House privacy proposal would limit how Facebook, Google handle data

Dive Brief:

• The House Energy and Commerce Committee proposed a privacy law that would severely limit how advertising giants including Google and Facebook can collect and use user data, The Los Angeles Times reported.
• If passed, the legislation would limit how these companies track users online, requiring permission to share consumer data with other companies. The proposal — which aims to establish the nation’s first federal privacy law —​ would also give people the right to opt out of ads from companies they have already made purchases from.
• Republican Representative Cathy McMorris Rodgers of Washington State, who helped write the bill, said that the law would be stricter than California’s new privacy law, which goes into effect on Jan. 1, Ad Age reported.

Dive Insight:

If passed, the measure could dismantle some of the vast ad-tech systems that Google and Facebook have built​ and would challenge their stronghold on deep knowledge of millions of consumers.

Tech giants like Google and Facebook are built on tracking users on their respective platforms, as well as on third-party sites through partnerships with other players in the ad-tech ecosystem. Consumers are often in the dark about how much of their behavior is bought and sold to advertisers to deliver marketing messages. If passed, the whole landscape could be disrupted. Users could prevent brands from sending them advertisements even if they’ve already let the company use their information for another reason, such as making a purchase or providing a mailing address. Depending on the specific restrictions on first-party advertising, the measure could also limit how Facebook and Google target users by using troves of data they hold internally but don’t share with third parties.

The latest proposal comes as technology behemoths face growing scrutiny in Washington over everything from data collection to election tampering. Legislation to limit the tech industry is nothing new. The CAN-SPAM Act of 2003, required email marketers to get permission to send email marketing messages to consumers. In 2007, the FTC pushed for a do-not-track list that would require advertisers to add a pop-up, opt-out feature if a customer’s behavior was being tracked, but it never materialized.

The California Consumer Privacy Act (CCPA) takes effect in just one week on Jan. 1. The law will require companies to limit the time they can use customer information and add rules around how they manage it. European GDPR rules went into effect in May 2018, requiring marketers to get double opt-in to market to consumers and to anonymize data to protect privacy, among other things.