Congressional Subcommittee Holds Hearing on Data Privacy Policy
Witnesses offered up varied perspectives on how national policy on data privacy might affect individual rights and innovation.
Last Wednesday, Congress took another step in the debate on sorting out a national data privacy policy -- something that has been lacking as states and other nations have already taken action.
The Subcommittee on Innovation, Data, and Commerce held the hearing on “Promoting US Innovation and Individual Liberty through a National Standard for Data Privacy” with witnesses that included Alexandra Reeve Givens, president and CEO for the Center for Democracy & Technology; Graham Mudd, founder and chief product officer with Anonym; and Jessica Rich, of counsel and senior policy advisor for consumer protection with Kelley Drye & Warren, LLP. The subcommittee is part of the House Committee on Energy and Commerce.
Commenting separately after observing the proceedings, Cobun Zweifel-Keegan, managing director in Washington, D.C. for the International Association of Privacy Professionals (IAPP), says the hearing was a fresh start with a new term of Congress. “It was, in many ways, a table setting to lay everything out for turning to comprehensive federal privacy legislation.” Though nothing was introduced, he says the subtext of the hearing was about the American Data Privacy and Protection Act (ADPPA) proposal, which was the bill he says saw the most traction last year.
Drafts of ADPPA, the apparent frontrunner for possible federal policy, included giving the Federal Trade Commission (FTC) jurisdiction to scrutinize entities' data collection, processing, and transference practices, which includes telecom carriers and nonprofits. The proposed legislation speaks of minimizing data collection and associated potential harms to individuals, notification of data collection practices, and the rights of the individual to control data that pertains to them.
Regulating Data Collection, Use, Ownership
Wednesday’s hearing continued the discussion on how to institute a clear national policy to regulate data collection, its use, and ownership. Though some other countries have national data privacy policies, the US has yet to adopt such legislation at the federal level. Numerous states within the country have laws in place or on the way to govern the sector, creating a regulatory patchwork that can be confusing for companies to adhere to.
Givens, in her testimony, advocated for strong privacy protections and asserted that “the current commercial data ecosystem is harming consumers” while legal governance of online privacy has not kept pace with innovation. Mudd, in his testimony, supported data privacy reform through proposed policies such as ADPPA, which he believed would “promote the ethical use of data that supports the evolution of stronger digital services.”
Rich, who previously served as director of the FTC’s Bureau of Consumer Protection, said in her testimony that national legislation was needed urgently on data privacy. “For over two decades, Congress has debated the issue. While Congress did pass some sector-specific legislation like COPPA and GLBA, it has repeatedly failed to act on comprehensive legislation. Meanwhile, Europe and countries all over the world moved ahead with detailed data protection laws, as have five U.S. states, with more in the pipeline.”
Data Collection as a Revenue Source
National policy on data privacy might clear up confusion about compliance, but it also raises questions about the viability of data collection as a revenue source. For example, it is an essential part of targeted advertising and other business operations.
Zweifel-Keegan says the Subcommittee on Innovation, Data, and Commerce has grown to understand privacy issues, including questions the leadership of the subcommittee asked, along with nuances and challenges that might be solved through legislation.
Diverse voices were heard in the hearing, Zweifel-Keegan says, though the conversation still remains focused on where to start from with federal policy. He expects the next version of ADPPA to be reintroduced eventually as well as more hearings that would include voices from a variety of perspectives.
Though ADPPA stalled in the prior session of Congress, Zweifel-Keegan says the drive behind the legislation remains. “There are a lot of voices on the hill and in the community that really want to carry that momentum forward,” he says. “I think it’s just going to be a question of whether all of the right stakeholders can get involved.”
Future hearings may fuel hopes of achieving consensus on legislation, Zweifel-Keegan says, to clear up data-privacy policy confusion. “We’re seeing an avalanche of state bills this year and almost certainly we’ll see something at the state level pass this year but the impact is far from certain on the federal conversation.”
What to Read Next:
California Data Privacy Law Nabs Sephora, Sets Stage for Future
What the FTC’s Scrutiny of Data Collection and Security May Mean
About the Author
You May Also Like