Pictured, from left, are Len Cali, senior vice president of global public policy with AT&T Inc., Andrew DeVore, vice president and associate general counsel with Amazon.com Inc., Keith Enright, chief privacy officer with Google, Damien Kieran, global data protection officer and associate legal director with Twitter Inc., Guy “Bud” Tribble, vice president for software technology with Apple Inc., and Rachel Welch, senior vice president of policy and external affairs with Charter Communications Inc., testify during a Senate Committee on Commerce, Science, and Transportation hearing regarding potential safeguards for consumer data privacy, on Sept. 26. Photo Credit: Diego Radzinschi/ALM

In the wake of the European Union's General Data Protection Regulations—which went into effect in May—California passed its own data privacy law, sparking a national conversation about privacy regulation.

On Wednesday, that discussion headed to Washington, D.C. At a hearing by the Senate Committee on Commerce, Science and Transportation, representatives from communications and tech companies including Google and Twitter Inc., pushed for their vision of federal privacy regulation.

“Perhaps for the first time, there is widespread agreement among industry, policy makers and many consumer groups of the need for a new and comprehensive federal privacy law,” said AT&T Inc.'s representative, senior vice president Len Cali in his opening testimony. He and other representatives said a patchwork state-by-state regulatory framework would only harm consumers and businesses.

But some senators said the push for federal regulations could be companies' way of avoiding strict data privacy laws like the California Consumer Privacy Act, as those would be pre-empted by a potentially more relaxed national law.

“The companies which are represented here today and all across the country are ultimately going to want California law pre-empted and they're going to want other states' laws pre-empted,” Sen. Ed Markey of Massachusetts said. “They're going to ask this panel to do that. So our goal has to be to ensure that any law which we pass out of this committee is a strong law. We don't need to pass weak laws in Washington that override strong laws in California or Massachusetts or other states.”

Companies' representatives gave their input for what a federal privacy law could look like, based their experiences with GDPR and the CCPA.

Cali, alongside Apple's vice president for software technology Guy Tribble and Google's chief privacy officer Keith Enright, expressed concerns that the resources necessary to comply with regulations as strict as GDPR were so great they could push small- and medium-sized competitors out of the industry.

Keith Enright.

Enright told the committee that Google's preparations for GDPR had taken “hundreds of years of human time,” time smaller companies may not have to spare. Damien Kieran, the data protection officer at Twitter, said his company also struggled with the burden of heavy data privacy regulation.

“Organizations like Google are better positioned to absorb the compliance costs that a rigorous regulatory regime like that under the GDPR could create for small- and medium-sized businesses,” Enright said.

Enright and Amazon.com Inc. vice president and associate general counsel Andrew DeVore also expressed a desire for a clearer definition of personal information than those presented in the GDPR or the CCPA.

“CCPA's definition of 'personal information' goes beyond information that actually identifies a person to include any information that 'could be linked with a person,' which arguably is all information. The result is a law that is not only confusing and difficult to comply with, but that may actually undermine important privacy-protective practices like encouraging companies to handle data in a way that is not directly linked to a consumer's identity,” DeVore said in his testimony.

Charter Communications Inc.'s representative, senior vice president of policy and external affairs Rachel Welch, suggested “opt in” data collection and use become the standard.

Some senators also took Enright's presence as an opportunity to inquire about reports that Google is developing a censored search engine for China, the company's withdrawal from Project Maven and claims of political biases in its search engine.

Enright said the company is “not close” to launching a search engine in China. In response to questions from Sen. Ted Cruz of Texas, Enright said he is unaware of Google efforts to assess political biases in search results.

But, he said, “We're stepping outside of my core domain.”

Last month, Google irked senators on both sides of the aisle after leaving a chair empty for a Senate Intelligence Committee hearing on social media and foreign election interference. The Mountain View, California-based company had offered chief legal officer Kent Walker, who was rejected by the committee.