Majority Statement

• Chairman John Thune
  Read statement

  Majority Statement

  Chairman John Thune

  Good morning. Today we are holding our second hearing on needed safeguards for consumer data privacy. As we consider potential federal legislation on privacy, it is essential that we hear from stakeholders and experts with varying perspectives to inform our work.

  Two weeks ago, we heard from major technology companies and internet service providers about how they are seeking to address consumer privacy and their efforts to comply with the European Union’s General Data Protection Regulation, or GDPR, and the new California Consumer Privacy Act, or CCPA.

  While the experience of such companies is important to consider, I want to be clear that the next federal privacy law will not be written by industry. Any federal privacy law should incorporate views from affected industry stakeholders and consumer advocates in an effort to promote privacy without stifling innovation.

  With that in mind, today’s hearing will focus on the perspectives of privacy advocates and other experts. We will also continue to solicit input from additional stakeholders in the days ahead.

  GDPR and CCPA have undoubtedly spurred our conversation about a national privacy framework, and they give us useful examples as we contemplate federal legislation. Of course, Congressional action on privacy is not entirely new. Over the last several decades, Congress has enacted legislation to protect children, healthcare, and financial information. Privacy debates have been ongoing in multiple sectors. Even the recently-enacted FAA Reauthorization includes provisions on privacy specifically regarding the use of unmanned aircraft systems for commercial purposes. Federal agencies, such as the Federal Trade Commission and the Department of Commerce, have also performed long-standing roles regarding privacy and have been increasingly active recently in this area.

  At the same time, I am well aware Congress has tried, and failed, over the last few decades to enact comprehensive privacy legislation. To be successful this time, we all must endeavor to keep open minds about the contours of a bipartisan bill.

  In the wake of Facebook’s Cambridge Analytica scandal and other similar incidents, including a vulnerability in Google-plus accounts reported just this past week, it is increasingly clear that industry self-regulation in this area is not sufficient. A national standard for privacy rules of the road is needed to protect consumers.

  At the same time, we need to get this right. Passing onerous requirements that do not materially advance privacy would be a step backward. While it may be too early to determine the impact that GDPR and CCPA will have in the U.S., the most notable difference most consumers can see directly has been the increase in GDPR-inspired pop-up notices and cookie consent banners on their devices.

  As we continue to work toward possible legislation, I encourage my colleagues to challenge what industry told us at our first hearing, but also to examine both the benefits as well as the potential unintended consequences of the new rules put forth by the European Union and the state of California.

  Thank you to the witnesses for appearing here today. With that, I’ll turn to Senator Nelson for his opening remarks.

Testimony

• Dr. Andrea Jelinek

  Chair

  European Data Protection Board
  Download Testimony (599.95 KB)

• Mr. Alastair Mactaggart

  Board Chair

  Californians for Consumer Privacy 
  Download Testimony (550.10 KB)

• Ms. Laura Moy

  Executive Director and Adjunct Professor of Law

  Georgetown Law Center on Privacy & Technology
  Download Testimony (288.43 KB)

• Ms. Nuala O’Connor

  President and CEO

  Center for Democracy & Technology
  Download Testimony (139.25 KB)