Welcome
Privacy & Data Security Law News

Hill Hearings to Explore Path to Federal Privacy Law

Feb. 25, 2019, 9:16 AM

House and Senate lawmakers are set to ramp up efforts to develop a broad federal data privacy law with a pair of hearings.

Tech companies, retailers and privacy advocates are pushing Congress to enact a sweeping law following a series of high-profile data scandals involving Facebook Inc., Equifax Inc. and other companies. A main issue facing lawmakers is whether to craft a law that pre-empts state privacy laws and give more authority to the Federal Trade Commission to police companies.

The Business Roundtable, a pro-business lobbying group, and civil rights group Color of Change are among the groups scheduled to testify before the House Energy and Commerce Consumer Protection Subcommittee on Feb. 26.

The Senate Commerce, Science and Transportation Committee will hold its hearing Feb. 27, featuring testimony from the Internet Association and the Retail Industry Leaders Association and others.

Lawmakers will have to balance state preemption, FTC powers, and enforcement with privacy protections, Cameron Kerry, visiting fellow of governance studies at the Brookings Institution, said.

“Get that right and deals can be cut on other issues,” said Kerry, former general counsel and acting-secretary at the Commerce Department under former President Barack Obama.

Lawmakers started to grapple with the issue in the last Congress after the EU’s General Data Protection Regulation took effect, and California passed its own broad law.

Senate Commerce Chairman Roger Wicker (R-Miss.) and Rep. Jan Schakowsky (D-Ill.), who leads the House subcommittee, didn’t immediately respond to Bloomberg Law’s email requests for comment.

Preemption Debate

Companies and business groups would likely back a bill that would preempt state laws like the California Consumer Privacy Act, said Peter Blenkinsop, co-chair of Drinker Biddle & Reath LLP’s information privacy, security and governance group in Washington.

The California privacy law, which takes effect next Jan. 1, will require businesses to give consumers the right to opt out of the sale of their data and ask a company to delete their information. Other states, including New York and Washington state, have introduced bills this year that would also boost privacy rights for consumers.

“There is a recognition that unless federal legislation is adopted, there will be a lot more states that have laws within the next year,” Blenkinsop said.

Industry groups representing some of the largest tech companies, including Microsoft Corp. and Apple Inc., are hoping a federal privacy law will harmonize a patchwork of state law. BSA | The Software Alliance and the U.S. Chamber of Commerce have issued recommendations for a federal privacy bill.

“We call on Congress to pass strong, comprehensive federal privacy legislation that will help rebuild consumers’ trust and provide clarity and certainty for US businesses,” Victoria Espinel, president and CEO of BSA, said. Espinel plans to testify at the Senate Commerce hearing.

Privacy advocates and their Democratic allies are likely to oppose pre-emption language.

“Preemption, enforcement, and consumer interests are probably what will be prioritized, but as always, starting with preemption will get us no where,” Joseph Jerome, privacy and data policy counsel at the Center for Democracy & Technology, said. “Congress ought to use these hearings as an opportunity to ask companies what they should not and will not do with data,” he said.

Lawmakers are considering whether to increase the FTC’s privacy enforcement power. Currently, the FTC is limited in how it can bring privacy enforcement actions. The agency has limited power to pose fines and make rules.

Lawmakers could compromise by crafting legislation that preempts state laws and gives the FTC more clout.

But trading state preemption for a stronger FTC may not be an easy task, tech policy strategists said.

“If you look at the state laws that industry groups want to preempt, a federal proposal will need to address data brokers, facial recognition, and data security at minimum,” Jerome said.

To contact the reporters on this story: Sara Merken in Washington at smerken@bloomberglaw.com; Daniel R. Stoller in Washington at dstoller@bloomberglaw.com

To contact the editor responsible for this story: Keith Perine at kperine@bloomberglaw.com