Apple, Google, Amazon and Twitter have thrown their weight behind a national data privacy law for the USA after years of lobbying against such efforts.

Testifying before the US Senate’s commerce committee on Wednesday morning, executives from all four companies agreed that federal legislation was now necessary to protect consumers from “aggressive data practices”.

But differences emerged between Apple and the other tech giants, who want to head off a more aggressive privacy law passed by the state of California before it comes into force in 2020.

The executives’ performance was part of a new lobbying campaign by Silicon Valley to shape national legislation in order to avoid an American GDPR.

Andrew DeVore, associate general counsel at Amazon, told senators that any new law “should be carefully crafted in a process that involves all relevant partners”, while Keith Enright, named only this week as Google’s chief privacy officer, said it had “made mistakes” and now “welcomed” regulation.

Both executives, as well as Apple’s Bud Tribble, criticised the EU’s approach as rigid and burdensome, saying that a similar law in the US would drive smaller companies out of business.

The Senate committee is seeking to craft a federal privacy law in the wake of repeated data scandals such as the Cambridge Analytica affair and the Equifax data breach.

Spurred by the passage of similar regulations in California and the EU, its Republican chairman John Thune said on Tuesday that voters no longer trusted tech firms to regulate themselves. The US Department of Commerce has also opened a public consultation for a “voluntary privacy framework”.

Lobbying by Silicon Valley helped kill Barack Obama’s proposal for a “consumer bill of rights” in 2015, and the industry opposed another bill mandating opt-in consumer protections in 2017.

But the passage of the California Consumer Privacy Act (CCPA), which Google opposed, has triggered fears that tech firms will face a “patchwork” of new laws across the US unless they agree to federal legislation that would supersede them.

In particular, state laws could open them up to expensive lawsuits by American citizens instead of merely enforcement actions by more pliable official regulators.

Testifying before the committee, the executives insisted that they already offer many of the protections such a bill might require, but repeatedly declined to agree with specific provisions.

All four refused to back wider powers for the Federal Trade Commission (FTC), mandatory notification of data breaches within 72 hours or opt-in privacy controls of the kind which now bombard internet users within the EU. When asked to name a provision of GDPR or the California act that Congress should replicate, they were silent.

There was cautious agreement with a suggestion that the FTC should be able to levy fines against companies which violate their own privacy policies, rather than first having to negotiate a “consent agreement”.

Google, which has been under such an agreement since 2011, did not back that principle. The company has recently been accused of tracking its users' locations even when they have asked it not to, and of allowing third party app developers to access users' Gmail inboxes under vague privacy policies.

View more!

Apple, meanwhile, attempted to put distance between itself and other companies which make their money from selling personalised adverts rather than gadgets.

Bud Tribble, a medical doctor who joined Apple in 1981, said his company would only back federal privacy laws to supersede California’s if they met a “high bar” of “protecting consumers meaningfully”.

He said Apple seeks to “minimise the personal information that [it] collects” and that it “does not combine it into a single large customer profile across [its] services”.

It's very important for the consumer that the bar be high enough on the legislation to provide protection that’s effective.

Apple, along with Google, Amazon and Facebook, is a member of the Information Technology Industry Council, which is drafting its own proposals for a favourable law.

Absent from the hearing were consumer rights groups and privacy advocates such as the American Civil Liberties Union, which has urged senators to treat the California act as “the floor, not the ceiling”.

The executives were also interrogated about their work in China, with Google forced to admit the existence of a previously secret project for a new Chinese search engine called “Project Dragonfly”.

Google pulled out of China in 2010 in protest over government censorship, but leaked documents suggest it has been working a new tool that would link Chinese users’ search history to their mobile phone numbers and withhold results about sensitive topics.

Under sustained questioning from Texas senator Ted Cruz, Mr Enright said Dragonfly did exist and did not deny its reported nature. But, he said, it was “not close” to launching and any such product would have to meet Google’s privacy principles.

Current and former employees have claimed that key details of Dragonfly were withheld from Google’s own privacy reviewers, who are required to scrutinise all new products under Google’s agreement with the FTC.