Lawmakers, Lobbyists Divided on Browser Act Post-Cambridge Analytica

House Communications Subcommittee Chairman Marsha Blackburn, R-Tenn., who filed HR-2520 in 2017, told us she envisions the bill playing a “leading role” in discussions on privacy legislation. HR-2520 would make the FTC the privacy regulator for ISPs and edge companies and would require opt-in consent even for web browsing data (see 1705190053). The bill has a potential edge in “moving forward as a part of this conversation” because it has bipartisan support, Blackburn said. HR-2520 had seven co-sponsors as of Friday, with Rep. Dan Lipinski, D-Ill., still the only Democrat. “Consumers need a say in how their data is going to be utilized, manipulated, mined and so on” online, Blackburn said.

House Commerce Committee Chairman Greg Walden, R-Ore., said he isn't ready to say what role HR-2520 will play in the greater privacy legislation debate. But “consumers expect the same standards of privacy and protection and transparency regardless of where you are in the internet ecosystem,” he told us. “I think that's the message that Silicon Valley is beginning to wake up to, but very late in the process.” What the tech sector has sought as a standard on net neutrality is now “what Americans now want across all platforms” on a range of interrelated issues, Walden said. Blackburn also said the tech companies are “beginning to realize there needs to be one set of rules for the entire internet ecosystem.”

House Communications ranking member Mike Doyle, D-Pa., told us he remains wary of allowing HR-2520 to play a major role in shaping privacy legislation, especially given how it could affect FTC authority. The agency “has such broad jurisdiction already,” he said. “We need something more focused when it comes to privacy” and to give authority to an agency “that's going to be properly resourced to deal with it.” The FTC proposed an almost $310 million budget for FY 2019, up from $306 million proposed in FY 2018 and slightly down from the almost $311 million budget it operated on for the year under continuing appropriations (see 1802120037). The Senate Appropriations Financial Services Subcommittee set a Thursday hearing on the FTC's budget (see 1805110067).

A sufficient level of resources “doesn't exist at the FTC,” Doyle said, noting his concerns about the agency's ability to handle its nonpublic investigation into whether Facebook violated its 2011 privacy consent decree because of Cambridge Analytica’s actions (see 1803260039). FCC Chairman Ajit Pai recently deferred to the FTC to investigate reports that other companies also sold Cambridge Analytica data on their subscribers' viewing habits (see 1804300029). “I think we need a different” bill from HR-2520 to address privacy, said Doyle.

HR-2520 is obviously already part of the “beginning” of Capitol Hill's renewed conversation on privacy legislation post-Cambridge Analytica, “but what that means in practice I'm not sure about yet,” said American Action Forum Director-Technology and Innovation Policy Will Rinehart. The direction of the privacy debate has “changed dramatically” since HR-2520's introduction, but the bill faces “serious headwinds” because of other background issues, he said. The bill already had some “resistance” among supporters of FCC 2016 ISP privacy rules because of Blackburn's role in leading the Congressional Review Act resolution of disapproval effort that in 2017 abolished those rules (see 1706070050, 1706210059 and 1706280058), he said.

The bill now has more support within the tech and telecom communities than a year ago, but “politically it's dead on arrival” at least for the time being, one telecom lobbyist said. The “heat of the ISP privacy CRA” has somewhat cooled as a factor in HR-2520's future prospects, but other political problems have since come up, the lobbyist said. Blackburn is running for the Republican nomination for the Senate seat being vacated by Sen. Bob Corker, R-Tenn., which is now viewed as potentially competitive for Democrats in the November general election, the telecom lobbyist said. Democrats will have little appetite to take up legislation from Blackburn that could hand her a political win before the election, the lobbyist said.

Blackburn has the leadership clout to keep HR-2520 in the discussion, but “I think there's some question about how much she's interested in seeking to make changes to the bill” and align it with other Hill lawmakers' work on privacy legislation post-Cambridge Analytica, said Computer & Communications Industry Association Public Policy and Regulatory Counsel Bijan Madhani. Reps. Anna Eshoo, Ro Khanna and Zoe Lofgren, all D-Calif., have been working on a set of “privacy principles” (see 1804200048). Bipartisan groups of senators also have been filing privacy-related legislation over the past month, including the Social Media Privacy Protection and Consumer Rights Act (S-2728) and a “privacy bill of rights” (see 1804100054 and 1804300048).

Madhani, Rinehart and others also cited HR-2520's language as a factor working against its prospects. HR-2520 “can be a starting point for conversations, but my sense is” the Facebook-Cambridge Analytica controversy has “taken the debate beyond” the bill's narrow FTC and ISP-centric scope, said one lobbyist who focuses on Democratic lawmakers. HR-2520's language is “unrelated to any of the circumstances” involved in the Cambridge Analytica controversy but Blackburn is still trying to “turn it into a vehicle, while other folks have been trying to be thoughtful about what the appropriate response is,” Madhani said. Blackburn's bill also centers on the opt-in consent language, which “could be a non-starter” among privacy advocates, who strongly favor opt-out-centric legislation, Rinehart said.