Congress confronted privacy and personal data rights in a pair of hearings last week. This week, Mark Zuckerberg announced a “privacy pivot” at Facebook , yet failed to propose a single tangible reform of its core business.

Zuckerberg’s privacy manifesto illustrates the core problem. Big tech companies such as Facebook have no real interest in changing their practices. Their entire business model is based on owning and exploiting personal data to manipulate people and sell advertising. They’ll defend that at all costs.

The ongoing series of privacy scandals and last year’s high profile hearings led the Silicon Valley giants, including Facebook, to hire a small army of lobbyists. Although there has been no new legislation yet, data privacy reform is in the air, and the jockeying behind the scenes is telling.

Facebook’s position and the overall surveillance-based business model has become impossible to defend. With few straightforward options, the lobbyists for the social network and other tech behemoths are now trying to manufacture a partisan crack in what is clearly a bipartisan issue with the hope that they can co-opt the regulatory process as a result.

Even more troubling than watered-down privacy legislation that creates an appearance of accountability and enforcement is the possibility that regulations will create significant new compliance costs. This would allow these data oligopolies to further entrench their dominance against startups and new entrants to the market. Facebook can simply absorb the new costs, while smaller companies and startups, many of whom are starting to emerge with innovative tools to empower people with their data, would be boxed out.

The other focal point of their strategy is to deny state-level activism and innovation. This strategy started last September, when the U.S. Chamber of Commerce and the Internet Association released ten new “privacy principles.” The very first of these principles, which has been echoed nonstop since, was to call for “a single federal privacy law.” While it’s reasonable to demand a unified national approach to privacy, it is far too early to defang state-based privacy laws such as the one in California, which the industry fought before losing handily in a public referendum.

California has, in fact, been a national leader on privacy issues, and their popular law goes a long way toward returning control to consumers. It takes the practices of big companies out of the shadows, which is the first step toward empowerment. It isn’t perfect, but it marked an important and awakened many to the abuses and dangers of the current “click here so we can own your data” model.

Under the newly elected Democratic Gov. Gavin Newsom, California appears poised to continue to lead on this issue. I don’t think anyone has fully processed the significance of Newsom’s calls for a “digital dividend” in his State of the State address earlier this month. This was one of the first real acknowledgments from a major public figure that trillions of dollars in wealth is being created by companies from users’ personal data, and that those same users have a right to a piece of that pie and to ensure that their data is being used for and not against them.

Of course companies that are making trillions of dollars off of private data are going to resist efforts to let others wrangle their cash cows. But the next time Zuckerberg or another Silicon Valley executive is hauled before Congress to defend data practices, which will likely happen in the coming months, we need to make sure we don’t fall for their shell game.

It’s long past time for power over data to be put back in the hands of the users to whom it belongs. I hope that Congress uses that principle as their starting point and their end goal. We need real action, not empty Facebook posts.

Shane Green is CEO of the private data sharing company digi.me and co-founder of UBDI, a consumer-controlled market research and data monetization community. He blogs at shanegreen.org and you can follow him on Twitter @shanegreen.