Senate Hearing on Federal Privacy Law: Question is Not Whether But What Form

On September 26, the Senate Commerce Committee invited tech and telecom companies to the Hill to discuss safeguards for consumer data privacy. “The question,” noted Chairman John Thune, “is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.” The Senators and testifying witnesses expressed strong support for a comprehensive federal privacy law.

The Senators and witnesses further discussed potential attributes of such legislation.  To that end, individual Senators and witnesses expressed support for a federal law that would: recognize the Federal Trade Commission as the primary regulator on privacy; uniformly apply across different types of companies; require companies to provide clear notice of privacy practices; require opt-out rights; and limit how data could be collected, used and sold.

Though some Committee members suggested that federal legislation should preempt state law in order to avoid a patchwork of state privacy regulations, Senators Brian Schatz (D-HI), Richard Blumenthal (D-CT), and Edward Markey (D-MA) made clear they would support such preemption only if the bill included strong privacy requirements. Many of the Republican members noted, however, concerns about compliance costs and the potential impact of any enactment on innovation.

A video of, and statements from, the hearing are available here.

Chairman Thune noted that the Committee will hold a follow-up hearing with privacy advocates and regulators in early October.  Alistair MacTaggart, the proponent of the California ballot initiative that eventually led to the enactment of the California Consumer Privacy Act of 2018, and Andrea Jelenik, head of GDPR enforcement for the European Union, have agreed to testify.