On February 26, 2019, a key House subcommittee held a hearing to explore the possible contours of new federal privacy legislation. At the hearing, Rep. Jan Schakowsky (D-IL)—who chairs the Energy & Commerce Committee’s Subcommittee on Consumer Protection and Commerce—said the hearing on “Protecting Consumer Privacy in the Era of Big Data” was only the first of “several hearings” that she would organize on consumer privacy.
Although subcommittee members all expressed support for federal privacy legislation, Republicans—including Ranking Member Cathy McMorris Rodgers (R-WA)—stressed that such legislation must preempt state laws, including the California Consumer Privacy Act (“CCPA”). Indeed, Rep. Robert Latta (R-OH) noted that “time was of the essence” for federal preemptive legislation because the CCPA is scheduled to take effect on Jan. 1, 2010. Democratic subcommittee members, by contrast, did not focus on preemption. The private-sector witnesses who testified generally supported preemption, although Brandi Collins-Dexter—the senior campaign director for Color of Change—opposed it in her written statement.
The hearing also highlighted that both Democrats and Republicans are increasingly skeptical of the “notice and choice” model of consumer privacy protection. Reps. Frank Pallone (D-NJ) and Greg Walden (R-OR)—the chairman and ranking member of the full committee—both criticized the “notice and choice” model, as did Rep. Jan Schakowsky. These members generally agreed that this model of privacy protections does not provide consumers with a real choice—both because consumers do not have time to read privacy policies and because they need to use online services irrespective of whether they agree with those policies’ contents.
Even as all subcommittee members agreed that Congress should pass new privacy legislation, Republican members—including Reps. McMorris Rogers, Walden, Greg Gianforte (R-MT), and Earl Carter (R-GA)—stressed that new legislation should not resemble Europe’s General Data Protection Regulation (“GDPR”). These members opined that GDPR is stifling innovation and investment, and that the burden of compliance is driving out smaller firms while entrenching those large firms that are able to accommodate the significant costs of compliance. Republicans also highlighted that new U.S. legislation should not harm smaller companies.
Democrats, by contrast, largely focused their comments and questions on the ways in which new legislation might expand consumer protections. Two Democrats—Reps. Kathy Castor (D-FL) and Tony Cardenas (D-CA)—signaled an interest in enhanced protections for children. Reps. Lisa Blunt Rochester (D-DE) and Doris Matsui (D-CA) noted their concern that companies may be able to draw sensitive inferences from seemingly innocuous data. With respect to data access rights, Rep. Rochester inquired whether companies would be willing to grant consumers access to the inferences that companies draw about consumers as well as the data points that provide the basis for such inferences.
Along with Ms. Collins-Dexter, the witnesses who testified at the hearing were David Grimaldi (Executive Vice President, IAB); Roslyn Layton, PhD (Visiting Scholar, American Enterprise Institute); Nuala O’Connor (President & CEO, Center for Democracy & Technology); and Denise Zheng (Vice President, Business Roundtable). Their written statements, as well as other information about the hearing, are available here.