What Microsoft, IBM and others won as the privacy bill evolved
Hello, and welcome to Protocol Policy! Today I’m digging deep into the amendments to the latest privacy bill — and how they may have put cloud companies in a better mood. Plus: the administration’s plans to handle the export of software needed for chip manufacturing to China, Blake Masters and Pelosi’s trip.
While the House was getting up a surprising head of steam on privacy legislation the last two months, many in tech and consumer advocacy went public with their worries: about the status of digital ads, protections for kids and more. Major enterprise and cloud companies such as Microsoft, IBM and Salesforce kept relatively quiet, but it seems that, behind the scenes, many of their biggest concerns were being fixed just the same.
Business-to-business companies have always wanted data regulation to reflect that they don’t usually deal directly with consumers, and they were quietly anxious that a discussion draft of the privacy proposal, and the text as subsequently introduced, wasn't doing that.
- Lobbyists for the industry refer to a distinction between “controllers” of data — like big retailers or social media companies, which have agreements with users about what to do with their information — and themselves, whom they call “processors.”
- Processors may need users’ data to facilitate a payment, enhance productivity or simply host information in the cloud, but they don’t really make decisions about data use, at least not in the enterprise context.
- Profitable cloud providers and enterprise software companies like that classification, because they don’t want to suffer the full brunt of privacy regulation (even as they call for it).
- But it also seems to reflect a genuine enough difference that the GDPR and CCPA, which weren’t exactly written by people who are cowed or co-opted by industry, included those definitions.
The initial privacy draft did refer to companies called service providers, which was essentially its name for B2B data processors, but it included them under the umbrella of companies subject to most of the proposed body of regulations.
- By the time the text was formally introduced, though, there was more of a distinction between service providers and controller-style companies that decide how to use consumers’ data.
- The text also no longer required processors to automatically delete or de-identify data soon after using it.
- The new language got rid of an explicit allowance for contract terms that would let controllers monitor for compliance the enterprise companies they hire.
- It also put limits on processors’ liability if subcontractors break the law.
- And the changes clarified that consumer-facing firms are the ones that have to verify user requests, like an attempt to have data deleted.
- Incidentally, the markup also started to bring consumer advocates into the fold.
After the markup, a trade group representing several enterprise companies praised “significant improvements to better reflect the role of service providers.”
- The group, BSA, isn’t necessarily endorsing the bill yet, as its members are still evaluating if the measure is workable, senior director for policy Kate Goodloe told me.
- She called the current text “a really significant accomplishment,” though.
The bill still has plenty that a major cloud or enterprise provider — whose support would certainly be valuable to getting anything passed — might not like.
- The bill includes far-reaching provisions on civil rights and high-risk AI (which are of long-standing interest to BSA) and includes real exposure to consumer lawsuits.
And of course Sen. Maria Cantwell continues to oppose the bill in the Senate, holding it up.
- Cantwell represents Washington state, home to the two biggest cloud giants, though she’s pushed for changes focused on consumer issues.
After years of lawmakers’ flailing, the way the privacy bill treats processors has evolved tremendously in just two months, and has likely softened potentially powerful corporate opposition. “You have a bill out there beating expectations,” Goodloe said. “No one thought that it would get this far.” Of course, it might well still fail to go all the way.— Ben Brody (email | twitter)
Sen. Ron Wyden, who chairs the tax-writing committee, said a proposed 15% minimum corporate tax would bring in big bucks from tech. Wyden and Sen. Elizabeth Warren were pushing back on the notion that the measure, which helps pay for the Democrats’ major health care and energy bill, would hurt manufacturers. “Big pharma, tech and apparel companies would account for half the revenue coming in from ‘manufacturers,’” Wyden said.
The Chips and Science Act stops any funding recipients from advancing China’s chip business. In particular, any company that receives funding through the grant program must agree to not invest in anything more advanced than 28-nanometer production in China or Russia.Opendoor agreed to pay $62 million to settle with the FTC over allegations of deceptive marketing. The agency alleges Opendoor promised homeowners higher net proceeds from sales, even though the company’s own internal analysis found that wasn’t the case. The real estate company also agreed to stop the practice, though it issued a statement denying the allegations.
