Dueling privacy bills announced by Senators in the past week have sparked a partisan debate over the enactment of a federal data privacy law in the United States.
One thing both sides can agree on: The time to act is now.
“People are angry and scared more than ever before and they don’t care whether it’s a federal law or a state law,” said Sen. Richard Blumenthal (D-Conn.) at a hearing held by the Senate Committee on Commerce, Science, and Transportation on Wednesday. “They want a law. And you will see state laws all around the country, hopefully they won’t create too much inconsistency, but that’s where we’re going if we fail to act.”
The hearing—convened in the wake of two separate privacy bills drafted by Sens. Maria Cantwell (D-Wash.), ranking member on the committee, and Roger Wicker (R-Miss.), the committee chairman—saw Democrats and Republicans go back and forth over several popular areas of debate regarding privacy laws, including whether a federal law should supersede state legislation, such as the California Consumer Privacy Act (CCPA) set to take effect Jan. 1, 2020. While Cantwell’s proposal would allow the CCPA to still be enforced, Wicker’s draft would preempt the state law.
Wicker described his legislation, still a draft yet to be formally introduced, as “better, stronger, [and] clearer” than the CCPA. Democrats, meanwhile, believe individual state laws could spark innovation.
“People are angry and scared more than ever before and they don’t care whether it’s a federal law or a state law. They want a law. And you will see state laws all around the country, hopefully they won’t create too much inconsistency, but that’s where we’re going if we fail to act.”
Sen. Richard Blumenthal (D-Conn.)
An all-female panel of witnesses at the hearing, featuring representatives from Walmart and Microsoft, largely took the side of Republicans on the matter, a popular opinion shared by the leaders of the business world. The American Bankers Association, in a statement released just before the hearing, also requested that a federal law include “clear preemption” of state laws.
“While states have an important part to play, a patchwork of state laws would only serve to complicate, not clarify, the customer experience,” Nuala O’Connor, senior vice president and chief counsel for digital citizenship at Walmart, said in her testimony at the hearing.
“There’s an opportunity here to do better here than what we’re seeing at the states,” Michelle Richardson, director of privacy and data at the Center for Democracy and Technology, added.
Cantwell’s legislation, the Consumer Online Privacy Rights Act (COPRA), also includes “strong private right of action,” meaning consumers would be able to take legal action against a company they believe to have violated their privacy. Wicker’s draft does not contain such language.
“The important things that we think should be there is that you should have the right to make sure your data is not sold,” Cantwell said in her statement. “That you have the right to make sure your data is deleted. That you have the right to make sure that you’re not discriminated against with data, and the right to have plain old transparency about what is being done on a website. All of these things are tangible and meaningful for consumers. I say they just need to be clear as a bell so that people understand what their rights are and so they know how to enforce them.”
On the subject of enforcement, both Cantwell’s proposal and Wicker’s draft empower the Federal Trade Commission to carry out the law. COPRA would call for the FTC to create a new bureau on privacy within two years of enactment.
“An experienced and expert agency like the FTC—one with expanded powers and resources—is the best hope for consumers when it comes to meaningful privacy protections,” said Maureen Ohlhausen, co-chair of the 21st century privacy coalition and a former acting chair of the FTC, in her witness testimony.
Echoing Blumenthal’s remarks, a study released by Amnesty International this week found seven in 10 respondents (of nearly 10,000 surveyed) feel governments across the world need to do more to regulate Big Tech regarding controls over personal data. The United States is on the path, with Democrats and Republicans both seeking common ground to get a law in place sooner rather than later.
“Given the 2018 implementation of the European Union’s General Data Protection Regulation, the passage of the California Consumer Privacy Act, and near-daily reports of data breaches and misuse, it is clear that Congress needs to act now to provide stronger and more meaningful data protections to consumers and address the privacy risks that threaten the prosperity of the nation’s digital economy,” Wicker said in his statement.
“Today marks another step forward in the committee’s efforts to create a national data privacy law.”