Kennedy Patlan and Alex Kennedy are senior associates at Freedman Consulting, LLC, where they work with leading public interest foundations and nonprofits on technology policy issues. Kavya Shah, a Freedman Consulting Phillip Bevington policy & research intern, also contributed to this article.
As the European Parliament adopted two pieces of landmark technology legislation, data privacy legislation made promising advancements in the United States House of Representatives this month. Meanwhile, antitrust advocates and policymakers continued to push for a vote on the American Innovation and Choice Online Act (AICOA) and the Open App Markets Act. On July 28, the U.S. House passed the CHIPS and Science Act, which is now headed to President Joe Biden’s desk for signature.
The below analysis is based on techpolicytracker.org, where we maintain a comprehensive database of legislation and other public policy proposals related to platforms, artificial intelligence, and relevant tech policy issues.
Privacy Legislation Gathers Steam
- Summary: Following June’s landmark introduction of the bipartisan American Data Privacy and Protection Act (ADPPA), this month saw lawmakers dive into the bill’s details in an attempt to strike compromise on its major contention points. After an open markup session in the House Subcommittee on Consumer Protection and Commerce in late June, the bill was forwarded to the full House Committee on Energy and Commerce, where it was amended once again. Edits to the draft legislation covered two primary debates – deciding that a private right of action would be available in two years rather than the initial four envisioned in an earlier draft, and explicitly noting that the California Privacy Protection Agency (CPPA) would have the authority to enforce the ADPPA (an appeal to California lawmakers concerned about overriding the state’s Consumer Privacy Act). Additions to the text also created certain exemptions for small businesses, “preempted the Federal Communication Commission’s (FCC) role” in enforcing the bill, and addressed a loophole related to targeted advertising toward children. The revised bill also loosened the requirements for “data holders” to conduct algorithmic impact assessments and design evaluations. The full committee approved the amended bill in a 53-2 vote, marking “the first time a federal consumer privacy bill has made it out of committee.” The ADPPA now awaits consideration on the House floor, though the timeline for action, if any, is unclear, especially given that the House is currently scheduled for an August-long recess.
- Stakeholder Response:
- California reacts: Two California Democrats, Representatives Anna Eshoo and Nanette Barragán, cast the only two votes against the bill in committee. They cited concerns that the ADPPA reduces consumer protections already in place for Californians, a point of view shared by the California Privacy Protection Agency and several state attorneys general more broadly. Other California Democrats have voiced similar concerns, and if they voted as a bloc against the ADPPA, it could jeopardize the bill’s fate on the House floor. The California Privacy Protection Agency also voted to oppose ADPPA on Thursday, July 28. Meanwhile, some experts and legal advocates argue that the ADPPA is in fact “equal to” or “stronger” than California’s privacy law.
- Cantwell’s concerns: Senator Maria Cantwell (D-WA) also expressed strong reservations about overriding state privacy laws – and her support, as chair of the Senate Commerce committee, is likely critical to the bill’s movement in the Senate. In an interview ahead of the House full committee markup, Cantwell lamented that “it’s taking the House a long time to come to reality about what strong enforcement looks like” and warned fellow lawmakers not to “take the bait on a weak bill.”
- Other group reactions: A joint memo by the Center for Democracy and Technology, the Electronic Privacy Information Center, and the Lawyers’ Committee for Civil Rights Under Law referenced the ADPPA’s more robust private right of action, its section on civil rights, and greater protections for minors’ data. Even so, concern with the ADPPA goes beyond disagreement over states’ role in data privacy protection. Some analysis calls into question the Federal Trade Commission (FTC)’s enforcement capacity, while public interest groups such as the ACLU have indicated prior to the markup that key provisions (including data minimization, civil rights protections, and algorithmic evaluations) must be clarified and strengthened. The Electronic Frontier Foundation also notes that the ADPPA would allow telecommunications companies to circumvent an existing federal privacy law and simultaneously strip the FCC of its enforcement power in this regard. Advertising groups have also publicly opposed the bill, citing concerns that ADPPA would stifle data-driven economies.
- What We’re Reading and Listening To: Wired contextualized ADPPA, explained key provisions, and described its reception on and off the Hill in light of new changes. CNET reviewed the markup process and outlined how the bill got to where it is. A recent episode of the Tech Policy Press podcast analyzed the ADPPA’s new changes and discussed the broader legislative landscape surrounding data privacy.
