Senate Commerce Committee Hearing: America Needs Federal Privacy Law

The Senate Commerce Committee headed by Senator John Thune (R-SD) held a key hearing on consumer data privacy today. In attendance to answer questions about their corporate data privacy practices were representatives of AT&T, Amazon, Google, Twitter, Apple and Charter Communications. The hearing was titled, “Examining Safeguards for Consumer Data Privacy.” Senator Thune promised to hold a second hearing early next month with privacy advocates and other key stakeholders, including California privacy activist Alastair MacTaggert and Andrea Jelenik, the head of GDPR enforcement for the European Union.

In Senator Thune’s opening statement, he said, “The question is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.” This sentiment was echoed throughout the morning as the witnesses acknowledged the need for a new federal privacy law, chose not to defend voluntary guidelines and generally agreed that privacy enforcement should remain with the Federal Trade Commission (FTC).

The EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CaCPA) were mentioned early and often, as Senators struggled with what parts of these laws to adopt and where the standards needed to be changed to better maintain the balance between privacy and innovation.

For those businesses that are still struggling with the question of whether an investment in privacy technology is worth the resources ahead of a potential new federal privacy law, we went through a few of the written statements of the participants to highlight what they see as the benefits for businesses protecting consumer privacy:

Leonard Cali, AT&T Senior Vice President Global Public Policy: [I]n today’s data-driven world, it is more important than ever to maintain consumers’ trust and give them control over their personal information.”

Andrew DeVore, Vice President and Associate General Counsel of Amazon: “While compliance with applicable laws provides a baseline for our privacy decisions, our foremost concern when considering privacy issues is customer trust. We have known from our very beginnings as an online bookstore that maintaining customer trust is essential to our success. Our customers trust us to handle their data carefully and sensibly in a secure and appropriate manner in line with their expectations. Any privacy mistake risks the loss of that trust and serious reputational damage even if there is no violation of privacy laws.”

Rachel Welch, SVP Policy and External Affairs at Charter Communications: “The internet has been a vibrant engine of economic growth and innovation for the last 20 years. Consumers in the United States and around the world rely more and more on the internet to conduct their daily lives. Websites and apps are used to find jobs, shop for groceries, take classes, manage finances, connect with loved ones, plan travel, find dates, and be entertained. Exciting new applications and use cases, such as telehealth and telemedicine, offer tremendous potential to bring similar disruption to other sectors of the U.S. economy and create thousands of new American jobs. For the internet to continue to deliver on this promise, however, users must continue to feel confident in their ability to control their online data.

The complete written statements of the invitees are available at https://www.commerce.senate.gov/public/index.cfm/2018/9/examining-safeguards-for-consumer-data-privacy.

Ahead of the public hearing, Google published a proposed framework for data protection legislation. The privacy framework was announced in a blog post by Keith Enright, Google’s Chief Privacy Officer, and is contained in a three page document. The framework contains a set of high-level principles from privacy regimes meant to apply to organizations making decisions on the collection and use of personal information.

The principles for organizations include:
1. Collect and use personal information responsibly.
2. Mandate transparency and help individuals be informed.
3. Place reasonable limitations on the manner and means of collecting, using and disclosing personal information.
4. Maintain the quality of personal information.
5. Make it practical for individuals to control the use of personal information.
6. Give individuals the ability to access, correct, delete and download personal information about them.
7. Include requirements to secure personal information.

There is also a section on scope and accountability that appears intended for use in the creation of regulation. These principles include:

1. Hold organizations accountable for compliance.
2. Focus on risk of harm to individuals and communities.
3. Distinguish direct consumer services from enterprise services.
4. Define personal information flexibly to ensure the proper incentives and handling.
5. Apply the rules to all organizations that process personal information.
6. Design regulations to improve the ecosystem and accommodate changes in technology and norms.
7. Apply geographic scope that accords with international norms.
8. Encourage global interoperability.

The framework from Google joins suggestions from business organizations like the US Chamber of Commerce and the Internet Association, as well as the National Telecommunications and Information Administration, about the approach that should be taken to improving privacy protections.

More from Clarip

Read the latest posts on the Clarip Privacy Blog.

Get started on your journey to improved data privacy with our GDPR data mapping software.

EU GDPR
– GDPR Compliance
– Consent Management Software
– GDPR Data Mapping Software
– DSAR Portal
– GDPR Text

ePrivacy
– Cookie Scanner
– Cookie Banner Generator
– Cookie Consent Manager
– ePrivacy Regulation

California Consumer Privacy Act
– CCPA Summary
– CCPA vs GDPR
– CCPA Privacy Software
– CCPA Webinar

Federal Privacy Laws
– Pending Congress Bills

Privacy News
– Clarip Blog