Lawmakers issue ultimatum to tech platforms over data privacy

House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) (L) and Rep. Mike Gallager (R-WI) talk with reporters on Monday after the House of Representatives voted on legislation he co-sponsored to ban TikTok at the U.S. Capitol in Washington, D.C. (Chip Somodevilla/Getty Images/TNS)
Subscribe Now Choose a package that suits your preferences.
Start Free Account Get access to 7 premium stories every month for FREE!
Already a Subscriber? Current print subscriber? Activate your complimentary Digital account.

WASHINGTON — For years Congress has held dozens of hearings aiming to enact laws on data privacy and kids’ online safety, and to curb the freewheeling collection and sale of Americans’ data without enacting any substantial legislation.

The frustration is showing.

Two House lawmakers, who direct blame squarely at tech companies, are proposing to eliminate part of U.S. law that has enabled tech and social media platforms to thrive by shielding them from liability for user-generated content.

“Work with Congress to ensure the internet is a safe, healthy place for good, or lose Section 230 protections entirely,” Reps. Cathy McMorris Rodgers, R-Wash., and Frank Pallone Jr., D-N.J., the chair and the ranking member of the House Energy and Commerce Committee, said Sunday in an op-ed, unveiling legislation that would end the Section 230 protections.

That refers to a provision in U.S. law that shields online companies from lawsuits relating to content produced by individual users.

“These blanket protections have resulted in tech firms operating without transparency or accountability for how they manage their platforms,” Rodgers and Pallone wrote in The Wall Street Journal. “This means that a social-media company, for example, can’t easily be held responsible if it promotes, amplifies or makes money from posts selling drugs, illegal weapons or other illicit content. As long as the status quo prevails, these companies will keep putting profit ahead of the health of our society and youth.”

Proponents of Section 230, including Sen. Ron Wyden, D-Ore., one of the authors of the original provision, have argued that eliminating it would chill online speech and would lead to social media companies censoring messages, for example, from women who have faced sexual harassment posting under the #MeToo movement, or posts by Black Americans about police violence.

Tech groups were quickly on the offensive.

“This isn’t a serious discussion about Section 230,” Adam Kovacevich, CEO of Chamber of Progress, a tech group that represents Amazon.com Inc., Apple Inc., Google LLC, Meta Platforms Inc. and others, said in a statement about the Rodgers-Pallone proposal. “It’s holding Section 230 hostage without any replacement on the table.”

The protections offered by the section are not as broad as companies claim, according to the Electronic Privacy Information Center, or EPIC, a non-profit online privacy advocacy group. Nor is the provision intended to be a stand-in for online free speech and innovation, Megan Iorio and Tom McBrien, lawyers for EPIC, wrote in a recent blog.

The provision “was meant to accomplish a very limited purpose: preventing lawsuits that would force internet companies to either screen for and block all illegal content, or to not moderate their platforms at all,” Iorio and McBrien wrote. “This limited purpose protects free speech online; an overbroad interpretation of Section 230 is a license for internet companies to act with impunity, removing an important incentive to design safe products and comply with generally applicable laws.”

The Rodgers-Pallone proposal to eliminate these protections comes as the lawmakers try to advance federal data privacy legislation following years of futility. A measure backed by the pair in 2022 was approved by the House Energy and Commerce Committee but failed to get a floor vote after then-House Speaker Nancy Pelosi, D-Calif., opposed it, saying it would provide fewer consumer protections than California’s data privacy law.

In April, Rodgers joined with Sen. Maria Cantwell, D-Wash., chair of the Senate Commerce Committee, to unveil a draft proposal that would create a federal data privacy standard. Formal language hasn’t been introduced and the proposal has yet to garner widespread backing from other lawmakers.

Among the key provisions of the Cantwell-Rodgers bill is a preemption of state privacy laws, giving users the right to sue companies, and the imposition of data minimization requirements, all of which are still points of friction between Congress and the sector.

The U.S. Chamber of Commerce, the largest business group in the nation, already has raised a host of objections to the Rodgers-Cantwell proposal.

While Congress has been debating, more than a dozen states have enacted data privacy laws.

Two of them — Maryland and Vermont — included language on data minimization, said Caitriona Fitzgerald, deputy director at EPIC. Maryland’s was signed into law last week and Vermont’s is awaiting the governor’s signature.

Any measure that Congress passes as a national standard, therefore, cannot be lower than what states have set on data minimization, Fitzgerald said in an interview.