Tuesday, March 04, 2025

House Commerce Privacy Working Group Seeks Input

In a February 2025 post to the FSF Blog, I reported on a press release from House Commerce Committee Chairman Brett Guthrie (R-KY) and Vice Chairman John Joyce, M.D. (R-PA) announcing the creation of a working group focused on federal comprehensive data privacy legislation. That working group is now asking interested parties to provide responses to a Request for Information (RFI).

Released on February 21, 2025, the RFI begins by acknowledging two points I have highlighted repeatedly in writings for the Free State Foundation, most recently in a December 2024 Perspectives from FSF Scholars.

One, that "the challenge of providing clear digital protections for Americans is compounded by the fast pace of technological advancement and the complex web of state and federal data privacy and security laws, which in some cases create conflicting legal requirements."

And two, that "Members of Congress have spent many years working toward federal comprehensive data privacy and security standards to bring consumer protections into the digital age while ensuring that the U.S. continues to lead in a globally competitive environment."

The information sought by the RFI is organized into the following six specific categories:

  • Roles and Responsibilities: What types of entities collect, process, and sell personal information? What obligations should apply to each?
  • Personal Information, Transparency, and Consumer Rights: What specific consumer protections should a privacy law include? What heightened safeguards should apply to sensitive personal information? How should covered entities provide disclosures to consumers?
  • Existing Privacy Frameworks and Protections: What can be learned from the existing "patchwork" of state privacy laws? To what extent should a federal privacy law preempt state privacy laws?
  • Data Security: How can federal lawmakers ensure the security of consumer data?
  • Artificial Intelligence (AI): How might a federal privacy law account for existing state laws addressing AI, including those relating to automated decision-making?
  • Accountability and Enforcement: What are the pros and cons of exclusive enforcement by the FTC and state Attorneys General? Should a federal privacy law include a safe harbor?

A seventh, catch-all, category encourages interested parties to submit "any additional information that may be relevant to the working group as it develops a comprehensive data privacy and security law."

Responses, due by April 7, 2025, should be emailed to PrivacyWorkingGroup@mail.house.gov.

Posted by Andrew Long at 2:41 PM
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)