Rep. McMorris Rodgers Defends FTC as Primary Privacy Enforcer
The FTC should remain the U.S. privacy enforcer but needs more resources, House Consumer Protection Subcommittee ranking member Cathy McMorris Rodgers, R-Wash., told us Thursday. Two House Democrats from California are contemplating draft legislation that would replace it with a new data privacy agency. A prospective privacy bill will need bipartisan, bicameral support to pass, she said after an appearance at a U.S. Chamber of Commerce event.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Commissioner Noah Phillips said he supports federal pre-emption of privacy laws like those in California and opposes a federal law including a private right of action for consumers to sue. Californians for Consumer Privacy Chair Alastair Mactaggart, who helped write the California Consumer Privacy Act, argued that protections in the state law should be extended to the entire U.S. An NTIA official, at a separate event, gave an update on the agency’s privacy framework effort (see 1902260016).
It’s important to get a federal privacy bill in place this year, McMorris Rodgers said. That Congress isn't further along in introducing a bipartisan privacy bill in either chamber shows this is “clearly a difficult issue,” she said. She cited four privacy “pillars”: one national standard, better transparency, data security improvement and avoiding high compliance costs for startups. The FTC needs more resources, but adding expertise is the key, she said. The agency also needs rulemaking authority, she said, but warned against Congress granting broad rulemaking authority that could be politicized.
Federal pre-emption will ensure consumers and businesses have a clear understanding of what’s expected, Phillips said. Federal law shouldn’t follow California's in including a private right of action, he said, because that would have negative economic impacts, particularly on small businesses. He also opposed any proposal to replace his agency with a new data privacy agency, citing the commission's expertise and experience. Congress should first define the problem it’s trying to solve on privacy, Phillips said. That’s tricky because privacy is subjective, he said. Any civil penalty authority should be based on specific harms defined by Congress, he said. Like Chairman Joe Simons, he urged Congress not to grant broad rulemaking authority to the agency: the FTC isn’t a legislative body and shouldn’t write the rules.
When consumer data is for sale to the highest bidder, that’s the end of free and fair elections, Mactaggart said. It’s far more dangerous for a CEO like Mark Zuckerberg than for government to control mass amounts of data because the Facebook executive never faces election, he said. Companies such as Google and Facebook are obligated to testify before Congress, given the power they wield, he said: If the Senate asks the companies to testify, the only response is: when and where. Mactaggart said the Health Insurance Portability and Accountability Act is an example of a privacy law that sets a floor for state laws to go further: “Privacy shouldn’t be any different.”
NTIA received more than 200 comments from individuals, industries, companies and organizations on the agency’s proposed privacy approach (see 1902260016) announced in the fall 2018, said acting Administrator Diane Rinaldo at a smart cities event. The draft framework was made public in April. The U.S. needs a data privacy model that ensures Americans are willing to share their information, said her prepared remarks. She said industry wants to avoid a patchwork of state laws, and she cited the need to maintain cross-border data flows and to protect small businesses from burdensome compliance costs.
It’s not often the Chamber asks for regulation, but a federal privacy law is desperately needed to avoid a patchwork of state laws and mass litigation, said Chamber Technology Engagement Center Senior Vice President Tim Day. Earning consumer trust is essential in today’s tech-driven economy, and CTEC is working with key lawmakers to pass privacy legislation, he added.
Strengthening consumers’ digital identities is key to securing online data, the Business Roundtable reported Thursday. The industry group outlined an approach it believes reduces identity fraud “by discouraging reliance solely on knowledge-based techniques.” The approach also emphasizes strong authentication and fraud detection capabilities to protect against breaches. The report highlights “use of identity federation and decentralized identity to reduce unnecessary repetition of identity proofing and authentication, while providing more transparency and control of identity data to users.”