Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act
10:00 AM Russell 253
U.S. Sen. John Thune (R-S.D.) chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act,” at 10:00 a.m. on Wednesday October 10, 2018. This hearing will examine new data privacy laws in Europe and California and provide the committee members the opportunity to hear from privacy advocates about the types of consumer protections to consider in future legislation. The hearing follows a discussion with top technology companies and internet service providers last month.
- Dr. Andrea Jelinek, Chair, European Data Protection Board
- Mr. Alastair Mactaggart, Board Chair, Californians for Consumer Privacy
- Ms. Laura Moy, Executive Director and Adjunct Professor of Law, Georgetown Law Center on Privacy & Technology
- Ms. Nuala O’Connor, President and CEO, Center for Democracy & Technology
*Witness list subject to change.
Wednesday, October 10, 2018
This hearing will take place in Russell Senate Office Building, Room 253. Witness testimony, opening statements, and a live video of the hearing will be available on www.commerce.senate.gov.
If you are having trouble viewing this hearing, please try the following steps:
- Clear your browser's cache - Guide to clearing browser cache
- Close and re-open your browser
- If the above two steps do not help, please try another browser. Google Chrome and Microsoft Edge have the highest level of compatibility with our player.
Chairman John Thune
Chairman John Thune
Good morning. Today we are holding our second hearing on needed safeguards for consumer data privacy. As we consider potential federal legislation on privacy, it is essential that we hear from stakeholders and experts with varying perspectives to inform our work.
Two weeks ago, we heard from major technology companies and internet service providers about how they are seeking to address consumer privacy and their efforts to comply with the European Union’s General Data Protection Regulation, or GDPR, and the new California Consumer Privacy Act, or CCPA.
While the experience of such companies is important to consider, I want to be clear that the next federal privacy law will not be written by industry. Any federal privacy law should incorporate views from affected industry stakeholders and consumer advocates in an effort to promote privacy without stifling innovation.
With that in mind, today’s hearing will focus on the perspectives of privacy advocates and other experts. We will also continue to solicit input from additional stakeholders in the days ahead.
GDPR and CCPA have undoubtedly spurred our conversation about a national privacy framework, and they give us useful examples as we contemplate federal legislation. Of course, Congressional action on privacy is not entirely new. Over the last several decades, Congress has enacted legislation to protect children, healthcare, and financial information. Privacy debates have been ongoing in multiple sectors. Even the recently-enacted FAA Reauthorization includes provisions on privacy specifically regarding the use of unmanned aircraft systems for commercial purposes. Federal agencies, such as the Federal Trade Commission and the Department of Commerce, have also performed long-standing roles regarding privacy and have been increasingly active recently in this area.
At the same time, I am well aware Congress has tried, and failed, over the last few decades to enact comprehensive privacy legislation. To be successful this time, we all must endeavor to keep open minds about the contours of a bipartisan bill.
In the wake of Facebook’s Cambridge Analytica scandal and other similar incidents, including a vulnerability in Google-plus accounts reported just this past week, it is increasingly clear that industry self-regulation in this area is not sufficient. A national standard for privacy rules of the road is needed to protect consumers.
At the same time, we need to get this right. Passing onerous requirements that do not materially advance privacy would be a step backward. While it may be too early to determine the impact that GDPR and CCPA will have in the U.S., the most notable difference most consumers can see directly has been the increase in GDPR-inspired pop-up notices and cookie consent banners on their devices.
As we continue to work toward possible legislation, I encourage my colleagues to challenge what industry told us at our first hearing, but also to examine both the benefits as well as the potential unintended consequences of the new rules put forth by the European Union and the state of California.
Thank you to the witnesses for appearing here today. With that, I’ll turn to Senator Nelson for his opening remarks.
Dr. Andrea JelinekChairEuropean Data Protection Board
Mr. Alastair MactaggartBoard ChairCalifornians for Consumer Privacy
Ms. Laura MoyExecutive Director and Adjunct Professor of LawGeorgetown Law Center on Privacy & Technology
Ms. Nuala O’ConnorPresident and CEOCenter for Democracy & Technology