The House Consumer Protection Subcommittee hearing on privacy Tuesday (Feb. 26), the first of two Hill hearings on the hot-button subject in as many days, showcased both the bipartisan call for federal legislation and the reason a bipartisan bill will be no slam dunk.
Republicans talked about privacy, but also about the need to protect small businesses, the targeted-ad based internet economy and talked up the wisdom of preempting state attempts to regulate privacy that veer into the feds lane.
Democrats talked more about the needs to shift the focus from protecting businesses, large or small, to protecting consumers, and they have issues with preempting states unless the bipartisan bill has sufficient teeth to make those bills unnecessary.
Subcommittee chair Jan Schakowsky (D-Ill.) said Tuesday's hearing would be the first in a series of House hearings, pledging it would be an active subcommittee on the subject. She said the data collection industry had become an economic powerhouse "gobbling up every piece of consumer data it can."
She laid out an ambitious goal of strong, sensible legislation that provides meaningful privacy protections while promoting competitive markets and restoring consumers' faith in business and government. She said rules alone were not enough, that there must be aggressive enforcement. On that score--she said, the Federal Trade Commission has done little to curb the worst practices. She said it must have the legal tools and funds to do the job effectively, but did not let it off the hook.
Republicans agree on strong enforcement, but just what gets enforced are the details in which the devil resides.
Schakwosky said that requests for more tools, as FTC has made, should not be an excuse for inaction with the tools it already has, like its Sec. 5 authority to ban unfair methods of competition.
Dems conceded the benefits of some of the vast data collection--improving products, fraud prevention, scientific research--but were more focused on the downside. Rep. Frank Pallone (D-N.J.), chairman of the parent Energy & Commerce Committee, cited breaches and third-party data-sharing "scandals," but said privacy concerns were not just about the major incidents. He called it an everyday issue given how much data is tracked, collected, shared, and commoditized without the user's knowledge.
Pallone talked briefly of those positive uses, but said data collection can also lead to discrimination, differential pricing or even physical harm.
Republicans talked about the need for giving consumers a better idea of what data was being used and how--transparency and accountability--But Pallone pointed to the sobering stat that it would take 76 years, by one account, to read the privacy policies of the sites an average person searches in a year.
Both sides agreed that there needs to be a simpler way to relay information about how data is being handled and shared and by whom for what. Pallone said what the country needed was comprehensive privacy legislation that shifts the burdens off consumers and onto business.
The two parties differed over how the issue had been approached to date.
Pallone said there had been a lot of talk about privacy over the years but nothing done about it, calling it a long overdue conversation about a model that had been protecting companies using the data rather than the consumers providing it.
Former E&C chair Greg Walden (R-Ore.) suggested the new Democratic leadership was simply "picking up on" an issue that had been the focus of the previous Republican leadership. He pointed to last fall's hearings with Big Tech, for example, to demonstrate the committee had already been "on the forefront" of the issue.
Walden said that privacy means different things to different people, but that both sides should be able to agree that any bill needs 1) improved transparency and accountability, 2) should protect innovation and small business (don't overregulate), and 3) set a national standard (which means preempt state efforts over what is an interstate service).
Walden said the government should not mandate a flood privacy policies that people don't read or click-through notices that can be frustrating. Democrats are more for mandates, though of policies that are easier to opt out of.
Just how much choice there needs to be to opt out, or in, of data collection practices could be one of the deflection points for a bipartisan effort, as well as what categories of data get what protections.
Alan Davidson, Mozilla VP of global policy, trust and security, pushed back on Republicans' emphasis on more transparency about what info was being collected and how it was used. "As a tech company that has made privacy a central feature of our products and has advocated for data protection laws across the globe, we are encouraged to see both the House and Senate holding hearings on U.S. privacy legislation he said. "The need for legislation in the United States can’t be brushed aside any longer. The U.S. has fallen behind, and every new story about data misuse is a reminder that we need rules in place to keep companies in check and people protected."It is not enough to merely improve consumer education when users are asked to make countless decisions to protect their privacy online. When big corporations can use personal information in unforeseen and harmful ways, the existing notice and consent model no longer works. As we heard today, it is time for Congress to provide safeguards for people and guardrails for industry."Mozilla was the lead petitioner in the challenge to the FCC's network neutrality deregulation, for which transparency about the newly allowable blocking and throttling and paid prioritization was a key element, one Mozilla argued was also an insufficient governor on conduct.