U.S. Sen. Roger Wicker, R-Miss., chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled, “Policy Principles for a Federal Data Privacy Framework in the United States,” at 10:00 a.m. on Wednesday, February 27, 2019. This hearing will examine what Congress should do to address risks to consumers and implement data privacy protections for all Americans. The Commerce Committee exercises jurisdiction over the Federal Trade Commission, which is the primary enforcement agency for consumer privacy and information security protections.
“In an age of rapid innovation in technology, consumers need transparency in how their data is collected and used,” said Wicker. “It is this committee’s responsibility and obligation to develop a federal privacy standard to protect consumers without stifling innovation, investment, or competition. As we continue to examine this critically important issue, I hope this first hearing will offer valuable insights that will help set the stage for meaningful bipartisan legislation.”
- The Honorable Jon Leibowitz, Co-Chairman, 21st Century Privacy Coalition
- Mr. Michael Beckerman, President and Chief Executive Officer, Internet Association
- Mr. Brian Dodge, Chief Operating Officer, Retail Industry Leaders Association
- Ms. Victoria Espinel, President and Chief Executive Officer, BSA – The Software Alliance
- Dr. Woodrow Hartzog, Professor of Law and Computer Science at Northeastern University School of Law and Khoury College of Computer Sciences
- Mr. Randall Rothenberg, Chief Executive Officer, Interactive Advertising Bureau
*Witness list subject to change
Wednesday, February 27, 2019
Committee on Commerce, Science, and Transportation
This hearing will take place in the Hart Senate Office Building 216. Witness testimony, opening statements, and a live video of the hearing will be available on www.commerce.senate.gov.
Chairman Roger Wicker
Good morning to you all. Today we hold our first hearing this Congress to discuss policy principles for a federal consumer data privacy framework. I am glad to convene this hearing with my good friend, Ranking Member Cantwell.
We live during an exciting time of rapid innovation and technological change. Internet-connected devices and services are virtually everywhere – in our homes, cars, grocery stores, and right here in our pockets.
The increase in Internet-connected devices and services means that more consumer data than ever before is flowing through the economy.
The economic and societal benefits generated by the consumer data are undeniable. From this data, meaningful insights are gleaned about the needs, preferences, and demands of consumers and businesses alike. These insights spur innovation, help target investment, and create opportunities.
The material benefits of data include increased productivity and efficiency, reduced costs, greater efficiency, greater convenience, and access to customized goods and services that enhance our safety, security, and overall quality of life.
While the benefits of consumer data are immense, so too are the risks.
Consumer data in the digital economy has become a target for cyber-criminals and actors that exploit data for nefarious purposes.
This problem is exacerbated by the failure of some companies to protect consumer data from misuse and unwanted collection and processing.
These issues threaten to undermine consumers’ trust in the Internet marketplace, diminishing consumer engagement in the online ecosystem.
Consumer trust in the Internet marketplace is essential. It is a driving force behind the ingenuity and success of American technological advancement and prosperity.
Congress needs to develop a uniquely American data privacy framework that provides consumers with more transparency, choice, and control over their data. This must be done in a manner that provides for continued investment and innovation, and with the flexibility for U.S. businesses to compete domestically and abroad.
It is clear to me that we need a strong, national privacy law that provides baseline data protections, applies equally to business entities – both online and offline – and is enforced by the nation’s top privacy enforcement authority, the Federal Trade Commission.
It is important to note that a national framework does not mean a weaker framework than those that have already passed in the U.S. and overseas or being contemplated in the various states.
Instead it means a preemptive framework that provides consumers with certainty that they will have the same set of robust data protections no matter where they are in the United States.
We welcome our distinguished witness panel:
Mr. Michael Beckerman, President and CEO of the Internet Association
Mr. Brian Dodge, Chief Operating Officer of the Retail Industry Leaders Association
Ms. Victoria Espinel, President and CEO of BSA – The Software Alliance
Mr. Jon Leibowitz, Co-Chairman of the 21st Century Privacy Coalition
Mr. Randall Rothenberg, CEO of the [Interactive] Advertising Bureau
Dr. Woodrow Hartzog, Professor of Law and Computer Science at Northeastern University School of Law and Khoury College of Computer Sciences
I hope our witnesses will address the critical issues that this committee will need to consider in developing a federal data privacy law, including:
How best to protect consumers’ personal data from being used in ways they did not consent to when collected by the stores or websites they visit.
