On Wednesday, September 29, 2021, the Senate Committee on Commerce, Science, & Transportation held its first hearing of the year on data privacy, "Protecting Consumer Privacy."
Witnesses included:
- Georgetown Law Professor David Vladeck, a former Director of the FTC's Bureau of Consumer Protection (written testimony)
- President of The App Association Morgan Reed (written testimony)
- Maureen Ohlhausen, a partner at Baker Botts and a former Acting Chair of the FTC (written testimony)
- Independent Researcher and Technologist Ashkan Soltani, who once served as the FTC's Chief Technologist (written testimony)
As one might expect, there was widespread agreement on the need to both pass a federal data privacy law and provide the FTC with greater resources.
The disagreements centered on the usual suspects – that is, preemption of state laws and a private right of action – along with (1) the amount of additional dollars to be allocated to the FTC, and (2) whether it would be appropriate for the agency to initiate a privacy rulemaking in the absence of congressional progress, an issue I touched upon in a Wednesday post to the FSF Blog.In her Majority Statement, Chair Maria Cantwell (D - WA) emphasized the need to better empower the FTC, noting with approval that the Budget Reconciliation Act in its current form would make $1 billion available over ten years to establish and fund a new Privacy Bureau.
In his Minority Statement, Ranking Member Roger Wicker (R - MS) wrote that "the need for strong data privacy rules has become more urgent" over the past year and reiterated that he is "open" to a narrow private right of action that does not "stifl[e] innovation and marketplace competition or lead[] to unjustified financial windfalls for plaintiff attorneys."
In addition, he urged President Biden "to appoint someone – a specific person – among his senior staff to be a liaison to Congress on this issue and to prioritize the enactment of a data privacy law this year."
Finally, he voiced his objection to the possibility of an FTC rulemaking, asserting that "[o]nly Congress can develop longstanding data protections for consumers that meaningfully safeguard their personal information." (See below for more on this topic from Senator Wicker.)
A video archive of the hearing can be found here.
This was the first in a series of three Senate Commerce Committee hearings on data privacy and security. The next, entitled "Enhancing Data Security," will take place at 10 am EDT on Wednesday, October 6, 2021.
* * *
Also on Wednesday, the Washington Examiner published an op-ed by Senator Wicker, Representative Cathy McMorris Rodgers (R - WA), ranking member of the House Energy and Commerce Committee, and Republican FTC Commissioner Noah Phillips opposing a possible FTC rulemaking on privacy.
That same day, The Wall Street Journal (subscription required) reported that agency Chair Lina Khan is considering such a step.
The trio wrote that Congress has not granted the FTC "the authority to write comprehensive national privacy rules" and that "[a]ttempting to rewrite privacy law by executive fiat would be a blatant overreach that would almost certainly invite legal challenges."
They also argued that, as a matter of sound policy, "[a] national law must be the product of debate and compromise among the people's representatives."
The authors did, however, acknowledge that the FTC is the appropriate government entity to enforce a federal law once enacted, describing it as "the most effective privacy enforcer in the world."