commerce.
Brandon Pugh is a Resident Senior Fellow and Policy Counsel for the R Street Institute’s Cybersecurity and Emerging Threats team, where he leads the data privacy and security portfolio. He also serves as an international law officer in the Army Reserve. Previously, he served in elected and appointed office, managed a cyberwarfare publication, and was counsel for a state legislature, among other roles.
Lauren Zabierek is the Acting Executive Director of the Harvard Kennedy School’s Belfer Center for Science and International Affairs and the Executive Director of the Center’s Cyber Project, a policy-relevant research program. She is a graduate of the Kennedy School, a US Air Force veteran and a former civilian analyst in the Intelligence Community.
Drew Clark (moderator) is CEO of Breakfast Media LLC, the Editor and Publisher of BroadbandBreakfast.com and a nationally-respected telecommunications attorney. Under the American Recovery and Reinvestment Act of 2009, he served as head of the State Broadband Initiative in Illinois. Now, in light of the 2021 Infrastructure Investment and Jobs Act, attorney Clark helps fiber-based and wireless clients secure funding, identify markets, broker infrastructure and operate in the public right of way.
Photoillustration from the Electronic Frontier Foundation
WATCH HERE, or on YouTube, Twitter and Facebook.
As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.
SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTube, Twitter and Facebook.
See a complete list of upcoming and past Broadband Breakfast Live Online events.