(Bloomberg)—Facing growing pressure to protect their customers’ privacy, some off the biggest technology companies told Congress that they favor new federal consumer safeguards but diverged on some of the details.

“Perhaps for the first time, there is widespread agreement among industry, policy makers and many consumer groups of the need for a new and comprehensive federal privacy law,” said Leonard Cali, AT&T Inc.’s senior vice president of global public policy, in his prepared remarks. “Now is the time for decisive congressional leadership to establish a thoughtful and balanced national privacy framework.”

Cali testified alongside representatives from Alphabet Inc.’s Google, Twitter Inc. and Apple Inc. at a hearing of the Senate Commerce Committee that is assessing the need for new consumer protections. The hearing comes as tech companies face intense scrutiny in Washington on an array of subjects including privacy, an issue that has gained momentum even among lawmakers who are typically skeptical of regulation.

The companies are already facing tough new European privacy rules that went into effect in May, while California passed a strict data privacy law in June. While the European rules had long been in development, many of the calls for tougher U.S. regulation of privacy online grew out of Facebook’s Cambridge Analytica scandal, in which a data firm obtained the data of millions of the social media sites’ users without their consent.

The panel’s Republican chairman, Senator John Thune of South Dakota, said the developments of the last year “have all combined to put the issue of consumer data privacy squarely on Congress’ doorstep.”

Thune said he believed there was a strong desire by both Republicans and Democrats and industry for a national law.

The panel’s top Democrat, Senator Bill Nelson of Florida, said that “consumers are worried: Do they have any privacy anymore?”

Near unanimity

The hearing quickly demonstrated that, despite the near-unanimity that legislation may be needed, several details hadn’t been resolved. All the companies essentially backed expanding the Federal Trade Commission’s ability to police deceptive practices, for instance, which is often deployed against companies that don’t meet their promises under their own privacy policies.

The companies largely said, though, that idea of giving the FTC authority to tackle practices beyond deception would require more discussion.

“We think that there needs to be a fulsome discussion of how best to give teeth to accountability,” said Damien Kieran, Twitter’s data protection officer.

No company backed a requirement that they notify customers within 72 hours in cases of a breach.

AT&T and Verizon Communications Inc., the nation’s biggest phone companies, have publicly urged lawmakers to draw up one set of national consumer privacy rules. The carriers, which have operations in every state, fear that a lack of comprehensive legislation will create inconsistent rules across the country.

Senator Brian Schatz, a Hawaii Democrat, said that many companies view preemption of state laws as a “Holy Grail,” but warned them they were “only going to get there if this is meaningfully done.”

Unintended consequences

Andrew DeVore, Amazon.com Inc.’s associate general counsel, said the company wants to make sure any regulations actually accomplish the goal of enhancing privacy without adding unnecessary requirements.

He warned of the “unintended consequences” of legislation enacted too quickly without careful consideration of overly broad language, such as the definition of “personal information.”

Bud Tribble, an Apple vice president who leads Apple’s privacy software engineering team, said in prepared remarks that privacy means allowing users to control how their information is used, if it is shared, who it is shared with, and why.

“When we do collect personal information, we are specific and transparent about how it will be used. We do not combine it into a single large customer profile across all of our services,” Tribble said. “We strive to give the user meaningful choice and control over what information is collected and used.”

Earlier this year, Apple added messages to its core applications explaining how personal data would be used for specific functions. In March, CEO Tim Cook called for “well-crafted” privacy regulations in light of Facebook Inc.’s Cambridge Analytica scandal that set off an industry wide privacy conversation.

In response to the growing chance of regulation, several industry groups have suggested principles they’d like to see. They often focus on giving consumers more insight into and control over how their data is collected and used, while creating a national approach that would preempt state laws like California’s. Google released principles on Monday as it named Keith Enright, who is testifying at the hearing, its first chief privacy officer.

Consumer advocates agree with many of the principles, but are likely to want to make sure they cover a range of business practices. Many have said they would also want to defend strict state laws and ensure robust enforcement that considers a wide array of possible harms. Telecom companies and software and hardware makers have often split from internet companies on privacy as well, and non-tech companies such as banks, retailers and automakers have their own policy priorities.

Partisan Congress

The path for any legislation would also depend on the partisan composition of Congress, among other unknowns. But many lawmakers have suggested the time has come to begin the process.

Privacy is not the only issue on lawmakers’ minds. Trump and some Republicans have also ramped up their rhetoric against the companies for allegedly censoring conservative voices in searches and news, and the White House is said to have considered a draft order that would instruct federal antitrust and law enforcement agencies to open probes into the practices of technology companies.

At a meeting Tuesday between state attorneys general with the Justice Department, talks “principally focused on consumer protection and data privacy issues, and the bipartisan group of attendees sought to identify areas of consensus,” the department said in a statement.

Amazon is No. 1 in the Internet Retailer 2018 Top 500, and Apple is No. 2.