While the House Energy and Commerce Committee has paved the way for a national data privacy standard, the United States has yet to pass legislation that would rein in Big Tech and put Americans in control of their personal data.

 

The committee’s Innovation, Data, and Commerce Subcommittee held a hearing today to consider what a bipartisan national data privacy standard would look like, and discuss how to get legislation across the finish line.

 

The discussion built upon the bipartisan, bicameral American Data Privacy and Protection Act (ADPPA), which moved through the committee last year with a vote of 53-2.

 

“That was the first time this committee reached such a milestone, and no other committee has come close on a national privacy and data security standard with the bipartisan support necessary to clear the House and make the Senate take notice,” said Cathy McMorris Rodgers R-Wash., chairwoman of the full committee.

 

“This is a new Congress, with new considerations, so we must continue to improve on the legislation from last Congress and build consensus amongst stakeholders,” she added. “We must continue our work so that individuals can exercise their rights, businesses can continue to innovate, and the government’s role is clearly defined.”

 

The ADPPA aimed to provide consumers with fundamental data privacy rights by creating strong oversight mechanisms and establishing meaningful enforcement.

 

It also put the Federal Trade Commission (FTC) in charge of the proposed new rules and would preempt most existing state laws on data privacy and security.

 

Legislation to create stronger Federal rules for the private sector on data privacy and security has been a talking point in Congress for over a decade, but one that has never made it to the finish line. Before the ADPPA, the last serious push for stronger standards dates back to 2019.

 

“It is time. And the time has really passed, I think, for us to do a data privacy law,” said Subcommittee Chairwoman Jan Schakowsky, D-Ill. “Our past effort provides once again, the guidelines for how we can move together and I absolutely look forward to building on the momentous gains that we have made. And so, I think it’s time for us to roll up our sleeves and in a bipartisan way to get to work.”

 

Alexandra Reeve Givens, the president and CEO of the Center for Democracy and Technology, noted that the lack of a Federal privacy law “is leaving consumers open to exploitation and to abuse.”

 

She explained how tech companies can set their own privacy rules and collect whatever data they like, as long as they disclose it in their terms of service. And while most Americans don’t read these lengthy agreements, even if they could understand these “labyrinthian privacy policies,” Givens said they often have “no real choice but to consent.”

 

“We have to move on from this broken regime of notice and consent to one that establishes baseline safeguards for consumers’ information, clear rules of the road for businesses, and meaningful enforcement of the law,” Givens told lawmakers. “This must include specific protections for sensitive information and protections for civil rights. The bipartisan American Data Privacy and Protection Act is the place to start.”

 

“To be clear, CDT and other consumer groups wish the bill offered stronger protections in places. This is not our perfect bill,” she continued. “But this committee put in the work to achieve meaningful compromise. Respectfully, we urge you to build on that momentum by taking up the bill without delay.”

 

Jessica Rich, who previously served as the director of the FTC’s Bureau of Consumer Protection and is currently counsel and senior policy advisor for consumer protection at Kelley Drye & Warren, also voiced her support for the ADPPA.

 

Rich explained that – for the most part – the ADPPA is stronger than existing state laws, calling it “the strongest bill we’ve seen anywhere on privacy.”

 

“There’s simply no substitute for Federal privacy legislation,” she said. “Only Congress can resolve the thorniest issues here, put them to rest, preemption, and the private right of action.”

Read More About
About
Grace Dille
Grace Dille
Grace Dille is MeriTalk's Assistant Managing Editor covering the intersection of government and technology.
Tags