The Senate Commerce Committee was getting some advice in advance of its hearing Wednesday (Oct. 10) on "Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation [GDPR] and the California Consumer Privacy Act."
The EU in May adopted a tough new opt-in based online privacy regime, while California recently adopted its own tough privacy legislation.
The Republican majority in the committee has issues with the GDPR approach and with the California law, since the FCC's rollback of net neutrality rules included pre-empting such state efforts at re-regulation, there is general agreement on both sides of the aisle that Congress needs to step in with some kind of online privacy protection given the series of hacks and improper data sharing and vulnerabilities that has Washington on edge about The Edge.
That included the revelation this week about Google+.
Privacy group, the Center for Digital Democracy sent a letter to the committee in advance of the hearing outlining what it thought should be Congress' approach to comprehensive legislation.
CDD wants broad protections in baseline legislation. That includes covering all data, online and off, and all parties, including nonprofits. But CDD does not want the federal law to preempt tougher state laws.
That is likely a nonstarter for computer companies and ISPs who argue that a "patchwork" of state laws is unworkable, and federal law must supersede such efforts, which is one of the reasons they support federal privacy legislation.
CDD also wants to give rulemaking authority to the Federal Trade Commission so its enforcement of tough new privacy laws have some teeth. Currently, the FTC can enforce unfair and deceptive conduct by filing suit and securing consent decrees.
"Today’s commercial practices have grown over the past decades unencumbered by regulatory constraints, and increasingly threaten the American ideals of self-determination, fairness, justice and equal opportunity," CDD told the committee. "It is now time to address these developments: to grant basic rights to individuals and groups regarding data about them and how those data are used; to put limits on certain commercial data practices; and to strengthen our government to step in and protect our individual and common interests vis-à-vis powerful commercial entities."