Cantwell, Wicker, Industry Open to Passing Privacy Law Stronger Than States
Senate Commerce Committee Chairman Roger Wicker, R-Miss., ranking member Maria Cantwell, D-Wash., and industry officials are open to passing a federal privacy law that’s stronger than California’s. Cantwell suggested during the committee’s first privacy hearing in 2019 that federal law should be stronger, at a minimum. Wicker sounded hopeful about prospects for privacy legislation during a later Incompas event, saying it's one of his “must-pass” priorities for the committee this year (see 1902270018).
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
“I think there’s bipartisan support for avoiding a patchwork of different approaches among the 50 states,” Wicker told us before the hearing. He told reporters after that he agreed with six witnesses -- five of them industry officials -- that the federal law could end up being stronger or better than California’s. Wicker would like to have a privacy bill on President Donald Trump’s desk “this year.”
Joey Wender, aide to Sen. Ed Markey, D-Mass., said at the Incompas event he believes reaching consensus on a privacy bill will be “hard, but I think it's doable.” The Senate Commerce hearing showed members agree on some items, including the need for “some type of strong notice-and-choice regime,” along with language on transparency and consumer control matters, Wender said. There's clearly disagreement on other matters, he said, including the level of additional authority Congress will give to the FTC to enforce the statute and how a national law will pre-empt statutes in California and other states.
Pre-empting state law is “an important priority,” Sen. Jerry Moran, R-Kan., told us. He’s working with Wicker and Sens. Richard Blumenthal, D-Conn., and Brian Schatz, D-Hawaii, on bipartisan legislation. “Whatever we do on pre-emption has to be seen in context,” Blumenthal told us. “If it’s an extraordinarily strong bill, the issue of pre-emption becomes much less important.”
The effort to pre-empt state law is “somewhat disturbing,” Cantwell said during the hearing. “Are we here just because we don’t like the California law?” Cantwell is “in the camp” that pre-emption could be harmful, and the focus should be on what’s best for consumers. Northeastern University law professor Woodrow Hartzog, a late addition after criticism for an all-industry panel, testified that pre-emption could be problematic.
The EU pre-empted regional privacy laws with its general data protection regulation, Wicker noted. He also echoed comments from 21st Century Privacy Coalition co-Chairman Jon Leibowitz, who said California’s privacy law pre-empts local statutes. Having 50 privacy laws will result in “digital disaster,” Leibowitz said. His coalition supports FTC civil penalty authority for first offenses and “possibly rulemaking authority” with guardrails.
Nontech small businesses have the most to lose if “we get this wrong” or with a patchwork of state laws, said Internet Association CEO Michael Beckerman. All industry witnesses argued for federal pre-emption. Retail Industry Leaders Association Chief Operating Officer Brian Dodge sought industry safe harbors for good actors and equitable enforcement by the FTC and state attorneys general. The FTC should have first offense fining authority, said BSA|The Software Alliance CEO Victoria Espinel. Interactive Advertising Bureau CEO Randall Rothenberg also argued for industry safe harbors.
A state patchwork of privacy laws isn't an insurmountable problem, Hartzog said, citing a state-by-state framework for data breach laws. Wicker said after the hearing it’s not essential that data breach issues move forward with a consumer privacy bill. States are getting involved because Congress has done nothing on privacy, said Sen. Amy Klobuchar, D-Minn. Industry has been lobbying against regulation for years because it’s never been “right,” she added.
The current privacy regime asks too much of consumers and not enough of industry, Hartzog said. Notice and consent models provide incentive for vague abstractions that confuse consumers and lead to never-ending clicking of agreements, he said.