A MESSAGE FROM CCIA
S. 2992 could break digital services like Google Search, Amazon Prime, and your phone's security. Americans are feeling the squeeze of record inflation; why do some members of Congress want to set the economy back by an estimated $319 billion?
In the states
Arch-conservative Peter Thiel ally Blake Masters won the GOP primary for a Senate seat in Arizona. Masters, whose run Thiel helped bankroll, will face Democratic Sen. Mark Kelly in the general election.
Robinhood incurred a $30 million fine from the New York State Department of Financial Services. The penalty stemmed from allegations Robinhood failed to enact required anti-money-laundering deterrents. Robinhood’s week then went from bad to worse, as it announced layoffs for nearly a quarter of staff and reported a 44% year-over-year decline in quarterly revenue.
The Biden administration is preparing to block exports of critical software for semiconductor design to China. The White House had been weighing the possible ban for months, but a source told Protocol the export restriction is set to be enacted in coming weeks. Key companies in that space, including Synopsys and Cadence, derive a significant portion of their revenue from China, though it isn’t clear how much of that comes from the chipmaking software directly.
Mum’s the word on the Inflation Reduction Act, at least for Big Tech. Salesforce was the only major tech company to issue a statement in support of the Democrats’ new signature health care and energy bill. Even though the measure includes climate funding to the tune of $370 billion, it also includes that minimum tax rate of 15% for corporations with more than $1 billion in annual profits.
The Nuclear Regulatory Commission certified NuScale's small modular reactor design. The move may clear a pathway for further development and funding for SMRs and advanced reactors, climate policy experts said. NuScale’s success could also be critical for lowering the costs associated with nuclear energy in the U.S., as the only ongoing large-scale nuclear construction project in Georgia has been significantly delayed and over budget.
MetaX is taking on Meta over copyright infringement. Both companies operate in the VR space, but in a court filing, Zuckerberg’s Meta argued it offers “drastically different goods and services,” because the smaller MetaX, which got to the name first, is a “social technology company.” Experts told Protocol the lawsuit will likely result in a settlement with MetaX winning damages.Cyberattack threats from China are evolving. One expert noted that while China often isn’t carrying out the most technically advanced attacks, its size and persistence allows long-term success.
Around the world
House Speaker Nancy Pelosi met with TSMC chairman Mark Liu and Pegatron vice chairman Jason Cheng during her trip to Taiwan. She’s now headed to South Korea, and if the chip tour continues, some Samsung meetings might be on the agenda.
Kenya’s elections are coming up, and Meta is drawing scrutiny for its role in shaping public opinion. Researchers say Meta isn’t doing enough to police itself, especially when it comes to misinformation and ethnically charged hate speech.
42%: That’s the percentage of hourly frontline workers who believe their companies’ DEI programs are effective, according to a new research report by McKinsey. That varies significantly from the roughly 70% of senior vice presidents and vice presidents who feel the same way. Protocol’s Workplace team covered the report here.
A string of high-profile Meta executives — including Nick Clegg, CMO Alex Schultz, and Instagram head Adam Mosseri — are ditching the Bay Area for London. Theories abound as to why it’s happening: Is it to be closer to the regulatory action? Because Meta has a large engineering presence in London? Or is the Bay Area just not what it used to be? We don’t know, but it will be intriguing to see if the trend continues. Tech executives have made a habit of complaining about the Bay Area recently, and remote work could let them follow through on those complaints.
A MESSAGE FROM CCIA
Some policymakers are intent on passing S. 2992—flawed legislation that could undermine free and reliable digital services that families use daily. Without Amazon's guaranteed 2-day shipping, Google search, or phone security, consumers' finances will be squeezed even further.
Have a good day — see you Friday!