U.S. Sen. Roger Wicker, R-Miss., chairman of the Senate Committee on Commerce, Science, and Transportation, will convene a hearing titled, “Examining Legislative Proposals to Protect Consumer Data Privacy,” at 10:00 a.m. on Wednesday, December 4, 2019. Members of the committee and witnesses will discuss how legislative proposals intend to provide consumers with more security, transparency, choice, and control over personal information both online and offline. Members will also discuss proposals that provide the Federal Trade Commission with more resources and authority to oversee business data practices in the marketplace.
- The Honorable Julie Brill, Former Commissioner of the Federal Trade Commission, Corporate Vice President and Deputy General Counsel, Microsoft
- The Honorable Maureen Ohlhausen, Former Acting-Chair of the Federal Trade Commission, Co-Chair, 21st Century Privacy Coalition
- Ms. Laura Moy, Executive Director and Associate Professor of Law, Georgetown Law Center on Privacy & Technology
- Ms. Nuala O’Connor, Senior Vice President and Chief Counsel, Digital Citizenship at Walmart
- Ms. Michelle Richardson, Director of Privacy and Data, Center for Democracy and Technology
*Witness list subject to change
Wednesday, December 4, 2019
Committee on Commerce, Science, and Transportation
Chairman Roger Wicker
For the past year, members of this committee have worked to develop a strong, national privacy law that would provide baseline data protections for all Americans. Given the 2018 implementation of the European Union’s General Data Protection Regulation, the passage of the California Consumer Privacy Act, and near-daily reports of data breaches and misuse, it is clear that Congress needs to act now to provide stronger and more meaningful data protections to consumers and address the privacy risks that threaten the prosperity of the nation’s digital economy.
The input of a large number of stakeholders, including consumer advocacy groups, state and local governments, nonprofits, and academia, have all been successful in this effort. Representatives from private industry, such as retailers and convenience stores, software, internet, and cloud service providers, technology companies, small businesses, and several other job creators in my home state of Mississippi and across the country, have also provided thoughtful insights to this committee.
Throughout this process, we have heard many ideas about how best to protect data from misuse and unwanted collecting and processing. These ideas involve providing all Americans with more transparency, choice, and control over their data, as well as ways to keep businesses more accountable to consumers when they seek to use their data for other purposes. We have heard proposals about how to strengthen the Federal Trade Commission to ensure it has the tools and resources it needs to take swift action against bad actors in the marketplace and effectively respond to changes in potentially harmful technology. That is the FTC’s role as the primary enforcement authority over consumer data privacy.
An important element of this conversation has been how to achieve each of these goals while preserving the economic and social benefits of data. These benefits not only drive increased productivity, convenience, and cost savings, but they also spur job creation and promote U.S. leadership in technology developments. Ultimately, to foster continued innovation among our country’s entrepreneurs and job creators, Americans need to maintain trust and confidence that their data will be protected and secure.
Today marks another step forward in the committee’s efforts to create a national data privacy law. Some of the proposals we will cover today seek to establish consumers’ rights and protections over their data in a manner that would provide certainty and clear, workable rules of the road for businesses in all 50 states.
This hearing provides an opportunity to hear from expert witnesses on ways to refine these proposals. That should include a discussion on:
(1) The benefits of creating a strong, national, and preemptive privacy law that provides consumers with certainty that they will have the same set of meaningful data protections no matter where they are in the United States;
(2) Secondly, the best way to make sure consumers know about, and have a right to opt-out of, the data collection practices of businesses they deal with;
(3) How requirements on businesses to limit the amount of data they collect and retain about consumers may impact product development and innovation, or what content a consumer is able to view or engage with online;
(4) How heightened protections over more sensitive personal data, such as information about financial records and biometric information, would help prevent fraud, identity theft, and security breaches. And, whether companies should be required to provide similar heightened protections to non-sensitive data;
(5) The merits of creating accountability measures for businesses, including requirements to conduct privacy impact assessments when creating new products and services, and designating data privacy and security officers to oversee ongoing data practices;
(6) How empowering consumers with rights over their data and providing additional resources and authorities to the FTC would help strengthen data protections and confidence in the safety and security of the internet marketplace; and
(7) Finally, what enforcement mechanisms are the best way to ensure requirements in a law and see that privacy protections are enforced.
Let me take a moment to acknowledge and thank members of this committee, up and down the dais, on both sides for excellent and thoughtful work during the past year and even before. And who continue as members of the Senate to actively work on legislative proposals that seek to protect consumer privacy. I appreciate the efforts of each and every member and the valuable contributions the members are making to this important work.
And thank you, again, to our witnesses. This should be a very important hearing.
And I am delighted now to recognize the Ranking Member, Senator Cantwell, for her opening remarks.
Ranking Member Maria Cantwell
Senator Maria Cantwell
Opening Statement Before the Senate Committee on Commerce, Science and Transportation
Hearing: Examining Legislative Proposals to Protect Consumer Data Privacy
Witnesses: The Honorable Julie Brill, Former Commissioner of the Federal Trade Commission, Corporate Vice President and Deputy General Counsel, Microsoft;
The Honorable Maureen Ohlhausen, Former Acting-Chair of the Federal Trade Commission, Co-Chair, 21st Century Privacy Coalition;
Ms. Laura Moy, Executive Director and Associate Professor of Law, Georgetown Law Center on Privacy & Technology;
Ms. Nuala O’Connor, Senior Vice President and Chief Counsel, Digital Citizenship at Walmart;
Ms. Michelle Richardson, Director of Privacy and Data, Center for Democracy and Technology
December 4, 2019
CANTWELL: Thank you, Mr. Chairman. It’s safe to say this is the other hearing this morning. And not only that, I’m glad to see that all the witnesses testifying today are people I know for sure care about privacy. I think it’s historic that it’s an all-women panel this morning, but again, thanks to each and every one of you trying to advocate on these important issues.
