Nearly two hours into a congressional hearing earlier this fall, Sen. Richard Blumenthal (D-Conn.) asked what seemed like an obvious question.
“Anybody here planning to pull out of Europe because of those privacy protections” under the newly implemented General Data Protection Regulation, he asked. And not one of the witnesses — each representing some of the biggest companies in the country — really responded, confirming for Blumenthal that AT&T, Amazon, Google, Twitter, Apple, and Charter Communications are not changing their plans based on the new privacy rules.
“No one. You’re living with them. [There’s] no undue hardship,” Blumenthal continued, asking, “Any of you planning to pull out of California” as the state prepares to enact in 2020 the recently passed California Consumer Privacy Act. And for a second time, none of the six witnesses really responded. “Again, no one, [there’s] no undue hardship,” Blumenthal concluded.
But the fact that big companies with big budgets and big legal teams can afford to stay in Europe and California and comply with their respective privacy obligations shouldn’t come as a surprise. It’s the small and young companies that make up the country’s thriving startup ecosystem that lawmakers should be concerned about.
We’ve already seen several examples of U.S. startups leaving Europe instead of trying to navigate GDPR compliance. It remains to be seen how California’s privacy law will impact startups when it goes into effect in a little under two years. As the conversation around a federal privacy framework continues, it’s crucial that policymakers think past the headline-grabbing privacy missteps by Internet giants and consider the ways in which federal rules could hinder U.S. startups.
That’s why, late last week, Engine filed comments with the Commerce Department’s National Telecommunications and Information Administration highlighting the ways in which a federal privacy framework could impact startups specifically. As we explained in our comments, “creating regulatory or legislative burdens in the name of protecting users’ privacy without fully understanding the actual privacy benefits and the very real threats to startups would risk unnecessarily crippling one of the most important sectors in our economy.”
As the debate about privacy rules continues, it’s important for regulators and lawmakers to think about what changes will mean for startups and other small businesses, not just giant corporations.