Microsoft Backs Privacy Legislation in Pennsylvania
Microsoft announced its support Wednesday for privacy legislation being considered in Pennsylvania. TechNet told a House Commerce Committee hearing that legislators should tweak the bill to mirror a privacy law passed in Connecticut (see 2205110049).
Rep. Ed Neilson (D) introduced the bill, HB-1201. Because the legislation doesn’t include a private right of action, the Pennsylvania attorney general would enforce the new privacy law. It allows consumers to opt out of targeted advertising and includes a 60-day right to cure for companies to avoid potential infractions.
The bill provides strong consumer rights and aligns with Microsoft’s mission, Microsoft Senior Director-Government Affairs Jay Summerson told the committee. The company isn’t “seeking out” such legislation, but it’s important for consumers to have the option not to participate in what they see as intrusive data collection practices, he told Chairman John Galloway (D). In an “ideal world,” there would be a federal law, but Congress has fallen short in keeping pace with technology for 20 years, he said. Summerson noted 12 states have enacted new privacy laws.
Sponsors should rework the bill so its definitions mirror those in Connecticut, said TechNet Midatlantic Executive Director Margaret Durkin. She asked members to extend the effective date. As written, the bill would take effect “immediately” after signing. Most states have allowed for an 18-to-24-month rollout for new privacy laws, said Pennsylvania Retailers Association Executive Director John Holub. Holub said his association is “generally supportive” of the bill because it strikes a “reasonable balance.” Durkin and Holub credited sponsors for including a 60-day right to cure.
Consumers are tracked constantly, to the point where users worry their conversations are being recorded, said Galloway. Consumer tracking is almost “as scary as it is convenient,” said Rep. Joe Emrick, the top Republican on the committee. Pennsylvania Gov. Josh Shapiro (D) challenged state enforcers to collaboratively address privacy and social media issues in April (see 2304180053).
Insurance companies in the state support the concept, but they’re seeking an exemption because they're already subject to stringent regulations under federal and state laws, said Tim Knapp, Insurance Federation of Pennsylvania general counsel. The law in Virginia granted an exemption to financial institutions subject to regulations under the Gramm-Leach-Bliley Act, noted Knapp. Financial entities are also subject to regulation under the Health Insurance Portability and Accountability Act. Emrick said existing federal regulations address data breaches, not handling and selling of consumer data, so he’s unconvinced an exemption is necessary for the insurance industry. TechNet is also seeking an exemption for financial institutions because some of its members fit that category. Rep. Joseph D’Orsie (R) asked Knapp for a line-by-line comparison showing how the state’s new privacy law would result in redundant regulation for the industry. Galloway said legislators don’t want issues for the tech industry to weigh so heavily on the insurance industry. He invited continued feedback as sponsors ready the legislation for a vote.