A GOP-Controlled House Could Mean Big Changes for Big Tech

Contrary to the Republican party’s typical agenda of supporting policies that are good for business and commercial interests, a GOP-controlled House could actually lead to more federal regulation and stricter scrutiny for large technology companies.

Some of the legislative shifts might not come until after the current U.S. Supreme Court session, which will consider whether social media platforms can be held liable for a contributor’s content.

The justices are set to hear oral arguments next month in a pair of cases on those issues. The cases, Gonzalez v. Google and Twitter v. Taamneh, are garnering significant attention from the legal community—and Republican lawmakers—because they mark the first time the court will be considering the implications of Section 230(c)(1) of the Communications Decency Act, which generally shields online hosts, including social media companies, from being sued over content posted by its users.

On the whole, Republicans disfavor this provision and are seeking to hold Big Tech accountable for allegedly colluding with the Biden administration to suppress free speech online, among other things, according to a letter by House of Representatives Judiciary Committee Chairman Jim Jordan issued to Big Tech executives last month.

Shari Lewis, a partner and member of Rivkin Radler’s privacy, data, and cyber law group, said she anticipates that legislation modifying Section 230 will be introduced in the House this year.

“Republicans perceive it to be unduly protectionist for technology providers, particularly the large platforms like Meta, Twitter, etc., as it wholly insulates them from being responsible for the content on their platforms and the impact their content may have on politics, children’s safety and a range of other issues,” Lewis said.

“Republicans argue that ISPs’ [internet service providers’] decisions to either promote or demote certain content make ISPs not only publishers but also content providers. Some Democrats also take the position that Section 230, as enacted early in the internet age to protect a nascent industry, may go too far at this time, and should be rolled back. On the other hand, there are First Amendment issues that will remain if ISPs are exposed to liability based on their ‘editorial’ decisions or non-decisions.”

Regardless, big changes could be coming.

“It seems like we’re kind of at an inflection point where there could be some significant change in the jurisprudence governing that, and that may have an impact on the legislative debate for Section 230,” Jonathan Cohen, finance partner at Wilkinson Barker Knauer in Washington, D.C., told Treasury & Risk sister site Law.com. “If there are changes in the interpretation of Section 230 or the ability of states to dictate content-moderation practices, that could have impacts beyond the online platforms. Such changes could have implications throughout the internet ecosystem, including for more traditional telecom and media companies.”

More Cyber Regulation

Republicans lawmakers also have their eyes on federal legislation that would create national standards and safeguards for personal information collected by companies.

The bipartisan American Data Privacy and Protection Act advanced out of the House Committee on Energy and Commerce. While Congress did not pass the bill by the end of 2022, it represents “progress toward comprehensive data privacy law in the U.S. and is part of a growing trend calling for federal regulation of AI,” according to a recent article by Mayer Brown attorneys Niketa Patel, Tori Shinohara, Jennifer Rosa, Brendan Harrington, Arsen Kourinian, and Howard Waltzman.

“While it may be counterintuitive, given Republican aversion to federal regulation in general, many perceive the need for a national privacy law that will pre-empt state laws as a generally business-friendly proposal that many Republicans embrace,” Lewis of Rivkin Radler said.

“At the present time, there are five states with comprehensive, but often contradictory, privacy laws as well as a hodgepodge of inconsistent state data breach notification and privacy laws that are sector-based. In this day and age, where even the smallest businesses conduct commercial activity in myriad physical locations, it is a challenge for them to comply with various, often contradictory laws. Republicans will favor a uniform privacy standard that will remove this inconsistency and provide a predictable privacy structure.”

The California Privacy Rights Act went into effect in January 2023, which generally favors consumer rights over business interests, Lewis noted. “Federal law will undoubtedly be more business-friendly than current state law,” she said.

President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which includes new reporting obligations to report certain cyber incidents to the Cybersecurity and Infrastructure Security Agency within 72 hours, as well as an obligation to report ransomware payments within 24 hours.

Meg Kammerud, general counsel for the cybersecurity company Dragos, said the reporting requirements will go into effect once CISA completes the rule-making process.

“I am hopeful that they’re going to come to a good resolution that will ensure the incidents are reported and that there’s public awareness with the risks, particularly where critical infrastructure is involved, but that [they] do allow for businesses to figure out if there actually was an incident, what the scope of that incident is, and what the plan may be for addressing the incident before starting the public reporting,” she said.

“The government is very interested in partnering with industry on not just knowing that there’s these incidents, but also understanding, partnering, and supporting the response to the incidents.”

From: Corporate Counsel