How to enhance the FTC’s authority and resources in a reasonable way to police privacy violations and take action against bad actors anywhere in the ecosystem.
How to create a framework that promotes innovation and values the significant contributions of entrepreneurs, start-ups, and small businesses to the U.S. economy;
How to provide consumers with certainty about their rights to their data – including the right to access, correct, delete, and port their data, while maintaining the integrity of business operations and avoiding unnecessary disruptions to the internet marketplace; and
How to ensure a United States data privacy law is interoperable with international laws to reduce compliance burdens on U.S. companies with global operations.
I look forward to a thoughtful discussion on these issues and I want to welcome all of our witnesses and thank them for testifying this mornin
Thank you, Mr. Chairman. And thank you for holding this important hearing and welcome to the witnesses today as we discuss moving forward on developing a federal data privacy framework.
Last year, we learned that political consulting firm Cambridge Analytica gained unauthorized access to personal information of 87 million Facebook users, which it used for profiling purposes. That same year, Uber announced that hackers had successfully gained access to the personal information of 57 million riders and drivers. The year before, in 2017, hackers successfully stole the personal information of 143 million consumers from Equifax because the credit reporting giant failed to install a simple software patch. And just last week, UConn Health announced that an unauthorized 3rd party accessed employee email accounts, potentially exposing personal and medical information of approximately 326,000 people.
These are not isolated incidents, or even one-offs. They are the latest in a barrage in consumer privacy and security violations, many of which are entirely preventable. And consumers are at the receiving end of this reckless practice. So, I hope that Congress does grapple with privacy data legislation.
While Congress has been successful in the past in addressing certain types of personal information, such as health or financial data or children’s information, consumers continue to see the challenges that they face with corporate practices that allow for collection, storage, analyzing, and monetizing their personal information. In fact, just two years ago, Congress voted to overturn the FCC privacy rule that would have protected online users from internet service providers, but had yet to take effect.
So, while we have gone backwards in some ways, there are others who are moving forward. In May of 2018, the European’s General Data Privacy Regulations went into effect, providing the EU and its citizens with an array of new protections from certain types of corporate data practices. And in addition, the state of California has recently passed the California Consumer Privacy Act, which also provided California’s citizens with new rights and protections. This law goes into effect 2020.
So, together the implementation of these two pieces of legislative policy, GDPR and CCPA, have brought new insights to the congressional efforts to pass meaningful privacy and data security laws. What is clear to me is we cannot pass a weaker federal law at the expense of states.
So, Mr. Chairman, I am certainly open to exploring the possibility of meaningful, comprehensive federal privacy legislation. I want to work with you and all the members of this committee, many of which have already introduced various pieces of privacy legislation, for thoughtful discussion about how we come to a resolution on these issues.
I don’t think anyone should be under the illusion, though, that this is an easy task. The information age is still unfolding. The many challenges that we will face as new ways that information is shared cannot just simply be decided today. There are hard issues about how this economy will evolve. But, I know that we can have a thoughtful exploration of the multifaceted issues regarding federal policy that go beyond the stalemate that we have had for several years. If we are going to deliver meaningful privacy and security protection for the deserving American public, then we must think about what this paradigm really looks like in this debate. I believe that just notice and consent are no longer enough. I don’t think that transparency is the only solution.
So, at today’s hearing, I hope we kick off a very substantive discussion to explore how we go about changing this mindset that treats personal information as such a commodity for profit, and think about it as we have in tackling a series of hearings here, Mr. Chairman, on the various issues related to privacy and security. I know that there are members on both sides of the aisle that are very committed to this cause, and I hope we can make progress on this.
Thank you Mr. Chairman.
Witness Panel 1
The Honorable Jon LeibowitzCo-Chairman21st Century Privacy Coalition
Mr. Michael BeckermanPresident and Chief Executive OfficerInternet Association
Mr. Brian DodgeChief Operating OfficerRetail Industry Leaders Association
Ms. Victoria EspinelPresident and Chief Executive OfficerBSA – The Software Alliance
Dr. Woodrow HartzogProfessor of Law and Computer ScienceNortheastern University School of Law and Khoury College of Computer Sciences
Mr. Randall RothenbergChief Executive OfficerInteractive Advertising Bureau