It's not yet Wednesday, and already it's been an eventful week with respect to the FTC and data privacy.
First, President Biden on Monday nominated Alvaro Bedoya to be the third Democrat to serve as a Commissioner at the FTC. The official announcement by the White House states that "[h]is research and advocacy focus on the idea that privacy is for everyone" and touts his work on facial recognition technology.
Mr. Bedoya is a visiting law professor at Georgetown Law, where he serves as the founding director of the Center on Privacy & Technology.Republican Commissioner Noah Phillips tweeted that "Alvaro would bring a bright and thoughtful voice and a depth of experience working across the aisle on privacy to the FTC."
Second, the House Committee on Energy & Commerce yesterday began a full committee markup of the so-called Build Back Better Act, a series of legislative recommendations for budget reconciliation.
Today, lawmakers are expected to consider Subtitle O, which would appropriate $1 billion over the next ten years to fund a new Privacy Bureau at the FTC "to accomplish the work of the Commission related to unfair or deceptive acts or practices relating to privacy, data security, identity theft, data abuses, and related matters."
News reports suggest Republican opposition to this proposal, including its hefty price tag, which totals nearly three times the agency's budget for fiscal year 2021: $351 million.
At the same time, politicians from both sides of the aisle continue to agree on the persistent and distinct need for federal privacy legislation.
In the Politico piece linked to above, a Republican committee aide speaking anonymously emphasized the importance "of passing actual legislation with real privacy protections for all Americans."
Likewise, Democratic Senator Maria Cantwell (WA) tweeted that the proposal is "an important step for protecting consumers," but also that she "will continue to fight for a federal privacy and data security law that protects consumers and creates certainty for businesses."
In a recent Perspectives from FSF Scholars, "Pressures Multiply for Congress to Act on Data Privacy," I listed the mounting pressures on Congress to adopt a comprehensive federal data privacy regime, which include the following:
- Three states (California twice, Virginia, and Colorado) so far have passed inconsistent laws that unnecessarily create costly headaches for businesses and confusion for consumers.
- The European Union (EU) has in place the General Data Protection Regulation (GDPR) and, in August, China adopted the Personal Information Protection Law.
- Cyberattacks, including one involving the information of over 50 million consumers discovered in August by T-Mobile, call out for a comprehensive data privacy regime.
- The lack of a federal data privacy law impedes efforts to reestablish a privacy shield for personal data transfers from the EU to the U.S.
I therefore suggested that legislation along the lines of the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act, reintroduced this session by Republican Senators Roger Wicker (MS) and Marsha Blackburn (TN), might serve as a promising starting place.
Relatedly, in a December 2019 piece for the Free State Foundation entitled "Federal Privacy Legislation: Bipartisan Discussions Devolve into Dueling Drafts." I compared an earlier iteration of the SAFE DATA Act favorably to the Consumer Online Privacy Rights Act, rival legislation cosponsored by Senator Cantwell.