Thune-led committee discusses data privacy
WASHINGTON, D.C. -- Representatives from six major tech companies voiced their opinions on consumer data privacy at a hearing before the Senate Committee on Commerce, Science and Transportation on Wednesday morning.
Committee Chairman Sen. John Thune (R-S.D.) said the hearing was likely the first of many attempts to seek input from those who would potentially be most affected by a federally-implemented data privacy law.
“Some have expressed angst that we have an industry-only panel today,” Thune said. “Let me reassure anyone who thinks we’re going to be rushing through legislation without the benefit of alternative views that things don’t work that way here.”
The hearing, entitled “Examining Safeguards for Consumer Data Privacy,” followed the recent passages of data privacy laws in both the European Union and California, which are designed to regulate organizations’ roles in storing and sharing personal data.
“Every day, Americans share enormous amounts of personal information with a broad array of companies,” Sen. Tammy Baldwin (D-Wis.) said. “It provides tremendous benefits to us, but it also becomes so commonplace that I think many do not fully understand what data that they may be sharing, and we’ve seen too many companies fail to keep that data secure or ensure that it’s used for the purposes that their customers expect.”
The European regulation, titled the General Data Protection Regulation, was implemented in May, and the California Consumer Privacy Act was signed into law in June and will go into effect at the beginning of 2020.
“The question is no longer whether we need a federal law to protect consumers’ privacy,” Thune said. “The question is what shape that law should take.”
The general consensus at the hearing was that federal regulation would be more effective than state regulation to ensure that regulations are consistent and not stricter than intended.
“(It’s) always important to respect state authority. The problem is, data moves at the speed of light, and it doesn’t respect state boundaries,” said Len Cali, vice president of global public policy at AT&T, Inc. “If California strikes balance in one way and New York strikes it another way and a third state strikes it another way, industry will be forced, because of the fragmentation, to comply with the most restrictive aspects of each state’s law.”
Hearing witnesses, which also included representatives from Google, Apple, Twitter, Amazon and Charter Communications, said they wanted to make sure that the Federal Trade Commission would be able to investigate and enforce any violations of future federal data privacy regulations and that they would be willing to work with Congress and the FTC to guarantee that the commission would have all the necessary resources to do so.
“Many of you have been very critical of the GDPR, and some of you, I’m going to be very blunt, fought California law,” Sen. Richard Blumenthal (D-Conn.) said. “That’s a matter of public record. I am really seeking assurance that you will put your money where your mouth is.”
Witnesses were questioned both on how they thought the U.S. could best regulate companies which collect personal data and on how their individual companies currently handle the data they collect. They agreed that the definition of personal data would need to be very clear in any future legislation.
Company representatives said that they only share personal information if the person from whom they collected it has opted in to -- or, in some cases, hasn’t opted out of -- having their personal data shared.
“We can’t ignore the fact that we live in an economy that incentivizes the gathering of as much data as possible, to either use it or to sell it,” Sen. Deb Fischer (R-Neb.) said. “And as Congress is looking to strengthen the privacy, I think it’s crucial that we prevent irresponsible data use.”