Children’s Privacy Bills Advance
- Summary: In other privacy news, the Senate Commerce Committee reported the Children and Teens’ Online Privacy Protection Act (S.1628) and the Kids Online Safety Act (S.3663) this month, advancing each bill to the full Senate for consideration. The Children and Teens’ Online Privacy Protection Act (COPPA 2.0) is an amendment to the 1998 law establishing data protections for users under 13 years old. COPPA 2.0 expands those protections to users between 13 and 16 years old and updates protections to include bans on targeted advertising to minors and data collection without consent. COPPA 2.0 also creates an “eraser” button allowing children to remove their data from digital services. The Kids Online Safety Act (KOSA) focuses on creating tools for parents to protect their kids online. KOSA would require platforms to provide parents and minors under 16 with “easy-to-use” tools for online protection, such as allowing parents to track their children’s time on a platform or modify recommendation algorithms. It would also create an obligation for companies to prevent the promotion of sexual abuse of minors, eating disorders, and self-harm and allow the federal government to create a program for researchers to study potential harms to kids and teens using company data.
- Stakeholder Response: The bills received support from over 100 organizations focused on privacy and children’s rights. In an opening statement at the bills’ July 27 Senate Commerce Committee markup, Chair Maria Cantwell (D-WA) said, “This bill [COPPA 2.0] would close a loophole that has been allowing companies to abuse the data of children with little accountability.” However, Senator Roger Wicker (R-MS), who helped forge the compromise leading to the House’s ADPPA bill, has said that he would not support COPPA 2.0, citing that “the committee should be focused on passing data protections for all users, not just kids.” KOSA is also opposed by the Electronic Frontier Foundation, which previously argued that the bill would “result in suppression of material for political reasons.”
- What We’re Reading: The Washington Post analyzed differences between the House and Senate’s approach to digital privacy in light of recent legislative activity. Brookings discussed “safety by design” principles and their utilization in internet policy and design to reduce harms for children online. Axios reported on Gen Z’s declining internet usage and tech’s marketing re-frame of social media apps.
Antitrust Advocates Continue to Push for a Vote
- Summary: On July 19, the House Judiciary Committee published its report, “Investigation of Competition in the Digital Marketplace: Committee Report and Recommendations” after concluding a 16-month investigation into Google, Apple, Amazon, and Meta. POLITICO also shared newly released documents from the House Judiciary Committee’s antitrust probe that revealed how Google and Amazon pushed their own products over competitors. Meanwhile, Bloomberg reported on an antitrust class-action lawsuit against Apple and Apple Pay, filed by Affinity Credit Union. Apple was accused of charging card issuer fees and blocking competition from other payment apps.
- Stakeholder Response: These probes into big tech antitrust activity have been reported as some members of Congress hope to vote on the passage of the American Innovation and Choice Online Act (S.2992) and the Open App Markets Act (S.2710). Antitrust Subcommittee Chairman David N. Cicilline (D-RI) said of the report and antitrust legislation, “It is time for Congress to act … The American Innovation and Choice Online Act, the Open App Markets Act, and the State Antitrust Enforcement Venue Act are ready for votes today.” Representatives Jerrold Nadler (D-NY) and Pramila Jayapal (D-WA), and Senator Amy Klobuchar (D-MN) also released statements following the House Judiciary Committee report release. On July 24, Senator Chuck Grassley (R-IA) told the New York Post that it was time for Senate Majority Leader Chuck Schumer (D-NY) to call a vote on antitrust legislation. Schumer reportedly told donors that the bills do not yet have enough votes to pass.
- What We’re Reading: POLITICO reported on an early July filing by 36 states and Washington, D.C. aimed at Google, accusing them of antitrust violations in their Android app store. Bloomberg released information on Big Tech lobbying spending, which has reached record numbers. Protocol detailed efforts by various groups targeting Senate Majority Leader Chuck Schumer, either asking him to recuse himself from the antitrust bill votes or bring the bills to a vote. The Washington Post polled Senate offices about their support or opposition to the two antitrust bills but struggled to get a clear vote count.
Post Dobbs, FTC Affirms Commitment to Data Privacy
- Summary: In the wake of the Supreme Court’s ruling in Dobbs v. Jackson, the FTC reiterated its commitment to “fully enforcing the law against illegal use and sharing of highly sensitive data,” with a particular focus on location and health data. The FTC’s July 11 guidance to businesses, which came days after President Biden’s July 8 executive order regarding access to reproductive health services, noted that the FTC “is committed to using the full scope of its legal authorities to protect consumers’ privacy,” and “will vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data.” The guidance also directed businesses to recent FTC enforcement actions (including hefty settlements) levied against companies for over-collecting, indefinitely retaining, or misusing company data. The FTC’s latest guidance comes amidst Congressional legislative activity aimed at protecting data privacy, including the aforementioned American Data Privacy and Protection Act (ADPPA). In June, Senator Mazie Hirono (D-HI) also introduced the My Body, My Data Act of 2022, and Senator Elizabeth Warren (D-MA) introduced the Health and Location Data Protection Act of 2022. The bills aim to provide protections for users’ location, health, and reproductive health data.
- Stakeholder Response: The Department of Health and Human Services (HHS) also issued guidance regarding patient privacy protections in wake of the Supreme Court decision on Roe. Kristin Cohen, Acting Associate Director of the FTC’s Division of Privacy & Identity Protection and author of the FTC’s July 11 blog post, directed businesses to read the HHS guidance as well as the FTC’s additional guidance on consumer privacy and data security.
