Majority Statement

• Chairman Roger Wicker
  Read statement

  Majority Statement

  Chairman Roger Wicker

  Good morning to you all.  Today we hold our first hearing this Congress to discuss policy principles for a federal consumer data privacy framework. I am glad to convene this hearing with my good friend, Ranking Member Cantwell.
   
  We live during an exciting time of rapid innovation and technological change.  Internet-connected devices and services are virtually everywhere – in our homes, cars, grocery stores, and right here in our pockets.
   
  The increase in Internet-connected devices and services means that more consumer data than ever before is flowing through the economy.
   
  The economic and societal benefits generated by the consumer data are undeniable. From this data, meaningful insights are gleaned about the needs, preferences, and demands of consumers and businesses alike.  These insights spur innovation, help target investment, and create opportunities.
   
  The material benefits of data include increased productivity and efficiency, reduced costs, greater efficiency, greater convenience, and access to customized goods and services that enhance our safety, security, and overall quality of life.
   
  While the benefits of consumer data are immense, so too are the risks.
   
  Consumer data in the digital economy has become a target for cyber-criminals and actors that exploit data for nefarious purposes.
   
  This problem is exacerbated by the failure of some companies to protect consumer data from misuse and unwanted collection and processing.
   
  These issues threaten to undermine consumers’ trust in the Internet marketplace, diminishing consumer engagement in the online ecosystem.
   
  Consumer trust in the Internet marketplace is essential.  It is a driving force behind the ingenuity and success of American technological advancement and prosperity.  
   
  Congress needs to develop a uniquely American data privacy framework that provides consumers with more transparency, choice, and control over their data.  This must be done in a manner that provides for continued investment and innovation, and with the flexibility for U.S. businesses to compete domestically and abroad.
   
  It is clear to me that we need a strong, national privacy law that provides baseline data protections, applies equally to business entities – both online and offline – and is enforced by the nation’s top privacy enforcement authority, the Federal Trade Commission.
   
  It is important to note that a national framework does not mean a weaker framework than those that have already passed in the U.S. and overseas or being contemplated in the various states.
   
  Instead it means a preemptive framework that provides consumers with certainty that they will have the same set of robust data protections no matter where they are in the United States.
   
  We welcome our distinguished witness panel:
   
  Mr. Michael Beckerman, President and CEO of the Internet Association
  Mr. Brian Dodge, Chief Operating Officer of the Retail Industry Leaders Association
  Ms. Victoria Espinel, President and CEO of BSA – The Software Alliance
  Mr. Jon Leibowitz, Co-Chairman of the 21st Century Privacy Coalition
  Mr. Randall Rothenberg, CEO of the [Interactive] Advertising Bureau
  Dr. Woodrow Hartzog, Professor of Law and Computer Science at Northeastern University School of Law and Khoury College of Computer Sciences

  I hope our witnesses will address the critical issues that this committee will need to consider in developing a federal data privacy law, including:
   
  How best to protect consumers’ personal data from being used in ways they did not consent to when collected by the stores or websites they visit.
   
  How to ensure that consumers are presented with simplified notices about what information an organization collects about them, instead of lengthy and confusing privacy notices or terms of use that are often written in legalese and bury an organization’s data collection activities.
   
  How to enhance the FTC’s authority and resources in a reasonable way to police privacy violations and take action against bad actors anywhere in the ecosystem.
   
  How to create a framework that promotes innovation and values the significant contributions of entrepreneurs, start-ups, and small businesses to the U.S. economy;
   
  How to provide consumers with certainty about their rights to their data – including the right to access, correct, delete, and port their data, while maintaining the integrity of business operations and avoiding unnecessary disruptions to the internet marketplace; and
   
  How to ensure a United States data privacy law is interoperable with international laws to reduce compliance burdens on U.S. companies with global operations.
   
