Silicon Valley companies quietly try to kill Internet privacy bill

by Steven Harmon, San Jose Mercury News

Silicon Valley tech firms, banks and other powerful industries are mounting a quiet but forceful campaign to kill an Internet privacy bill that would give California consumers the right to know how their personal information is being used.

A recent letter signed by 15 companies and trade groups — including TechAmerica, which represents Google, Facebook, Microsoft and other technology companies — demanded that the measure’s author, Assemblywoman Bonnie Lowenthal, D-Long Beach, drop her bill. They complain it would open up businesses to an avalanche of requests from individuals as well as costly lawsuits.

One early consequence of the heavy lobbying: A hearing on the bill, AB1291, scheduled for last week, has been pushed to next month.

The American Civil Liberties Union, a co-sponsor of the Right to Know Act, accuses the business groups of overreacting to hide their true intentions: to keep out of the public’s eye the lucrative practice of amassing personal information on people who use online services, computer apps, social networking sites and other portals that track people’s locations, buying habits, favorite foods and movies, and even their sexual orientation.

"A lot of companies don’t want consumers to know what’s happening to their personal information," said Nicole Ozer, an attorney with the ACLU who specializes in privacy issues. "Companies are collecting and sharing this information with third parties in ways the people might not realize and in ways they might not want."

The bill, which if passed would be the first such law in the nation, would require companies to show customers the personal data they’ve collected — and tell them who’s getting their hands on it. The information would have to be provided for free.

Supporters of the proposed laws argue that when consumers find out what kind of data businesses are compiling and sharing, they’ll be better able to evaluate whether they should opt out of sharing it.

The push for the new law comes as tech, banking and marketing firms find more ways to mine vast amounts of personal information on consumers to target their specific needs. Some websites have installed as many as 100 tracking tools that kick in when consumers visit them, according to the bill’s analysis.

Many Facebook apps tap into their users’ and their friends’ profiles, including sections on religious, political and sexual preferences; race; income; and health concerns. Third-party advertising and marketing companies buy, sell and trade personal information that they get from mobile phones, financial institutions and social media sites.

Some mobile applications share location information and phone numbers of users — a concern to advocates of domestic violence victims.

Consumers who live in 27 countries that belong to the European Union already have the right to know what data companies have on them — laws that are being complied by Facebook, Google and others that are opposing the California legislation.

Google did not reply to requests for an interview; a Facebook spokesman declined to talk about the bill. The California Chamber of Commerce referred all calls to TechAmerica, the trade group that represents major Internet companies.

Robert Callahan, the director of California government affairs for TechAmerica, told this newspaper: "Our companies are active proponents of ensuring that consumers’ privacy is safeguarded. It is a fundamental part of their business model."

He said a 2005 California privacy law already enables consumers to ask what personal information companies are using. And businesses are aware that privacy protections are key to keeping customers’ trust and to remaining competitive, he said.

Silicon Valley tech companies have the ears of local legislators.

Assemblyman Bob Wieckowski, D-Fremont, the chairman of the Assembly Judiciary Committee, where the bill is being considered, put off the bill until May 7 "because of concerns that the current version may be too broad and not clear enough to properly guide businesses on what they can and cannot do," said Jeff Barbosa, Wieckowski’s spokesman.

Menlo Park-based Facebook and Mountain View-based Google are both in the district represented by Assemblyman Rich Gordon, D-Menlo Park, who said he hasn’t made up his mind on the bill, but is looking for the "sweet spot" where privacy is protected "but you don’t completely shut off Internet commerce. I’m trying to sort it out."

Lowenthal said she has no intention of dropping her bill, noting that California privacy laws haven’t been updated since 2003, when the 2005 Shine the Light law was initially written.

At the time, she said, the main concern was telemarketing abuse. As a result, she said, companies now aren’t required to reveal what information is shared unless it’s for direct marketing purposes such as junk mail and telemarketing.

In addition, Lowenthal said, businesses now collect a wide range of personal information not included in the original law — and are sharing and selling it in ways the authors did not anticipate.

"Ten years ago, there weren’t the kinds of apps that mark your location, track your spending habits," Lowenthal said. "They go far beyond what the original privacy laws covered."