Cyber Monday was just a couple of days ago, and it set a record – nine billion in sales and an increase of 19% over last year. For the first time ever, it was three billion dollars that came from people using smartphones to make those purchases. So during the peak hours between 11pm and midnight – I’m sorry, 11pm eastern time and midnight – consumers spent an average of eleven million dollars every minute.
So it’s not just Cyber Monday that’s reminding us, because we all know that we buy groceries, fill prescriptions, pay bills, connect to home devices to the internet, apply for loans, stay connected with family and friends, and social media, and so much more of our lives are lived online. Which means more information is shared, which means deeply, sometimes personal, information is shared. And that information can be used to be targeted or to exclude consumers, to be sold, or even worse, it can be stolen. And that’s why we’re here today. Because we want to protect consumers’ privacy rights. We believe to do that you need strong enforcement and mechanisms to make sure that those rights are protected.
The risks that we face online are real. We know that companies today are using ads that might be only for the purposes of targeting what they think is a correct population – young men to work in software – but others can see those ads as discriminatory, or not making themselves available to what information is out there on a job. Google’s Nest camera was involved in an alarming situation where a hacker was able to hack into a couple’s baby camera, shouting obscenities before they were able to disable the device. A woman in Portland, Oregon had a private conversation, sent by an Alexa device when it went rogue, to a colleague. And then, of course, there’s the huge issue of marketed and stolen information: Social Security numbers, login information, drivers’ licenses, passports, all now going in the thousands of dollars on the dark web, and in fact in 2005 more than eleven billion consumers have had their information breached.
Just last month, the Washington state attorney general released a report saying that the number of data breaches in my state has increased nearly 20% in one year. So that is a matter of our digital footprints continuing to be under attack.
It is Congress’ job to make sure Americans are protected and that this information, that is an ever-connected, ever-evolving world, is protected. And that is why a few weeks ago Senators Schumer, Brown, Murray, Feinstein, and myself, joined together to talk about a privacy framework, legislation from all of those committees, that we think would be important for the milestones, the privacy goals that we think should be met.
Last week, Senators Schatz, Klobuchar, Markey, and myself also introduced the Consumer Online Privacy Act, that guarantees rights to consumers and strong enforcement. As the Chairman mentioned, many of our colleagues here – Senator Blumenthal, Senator Thune, Senator Blackburn, and others – have been involved in these privacy discussions as well, and we welcome everyone’s input on how we move forward.
The important things that we think should be there is that you should have the right to make sure your data is not sold. That you have the right to make sure your data is deleted. That you have the right to make sure that you’re not discriminated against with data, and the right to have plain old transparency about what is being done on a website. All of these things are tangible and meaningful for consumers. I say they just need to be clear as a bell so that people understand what their rights are and so they know how to enforce them.
So today we’re here to hear from a group of witnesses who are going to tell us how those issues might be interpreted for the future. But I think the director of the New York Law School’s Innovation Center, Ari Ezra Waldman, recently made a statement that really resonated with me. He said, “we can pass any laws we want, but if there’s no way to enforce them, then what’s the point?”
So today we also have to talk about enforcement, because enforcement is going to be the key to making sure that privacy rights are actually upheld, that the consumer is truly protected. And if we want the consumers to have that protection, then we also have to make sure that there’s accountability, that there’s whistleblowers, that there is cases against abuses that might happen. If your privacy rights are violated, you need to be first able to find out about it, and then you need to have the power to do something about it as well, and that is why we think our strong legislation does so.
But I also want to say how much this issue is evolving. Today’s Seattle Times features a very large announcement by the Knight Foundation and the University of Washington, and Washington State University, on this issue of the public being fooled by online manipulation – whether that is news stories, digital forgeries, or fakes. They want to focus on developing research and tools to resist misinformation, promote an informed society, and strengthen the discourse and discussion in America.
I’m so proud that these institutions are taking on this challenge, and that this kind of national initiative in our legislation, with NIST, the National Institute of Standards and Technology, at the Department of Commerce, would be empowered in the legislation we introduce to help with this effort.
While we’re here today to talk about just some basics in digital hygiene online, the future though is this: the challenges we face as more and more misinformation, forgery, things we can’t even detect whether they’re true or not, will continue to appear online. We need to build a strong system today in a federal framework that will help us continue to grow for the ever-changing technology future. That’s what we’re dedicated to. I look forward to hearing the witnesses today and seeing how we can move forward in this important policy area. Thank you, Mr. Chairman.
Oh, and if I could also just enter into the record, a list of organizations, a letter sent to you and I, of organizations sponsoring, supporting privacy legislation. And I’ll just mention a few others if I could Mr. Chairman.
Witness Panel 1
The Honorable Julie BrillFormer Commissioner of the Federal Trade Commission, Corporate Vice President and Deputy General CounselMicrosoft
The Honorable Maureen OhlhausenFormer Acting-Chair of the Federal Trade Commission, Co-Chair21st Century Privacy Coalition
Ms. Laura MoyExecutive Director and Associate Professor of LawGeorgetown Law Center on Privacy & TechnologyGeorgetown Law Center on Privacy & Technology
Ms. Nuala O’ConnorSenior Vice President and Chief CounselDigital Citizenship at Walmart
Ms. Michelle RichardsonDirector of Privacy and DataCenter for Democracy and Technology