Cisco became the latest company to try and get ahead of the growing battle for privacy in the US recently, when chief legal officer Mark Chandler called for a GDPR-style federal privacy law in the US.
Speaking with the Financial Times, Chandler said: “we believe that the GDPR has worked well, and that with a few differences, that is what should be bought in in the US as well.”
Cisco joins a string of large technology companies that have publicly backed federal privacy legislation in the US. Last year, Apple CEO Tim Cook expressed his support for a GDPR-like law to combat what he described as a “data-industrial complex” that consistently violated user privacy.
These are not the only two companies eager to get in on the ground floor when it comes to federal privacy legislation in the US. According to the New York Times, Facebook, Google, IBM and Microsoft have all lobbied to begin outlining federal privacy law.
Apple, which relies on device sales for its revenues, has used user privacy to differentiate itself from companies like Google, Facebook, and Microsoft, which rely on advertising and the use of data that fuels it. It's understandable that Cupertino would be eager to get behind legislation supporting its own business model, but why are data-hungry advertising-focused companies supporting the call?
These companies already face pending privacy measures that mirror Europe’s. The California Consumer Privacy Act is a state law that comes into effect in 2020, imposing strict, GDPR-like laws on companies doing business in that state.
By superseding this with a federal law over which they have more control, the secret hope might be that they could roll back some of the stricter privacy measures in the state legislation.
These companies realise that the changes coming following decades of fragmented, weak federal privacy regulations spread between various sector-specific legislation. The Federal Trade Commission typically investigates privacy violations, and traditionally has a light touch.
In October 2018, the FTC settled an investigation of ridesharing giant Uber, which had attempted to cover up a user account breach in 2016. The Commission imposed no fines on the company. A month prior, a nationwide lawsuit led by the state of California forced the company to pay $148min damages.
The topic of Governance, Risk and Compliance will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Governance, Risk and Compliance here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