  I look forward to a thoughtful discussion on these issues and I want to welcome all of our witnesses and thank them for testifying this mornin

Minority Statement

• Maria Cantwell
  Read statement

  Minority Statement

  Maria Cantwell

  Thank you, Mr. Chairman. And thank you for holding this important hearing and welcome to the witnesses today as we discuss moving forward on developing a federal data privacy framework. 

  Last year, we learned that political consulting firm Cambridge Analytica gained unauthorized access to personal information of 87 million Facebook users, which it used for profiling purposes. That same year, Uber announced that hackers had successfully gained access to the personal information of 57 million riders and drivers. The year before, in 2017, hackers successfully stole the personal information of 143 million consumers from Equifax because the credit reporting giant failed to install a simple software patch. And just last week, UConn Health announced that an unauthorized 3^rd party accessed employee email accounts, potentially exposing personal and medical information of approximately 326,000 people. 

  These are not isolated incidents, or even one-offs. They are the latest in a barrage in consumer privacy and security violations, many of which are entirely preventable. And consumers are at the receiving end of this reckless practice. So, I hope that Congress does grapple with privacy data legislation. 

  While Congress has been successful in the past in addressing certain types of personal information, such as health or financial data or children’s information, consumers continue to see the challenges that they face with corporate practices that allow for collection, storage, analyzing, and monetizing their personal information. In fact, just two years ago, Congress voted to overturn the FCC privacy rule that would have protected online users from internet service providers, but had yet to take effect. 

  So, while we have gone backwards in some ways, there are others who are moving forward. In May of 2018, the European’s General Data Privacy Regulations went into effect, providing the EU and its citizens with an array of new protections from certain types of corporate data practices. And in addition, the state of California has recently passed the California Consumer Privacy Act, which also provided California’s citizens with new rights and protections. This law goes into effect 2020. 

  So, together the implementation of these two pieces of legislative policy, GDPR and CCPA, have brought new insights to the congressional efforts to pass meaningful privacy and data security laws. What is clear to me is we cannot pass a weaker federal law at the expense of states. 

  So, Mr. Chairman, I am certainly open to exploring the possibility of meaningful, comprehensive federal privacy legislation. I want to work with you and all the members of this committee, many of which have already introduced various pieces of privacy legislation, for thoughtful discussion about how we come to a resolution on these issues. 

  I don’t think anyone should be under the illusion, though, that this is an easy task. The information age is still unfolding. The many challenges that we will face as new ways that information is shared cannot just simply be decided today. There are hard issues about how this economy will evolve. But, I know that we can have a thoughtful exploration of the multifaceted issues regarding federal policy that go beyond the stalemate that we have had for several years. If we are going to deliver meaningful privacy and security protection for the deserving American public, then we must think about what this paradigm really looks like in this debate. I believe that just notice and consent are no longer enough. I don’t think that transparency is the only solution. 

  So, at today’s hearing, I hope we kick off a very substantive discussion to explore how we go about changing this mindset that treats personal information as such a commodity for profit, and think about it as we have in tackling a series of hearings here, Mr. Chairman, on the various issues related to privacy and security. I know that there are members on both sides of the aisle that are very committed to this cause, and I hope we can make progress on this. 

  Thank you Mr. Chairman.

Testimony

• The Honorable Jon Leibowitz

  Co-Chairman

  21st Century Privacy Coalition
  Download Testimony (34.57 KB)

• Mr. Michael Beckerman

  President and Chief Executive Officer

  Internet Association
  Download Testimony (255.96 KB)

• Mr. Brian Dodge

  Chief Operating Officer

  Retail Industry Leaders Association
  Download Testimony (897.16 KB)

• Ms. Victoria Espinel

  President and Chief Executive Officer

  BSA – The Software Alliance
  Download Testimony (172.54 KB)

• Dr. Woodrow Hartzog

  Professor of Law and Computer Science

  Northeastern University School of Law and Khoury College of Computer Sciences
  Download Testimony (97.36 KB)

• Mr. Randall Rothenberg

  Chief Executive Officer

  Interactive Advertising Bureau
  Download Testimony (141.96 KB)