What will a Biden administration mean for cloud and data regulations?

November 11 2020

After a long lead-up and an intense campaign season, the 2020 US presidential election is now behind us. Democratic challenger and former Vice-President Joe Biden is widely acknowledged as President-elect, scoring the Electoral College votes needed to become America's next president with wins in key swing states, subject to court challenges from incumbent president, Donald Trump.

While new presidents routinely change the federal government's regulatory priorities, Democratic administrations are often seen as more inclined to institute stricter industry regulations. MSDW spoke with industry watchers about what a Biden administration will mean for cloud and data regulations.

Federalizing data protection laws

In the midst of the Trump presidency, the European Union imposed the long-anticipated General Data Protection Regulation (GDPR), adding strict data controls that increasingly extend to American companies. American states have followed suit, such as California's Consumer Privacy Act passed in 2018.

David Reischer, attorney and CEO of LegalAdvice.com told MSDW that Biden is likely follow the Democrats' current platform and work to adopt national standards for the US:

President Trump has not established any national standards for data privacy in his administration, but it is likely that Biden's focus will shift federal data law shifts away from that approach. The Democratic platform sets forth national standards for data protection in a Joe Biden administration. Furthermore there is evidence on Joe Biden's campaign website that he will defend cybersecurity - "We will work with other countries — and the private sector — to protect individuals' data and defend critical infrastructure, including the global financial system."

Vice-President-elect Kamala Harris has previously championed consumer privacy in California, creating the Privacy Protection and Enforcement Unit in 2012. But Jo O'Reilly, deputy editor of Pro Privacy, said a comprehensive digital privacy plan is not certain given Biden's track record.

It’s difficult to predict exactly what a Biden presidency will mean for data privacy regulations in the United States, especially with the Covid-19 pandemic still raging and the urgency of addressing it taking precedence over virtually every other issue currently. But based on Mr. Biden’s past record regarding issues surrounding data regulations, hopes of any significant developments in this area (resulting directly from his being president) should be subdued. If anything, Mr. Biden’s track record when it comes to protecting Americans’ data privacy rights has been quite problematic and not at all indicative of an individual who has data privacy at the forefront of his agenda going into his presidency. As far back as the early nineties, Biden has been active in making it easier for the federal government and law enforcement to conduct surveillance activities on civilians in the United States and limit ways in which to secure data.

O'Reilly noted the Comprehensive Counter Terrorism Act of 1991 and 1994's Communications Assistance for Law Enforcement Act, or “Digital Telephony Act”, as evidence of the President-elect's past tendency to favor government surveillance privileges over individual privacy.

Regulating big tech and creating more standardized policy

Some tech industry watchers expect that a Biden presidency may create a more standardized approach to data regulations, increased cooperation with the EU and expanded regulation of major tech firms. According to Debbie Reynolds, founder and CEO of Debbie Reynolds Consulting, data regulation in the US is both "precarious and progressive." She anticipates a Biden administration will drop or weaken the TikTok case, restart negotiations with the EU on an EU-US Privacy Shield Framework, reduce tech company immunities under Section 230 of the Communications Decency Act, as well as initiate a data privacy agreement with the UK as Brexit proceeds. Randy Armknecht, a managing director and global cloud practice lead at Protiviti said:

We anticipate that much of the deregulation from the past four years will be a target to reestablish regulations that protect consumers and provide transparency into the use of an individual’s data. The campaign's comments on Section 230 have been something to watch and will likely place stress on the shared responsibility model that CSP’s have successfully established in their operations to date. Big tech software platforms that run in the cloud should prepare to feel more regulatory pressure in that regard than the providers of the underlying cloud infrastructure themselves. As an example, lawmakers on both sides of the aisle have submitted draft proposals for federal privacy legislation – Social Media Privacy & Consumer Rights Act, American Data Dissemination Act, Consumer Data Protection Act, and the Data Care Act are all under consideration.

If the history of GDPR's rollout is any indication, hypercloud providers like Microsoft, AWS, and Google will act to get ahead of major new data protection laws that emerge in the US with compliance guidance and updates before it goes live.  

But where possible, the goal is to reduce or prevent increased regulatory friction. O'Reilly argued that tech firms want to avoid burdensome regulations but prefer standardization when possible to streamline business.

Political contributions by major players in the tech industry indicate that tech companies are willing to play ball when it comes to protecting consumer data privacy through the establishment of federal regulations. Corporations are becoming more and more active in pushing for data privacy legislation at the federal level as opposed to the alternative, which would entail a patchwork of 50 separate laws at the state level that would vary from state to state. Naturally, such a varied and complicated regulatory landscape would be much more difficult to navigate for businesses than would a single federal privacy law that uniformly protects all Americans equally. This is why we are likely to see consumer data privacy regulations established at the federal level rather than continuing widely at the state level going forward.   

According to Reynolds:

State-level regulations will continue to grow in the U.S.; however, there will be more pressure from consumers and businesses for the U.S. to pass federal Data Privacy legislation. Perhaps the Biden presidency can plant seeds for what a federal Data Privacy legislation could be in the U.S.

What do the political donations and lobbying of major cloud providers tell us about the direction of regulations in this area? Cloud providers and tech companies want to do business without too much friction of regulation, when possible. This will be a rocky road as it will take more people in the government to understand the cloud technologies and not pass legislation that is toothless or misconstrue the technologies. If there is a lack of agreement on how to move forward with regulation, this will likely be good for tech companies.

A Biden administration—and accompanying state level regulations—might strengthen individual privacy rights. But Reynolds noted that one of the few areas in which many Republicans and Democrats seem to agree is the idea of weakening data encryption to allow enhanced surveillance by law enforcement agencies.

While most big US-based technology firms are based in Democratic-leaning states like Washington, California, New York, Massachusetts, and Virginia and political campaign contributions often favor Democrats, big tech seems to play the field in the country's two-party system. Facebook CEO, Mark Zuckerberg, for instance, has donated relatively evenly to both Republicans and Democrats, meeting with politicians from both sides of the aisle.

FREE Membership Required to View Full Content:

Become a MemberLogin
Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more, and it’s all FREE. You’ll also have the option to receive periodic email newsletters with the latest relevant articles and content updates. Learn more about us here
About Eamon McCarthy Earls

As the assistant editor at MSDynamicsWorld.com and MSCloudNews.com, Eamon helps to oversee editorial content on the site and supports site management and strategy. He can be reached at eearls@msdynamicsworld.com.

Before joining MSDynamicsWorld.com, Eamon was editor for SearchNetworking.com at TechTarget, where he covered networking technology, IoT, and cybersecurity. He is also the author of multiple books and previously contributed to publications such as the Boston Globe, Milford Daily News, and DefenceWeb.

More about Eamon McCarthy Earls

Azure Services