- What We’re Reading: Axios reviewed the far-reaching ramifications of Dobbs for tech companies and their data practices and examined the push by conservative activists to limit the sharing of abortion-related information online. Senator Elizabeth Warren (D-MA) and Senator Amy Klobuchar (D-MN) wrote a letter to Meta leadership regarding concerns that Facebook and Instagram are censoring posts about abortion information. The Washington Post reported on two House hearings that focused on public and private data collection practices that could put abortion seekers at risk. Bloomberg Law reported on Google’s recent commitment to automatically deleting users’ location data from “sensitive locations,” including (but not limited to) abortion clinics. Protocol outlined the ways in which commonly used third party ad-trackers represent a data privacy risk for abortion pill providers like PlanCPills.org. The Center for Democracy and Technology detailed how health data tracking happens and how states, individuals, and companies can take action to protect data privacy.
New Legislation and Policy Updates
Several new pieces of legislation were introduced this month. Notable bills to follow include:
- Digital Citizenship and Media Literacy Act (S.4490, H.R.8216 – Sponsored by Sen. Amy Klobuchar, D-MN, Sen. Michael Bennet, D-CO, and Rep. Elissa Slotkin, D-MI): This bill establishes a $20 million grant program at the Department of Commerce to “teach students digital citizenship and media literacy skills.”
- Veterans Online Information and Cybersecurity Empowerment (VOICE) Act (S.4493, H.R. 8215 – Sponsored by Sen. Amy Klobuchar, D-MN, Sen. Michael Bennet, D-CO, and Rep. Elissa Slotkin, D-MI): This bill establishes a $20 million “grant program at the Department of Veterans Affairs to teach veterans digital and media literacy skills as well as cybersecurity practices to identify disinformation, online scams … exploitation, and hacking attempts.”
Other Legal Activity
This month, there was a flurry of legal activity surrounding big tech. An outline of top headlines is below:
- After Elon Musk revoked his decision to buy Twitter early this month, Twitter filed a lawsuit to hold Musk accountable to the original $44 billion agreement. A Delaware judge granted Twitter’s request for an expedited trial, now set for October.
- The Wall Street Journal reported on a settlement between the Department of Justice and Uber, which states that Uber was “wrongfully over charging wait-time fees for people with disabilities.”
- This month, Amazon also sued Facebook group administrators who had been coordinating fake reviews for Amazon products since 2020, as regulators abroad began their own investigations into fake reviews on big tech platforms.
- The Senate Intelligence Committee sent a letter to the FTC, encouraging it to investigate TikTok’s alleged misrepresentation of Chinese employees’ roles and access to U.S. consumer data.
- Two Kentucky families each filed lawsuits in late July against Instagram, accusing the platform of “creating a perfect storm of addiction, social comparison, and exposure to incredibly harmful content and product features.”
Public Opinion Spotlight
In July, NetChoice, a trade association representing large tech companies released a June 2022 poll that surveyed 9,227 registered voters about their perspectives on the Biden administration, inflation, and the current tech antitrust proposals. They found that:
- “59 percent of Americans blame Democrats for soaring inflation, and agree that antitrust will make it worse”
- “1 percent of Americans think the government should prioritize regulating tech”
- “5 percent of Americans said that antitrust is a priority. 40 percent want privacy and security online, and 36 percent see content moderation as the most important priority”
- “70 percent of voters oppose Congressional proposals to add new antitrust regulations for technology companies”
- “When asked what should be done about tech regulation, only 5 percent support more regulation on big tech, 4 percent support breaking up large tech companies, and only 3 percent support limiting large tech firms from growing further.”
The Tech Oversight Project, a group advocating for antitrust reform, commissioned an Edison Research poll, which surveyed 1,307 likely voters in the 2022 general election between July 12-15th. The poll found that:
- 73 percent of respondents “lean towards supporting” the American Innovation and Choice Online Act (AICOA)
- 74 percent of respondents “lean towards supporting” the Open App Markets Act (OAMA)
- Democrats and Republicans showed similar support for both bills – “76 percent of Democrats and 70 percent of Republicans support the AICOA, and 78 percent of Democrats and 73 percent of Republicans support the OAMA.”
The Coalition for App Fairness shared results from an early June poll of 1,600 likely voters across Arizona, Georgia, Nevada, New Hampshire, North Carolina, Ohio, Pennsylvania, and Wisconsin. The coalition represents an array of tech companies, including start-ups, independent studios, and app makers. The poll revealed that:
- “79 percent of likely voters support the Open App Markets Act”
- “69 percent of likely voters say Big Tech has too much power”
- “72 percent agree “Big Tech companies, like Apple and Google, limit competition and restrict innovation from independent app developers”
- “72 percent of likely voters support the American Innovation and Choice Online Act”
– – –