Amazon is no big fan of the EU approach to privacy protection, or California's new privacy law.
The company made that clear in testimony for a Senate Commerce Committee hearing Wednesday (Sept. 26) with edge providers and ISPS on data privacy protection.
Amazon VP and associate general counsel Andrew DeVore told the committee that while the company supports the goals of the European Union General Data Protection Regulation (GDPR), to protect data privacy, "its specific requirements for the handling, retention, and deletion of personal data required us to divert significant resources to administrative and record-keeping tasks and away from inventing new features for customers and our core mission of providing better service, more selection, and lower prices."
Some Hill Democrats want the U.S. to adopt a similar regime, but DeVore said it was important "to ensure that additional overhead and administrative demands any legislation might require, actually produce commensurate consumer privacy benefits.
He was even less sanguine about California's tough new data privacy law, the California Consumer Privacy Act of 2018 (CCPA)."
In June, California passed a privacy bill that established a consumer right of privacy, though one based on disclosure and the right to opt out of data collection or third-party sharing, and to have their data deleted if they chose. The bill does not go into effect until 2020.
Again, DeVore said he supported the law's goal of giving consumers visibility and control when businesses collect and sell their personal information.
But he said the California law's definition of that information was overboard and could arguably apply to any information since the definition is any information that "could be linked" to a person.
"The result is a law that is not only confusing and difficult to comply with, but that may actually undermine important privacy-protective practices like encouraging companies to handle data in a way that is not directly linked to a consumer’s identity."