With Congress under pressure to write a broad federal data privacy law, several Senate committees and members are poised to help shape a bill.
The Senate is farther along in its efforts than the House, policy strategists tracking the debate say. A bipartisan Senate Commerce, Science and Transportation Committee working group is busy drafting a measure. But other lawmakers and committees also are introducing bills and holding hearings. The Senate Banking, Housing and Urban Affairs Committee plans to examine data privacy issues at a May 7 hearing.
Companies and privacy advocates alike are calling for a new law, although they differ on the details. But the fate of this year’s effort depends on whether leading lawmakers, especially in the Senate, can balance competing interests and build a supermajority of support for a single measure.
“We need to get 60 votes, which means that we can’t have a product that doesn’t have broad bipartisan buy-in, including the chair and rankers of many of the committees,” Sen. Brian Schatz (D-Hawaii), a member of the Senate Commerce group, said.
Companies are closely watching the privacy debate to see if they’ll face competing regulations and if the federal effort will head off a growing number of bills in state legislatures. Big tech companies, including Facebook Inc. and Twitter Inc., and Republican lawmakers want Congress to pass a federal privacy law to preempt California’s Consumer Privacy Act. Privacy advocates and Democrats want both to preserve state privacy powers and increase federal data privacy enforcement.
Senate Banking Chairman Mike Crapo (R-Idaho) and ranking member Sherrod Brown (D-Ohio) sounded out the financial services sector on privacy questions in advance of the May 7 hearing.
“Senate Banking will have a major role in crafting” federal privacy legislation, Crapo told reporters after the hearing.
The Senate Judiciary Committee is also set to play an active role, Sen. Josh Hawley (R-Mo.), who serves on the panel, and FTC Commissioner Noah Phillips (R) said. Judiciary Committee lawmakers will want to make sure law enforcement and national security interests are considered, tech policy strategists said.
“This is the kind of bill that you want to have open arms and have a lot of input,” Sen. John Kennedy (R-La.), who serves on the Banking and Judiciary committees, said.
Sen. Chris Coons (D-Del.), who serves on Judiciary, said during a May 7 hearing that he is involved in a working group of lawmakers on that committee.
Senators are introducing bills in an effort to help shape a broad privacy vehicle. Hawley and Sen. Edward Markey (D-Mass.) introduced a bill (S. 748) to update childrens’ online privacy protections. Sen. Marsha Blackburn (R-Tenn.) introduced the BROWSER Act (S. 1116) to provide more privacy protections for users of popular streaming services.
When a bill starts to move, other committees are likely to weigh in to make sure industries they cover won’t violate a new law, or find themselves facing duplicative privacy requirements. For example, the Senate Health, Education, Labor, and Pensions Committee is likely to want to ensure health-care entities covered by the Health Information Portability and Accountability Act don’t have to face dual federal regimes.
Senate Commerce Chairman Roger Wicker (R-Miss.) and ranking member Maria Cantwell (D-Wash.), along with Senate Majority Whip John Thune (R-S.D.) and Sens. Richard Blumenthal (D-Conn.), Jerry Moran (R-Kan.), and Schatz, are working on a privacy bill that will likely serve as the main Senate vehicle.
Judiciary lawmakers Hawley and Blackburn are likely to want some of the language in their own bills to make it into that vehicle.
Previous, narrower efforts at privacy legislation failed because lawmakers didn’t want to limit law enforcement access to personal data when needed in criminal investigations. For example, Electronic Communications Privacy Act updates and national data breach legislation were both killed in part because lawmakers couldn’t agree on law enforcement data access carve-outs.
The privacy bill will have to go through a “minefield” similar to the earlier national data breach notification efforts, Tom Gann, chief of public policy affairs at cybersecurity firm McAfee Inc., said. Financial services firms will want to make sure Gramm-Leach-Bliley privacy standards aren’t duplicated in a federal law, he said. Retail and banking interests will also play a major role, as will health-care and financial services interests, Gann said.
If Democrats and Republicans in the Senate can strike a deal, the Democratic-controlled House will have to decide whether to move its own bill or take up the Senate measure.
“Committee members are continuing their discussions of the components necessary for comprehensive privacy and data security legislation this year,” a House Energy and Commerce Committee aide said in a May 7 email. Chairman Pallone hopes “this will be a bipartisan process that establishes strong consumer privacy protections for all Americans,” the aide said.
But, a source familiar with the committee’s effort said it isn’t as advanced as the Senate Commerce talks. Still, the House panel, backed by Speaker Nancy Pelosi (D-Calif.), is likely to produce its own bill.
For now, companies will focus most of their attention on the Senate privacy efforts. Two tech company officials said they are confident Senate Commerce will approve a bill this year, and are cautiously optimistic that legislation will survive in the full Senate.
—With assistance from Rebecca Kern