“Privacy” is a fashionable term among both federal and state lawmakers because it is one of the few policy objectives that generally curries favor on both the left and the right.
For this reason, the grandly named American Privacy Rights Act (APRA) has momentum in Congress.
If approved, APRA would erect a complicated new web of regulations and mandates for how companies treat their users’ data, with the goal of making it harder to mine said data for misuse against individuals.
As the saying goes: buyer beware.
An all-but-certain side effect of APRA is that it could make it dramatically harder for tech startups to get off the ground and for small businesses to compete – while providing yet another competitive advantage to already massive companies like Meta and Amazon.
A core provision of APRA is its requirement that companies de-identify their user data in order to develop a product or service.
De-identifying means stripping data of anything that could be connected to a person.
For highly technical reasons, de-identifying is a process that is very difficult and expensive, even for highly skilled data scientists.
The cost of compliance with this rule would be enormous – likely available to only the largest and most established companies – and its effect on innovation and entrepreneurship would undoubtedly be chilling.
APRA proponents have tried to keep the little guy in mind by letting startups and small businesses off the hook.
Companies that make less than $40 million in a year and collect the data of less than 200,000 people are exempt.
This might sound like large numbers, but revenue and customer logs of this size generally typify niche e-commerce sites or small regional banks.
In other words, the growing small business that power US innovation.
For that reason, the exemption may actually prove useless.
Engine Foundation, a nonprofit organization that advocates for startups, notes that “many…will quickly find themselves in-scope [of APRA].”
The foundation concludes that startups likely “will build their companies with the APRA in mind.”
And this is bad for business.
Indeed, in this light, the next generation of tech startups will have less motivation to take risks and will avoid growth that would trigger costly regulations.
The next great American tech company might never come to be.
Recall that even Meta was once a startup!
One imagines the C-suites of Silicon Valley will hardly be saddened to have fewer hungry competitors biting at their flanks.
And so they will have even less incentive to keep their prices low and quality high for American consumers.
To be clear, privacy law is an area in desperate need of clarity and rules, and a new federal statute is not an idea that is without merit.
Today more than a dozen states (and counting) have widely disparate privacy laws.
Complying to this regulatory hodge-podge can costs startups tens of thousands of dollars.
A federal standard would provide consistency and make doing business cheaper.
In New York in particular, the regulatory landscape has big implications for startups.
A sobering report released late last year from Lightspeed, a venture capital firm, found that New York’s “[n]et new tech jobs in 2023 are forecast to decline 30%” year over year.
Key tech industries such as “CloudTech/Dev Ops, Artificial Intelligence, big data, and cyber” are suffering in New York City, the report found.
Indeed the New York City metro area has half the market share of the California Bay Area.
But it’s not just the startups who are having a hard time and taking their business elsewhere.
The crown jewel of New York and provider of over a quarter of state tax revenue, the securities and banking industries, seems to be leaving the state, as well.
In a NY Post op-ed from earlier this month, City Journal contributing editor Nicole Gelinas notes that “the industry isn’t losing jobs; it’s moving them to other states.”
Unfortunately, New York’s own pending comprehensive privacy bill would impact startups even worse than the federal proposal.
The New York Privacy Act, currently winding its way through the legislature, would affect even smaller businesses than the federal proposal.
New York lawmakers say that startups making more than $25 million a year and processing the data of only 50,000 consumers would need to comply.
For New York based tech startups and small businesses, the proposed federal privacy bill would therefore be an improvement, even with its flaws.
But it’s not too late to make this so-so law far better.
Lawmakers have time to revise their legislative drafts, such as raising some of these thresholds so startups have the best shot of taking off rather than suffocating under some arbitrary regulatory ceiling.
Such a strategy could make New York – and the U.S. – a prime incubator for small businesses and startups, which are the core of a bright and abundant future for the American economy.
Taylor Barkley is the director of public policy at the Abundance Institute.
