Blackburn Urges Congress Consider Privacy Issues 'Piece at a Time'
Lawmakers “would be well served to take” up policy issues on their work on privacy legislation like anti-conservative censorship, antitrust concerns and wireless carriers' location tracking practices (see 1906120076) “a piece at a time and come to bipartisan agreement so that we have guidelines that are going to last,” said Sen. Marsha Blackburn, R-Tenn. She's on a Judiciary Committee informal privacy legislative working group (see 1903180038), one of several ongoing efforts to draft a bill. Also at Wednesday's Free State Foundation event, FTC Commissioner Noah Phillips urged Congress to not adopt privacy legislation that would allow a private right of action.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Blackburn said final privacy legislation is likely “going to end up being very narrow” with “one set of rules for the entire internet ecosystem,” and that would bar companies from denying service to consumers who refuse opt-in consent to collection of personal information. There will also be language to address data security that will “put a framework in place” on data breach issues, she said. Blackburn touted her Balancing the Rights of Web Surfers Equally and Responsibly (Browser) Act (S-1116), which would make the FTC the privacy regulator for ISPs and edge companies and would require opt-in consent even for web browsing data (see 1904110052).
“It’s becoming increasingly obvious that tech companies absolutely cannot self-regulate,” Blackburn said. Congress' job now is to give the sector “a guide” to move forward. Part of the solution must involve requiring major tech companies to be “transparent with the American consumer,” she said. “Big tech needs to trust the American consumer to make a wise decision.”
A new federal privacy law “must provide for rules and regulation, but it should do so in a way that best permits for future growth and innovation and that encourages investment and risk-taking,” Phillips said. Allowing a private right of action “will have a substantial and unwarranted negative impact, particularly on small, innovative, businesses” because they will have to “prioritize lawsuit avoidance over doing what they do best.” Government enforcement of a privacy law “is the best way to balance” regulation and innovation, Phillips said.
Phillips urged that Congress seek legislation that avoids the approach used in the EU’s general data protection regulation and toward “incorporating [the U.S.'] traditional harm-focused, risk-based approach to privacy protection.” There's “some evidence that … investment in startups is down in Europe and more market share is flowing to the largest companies” as a result of GDPR implementation, he said. GDPR gives U.S. lawmakers some important concepts to consider, including “determining democratically a set of legitimate data uses where companies are free to operate, where even consent is not necessary.”
CTIA Senior Vice President-Government Affairs Kelly Cole and others argued for a federal law to pre-empt state-level privacy statutes. “We have some real concerns with” the California Consumer Privacy Act, which CTIA believes was “pulled together in days” without consulting private sector stakeholders, said Cole: “I would certainly not recommend” Congress use that statute as the “base” for a federal law. Center for Democracy and Technology Privacy and Data Project Director Michelle Richardson believes the sort of “patchwork” of state-level privacy laws “is still a year or two away,” which in itself might “inspire Congress to move faster.”