Wicker Says Cantwell, Thune Boost Privacy Group’s Chance for Majority Support
Senate Commerce Committee ranking member Maria Cantwell, D-Wash., and Senate Majority Whip John Thune, R-S.D., will be “very helpful” for striking consensus (see 1904300195) on a privacy bill that can gain the support of a “huge,” bicameral majority, Chairman Roger Wicker, R-Miss., told us. His comment came after a committee hearing with consumer advocates and a top EU data privacy enforcer, who offered legislators advice on legislative specifics.
It “sure would be nice” to have a discussion draft out before Memorial Day, Wicker said, but the group hasn’t set any such goal: “We’ll see how we go. We’ve read the new members in, and we’re going to see if we have consensus.” Thune said during the hearing it’s clear the status quo on privacy is “not working.”
Meanwhile, Sen. Amy Klobuchar, D-Minn., told reporters she secured an endorsement from Senate Judiciary Chairman Lindsey Graham, R-S.C., for the Honest Ads Act. He replaces late-Sen. John McCain, R-Ariz., as lead GOP sponsor. Graham’s office didn’t comment.
The Ireland Data Protection Commission, the EU’s enforcement lead for major American tech companies, has 51 “significant” investigations underway, Ireland Data Protection Commissioner Helen Dixon told the committee. The first investigations will conclude over the summer, she said, noting the “sanctions will be significant."
Wicker focused on details about the unintended consequences of the EU’s general data protection regulation and potentially the California Consumer Privacy Act (CCPA). He suggested there’s evidence showing the GDPR forced smaller companies to shutter because of compliance costs. Irish enforcers haven’t seen any such evidence, Dixon told Wicker. CCPA is getting attention in California's legislature (see 1905010138).
Wicker aired concerns that data controls for consumers included in the GDPR and CCPA result in less privacy because they require companies to track and retain data they otherwise would have deleted. The GDPR specifically allows that companies shouldn’t have to track extra data to comply with user data requests, Future of Privacy Forum CEO Jules Polonetsky told Wicker.
Privacy exists on a spectrum, Cantwell said, arguing lawmakers should consider cybersecurity implications with any new data privacy bill. The digital economy has benefits, but personal information is more than a commodity, she said: “We need to make sure that the culture of monetizing our personal data at every twist and turn is countered with the protection of people’s personal data.”
Congress should separately examine Section 230 of the Communications Decency Act, said Common Sense Media CEO Jim Steyer, whose organization spearheaded CCPA enactment. That section has been contentious, with some pushback separately Wednesday from scrutiny (see 190501018 ).
Platforms haven’t been able to properly remove harmful content like the violent livestream of the New Zealand mass shooting, Steyer said. Like many other consumer advocates, he asked lawmakers to establish California’s law as a floor, not a ceiling, for federal legislation.
Industry self-regulation clearly isn’t working, said American Civil Liberties Union Senior Legislative Counsel Neema Singh Guliani. She raised “serious concerns” about broad federal pre-emption of state privacy laws. States are more nimble in addressing technological change, she said, and worried about federal law hamstringing state abilities to adapt. Steyer agreed. Federal pre-emption is feasible if it preserves the proper consumer protections, Polonetsky said.
Federal pre-emption is “vitally important,” said Sen. Marsha Blackburn, R-Tenn. She asked Dixon why it's valuable for the EU to implement a regional regulation, rather than a fragmentation of privacy laws from different countries. The GDPR “reigns supreme,” but it also allows the flexibility for countries to set certain parameters, or “different flavors” of rules, Dixon said. For instance, countries can individually set the age of consent for accessing information, she said. There’s real danger of undermining state laws that have strong privacy laws, and Congress should guard against that, said Sen. Richard Blumenthal, D-Conn. At each of the committee’s three privacy hearings, he’s gotten all witnesses to agree that U.S. citizens deserve privacy protections as strong as those designated for California residents.
Sen. Brian Schatz, D-Hawaii, focused on the lack of authority and privacy resources at the FTC. The agency needs rulemaking authority, the ability to fine companies on the first offense and more than 40 full-time employees devoted to privacy, Schatz said.
Sen. Jerry Moran, R-Kan., suggested companies are using privacy protections for consumers as a competitive advantage, which is beneficial for all. There’s no way Apple and Microsoft don’t see privacy as a competitive advantage, Steyer said, citing Apple’s current marketing campaign. Apple, Microsoft and Salesforce all helped craft California’s privacy law, he said.