Communications Litigation Today was a Warren News publication.
Expectations for FTC

State Laws Show Right of Action Unnecessary: McMorris Rodgers

Privacy laws in Virginia and Colorado show it’s possible to establish an effective legal framework without a private right of action, House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash., told an FCBA event Tuesday. She urged Congress to pass a “forward-thinking, pro-innovation,” national privacy standard.

Committee Republicans developed a privacy discussion draft into a bill, the Control Our Data Act (see 2111030037), McMorris Rodgers said. The minority wants to work with stakeholders to take the best ideas from states and find “Democrats who will work with us” to provide clear “rules of the road for innovators.”

With the arrival of Alvaro Bedoya, President Joe Biden’s FTC nominee, privacy is going to be a major focus for the agency, panelists said after McMorris Rodgers’ keynote. Bedoya has a confirmation hearing before the Senate Commerce Committee Wednesday. With the addition of Bedoya, the FTC should promulgate privacy rules, said Electronic Privacy Information Center Executive Director Alan Butler. That would allow the agency to fill the gap left by congressional inaction, said Butler: But it’s an open question whether the agency should pursue an omnibus rulemaking or issue-specific rules.

Georgetown University law professor David Vladeck, an ex-FTC Consumer Protection Bureau director, expects the bureau to immediately focus on privacy when Bedoya takes office. He expects major discussions on Capitol Hill about the Children’s Online Privacy Protection Act due to the recent revelations about Facebook, Instagram and youth mental health. Senate Commerce Committee ranking member Roger Wicker, R-Miss., told us members are starting bipartisan discussions about COPPA (see 2111090076).

It’s “essentially a new agency” under Chair Lina Khan, as the commission is “dusting off” largely unused authorities, said Loeb & Loeb’s Jessica Lee. She expects the agency to explore a potential rulemaking on cyber and ransomware attacks. CTA expects the agency to closely examine health data, artificial intelligence and algorithms, said Senior Director-Regulatory Affairs Rachel Nemeth.

A single federal privacy law "would be a great thing,” said Vermont Assistant Attorney General Ryan Kriger of the Public Protection Division on a later panel. “In the meantime, we are duty bound to protect our citizenry.” It could be easier politically to pass targeted bills like Vermont’s bill targeting data brokers than comprehensive policies, he said. Don't lose track of consumers' big-picture concerns, said Kriger: Consumers aren't "losing sleep" over the fact they don't have the right to correct their data, but they are worried about issues like surveillance and free speech.

California Privacy Rights Act and Colorado Privacy Act rulemakings are ongoing, said panelists. The California Privacy Protection Agency, busy starting up, hasn’t said much about timing for CPRA rules, said Verizon Associate General Counsel Yael Weinman. The CPPA board met Monday (see 2111150055). Microsoft Associate Corporate Counsel Pooja Tolani expects a rulemaking by the Colorado attorney general to address issues including a global opt-out mechanism.

Washington state is expected to try for the fourth time to pass a privacy bill next year, said BSA|The Software Alliance Senior Director-Policy Kate Goodloe: Other states to watch include Connecticut, Florida, Minnesota, New York, Ohio and Oklahoma. Enforcement disagreement over whether to include a private right of action has been a major point of disagreement in state debates, said Future of Privacy Forum Senior Counsel Stacey Gray. More states are exploring global opt-out mechanisms rather than requiring consumers to opt out from companies one by one, she said.