We could really do it this time.
That was the conclusion House lawmakers were eager to deliver at an Energy and Commerce subcommittee hearing on innovation, data and commerce (IDC). Comprehensive data privacy legislation is once again on the table, but this time it's different.
Lawmakers also took up child online safety proposals, such as the Child Online Safety Act, which recently won a House add-on to the popular Senate bill, and COPPA 2.0, which would update and raise the age of protection for a long-standing online privacy bill for children. .
But privacy reform was the focus of much of the hearing, as a discussion draft for the American Privacy Rights Act (APRA) revived the issue after years of inaction. This latest draft is being championed by Senate Commerce Committee Chair Maria Cantwell (D-WA) and House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA).
Comprehensive privacy protections have been a shared bipartisan goal for years, but have failed to become law due to disagreements on the finer points: Should they preempt state legislation that provides some basic protections in the absence of federal ones? Should individual consumers have a private right of action to sue for violations of their data rights?
This is the closest Congress has come to advancing comprehensive privacy legislation in some time. But lawmakers have been in a similar position before and then seen their hopes wither.
Most recently, in 2022, Rodgers worked with then-Commerce Committee Ranking Member Roger Wicker (R-MS) and then-E&C Chairman Frank Pallone (D-NJ) to introduce the American Protect and Data Privacy (ADPPA), which approved with strong bipartisan support of the House Energy and Commerce Committee. But technology/2024/04/13/congress-maria-cantwell-online-privacy/”>Cantwell opposition finally hindered that initial momentum, and eventually refocusing attention on legislation addressing TikTok's ties to China and children's online safety, two issues that many advocates say could be addressed in part through comprehensive privacy protections for all internet users. .
“I'm excited. We have to do this.”
Even with memories of a failed privacy initiative still in mind, Committee leaders expressed optimism at Wednesday's hearing that strong nationwide privacy protections could finally become a reality. “With the American Privacy Rights Act, we are at a unique moment in history when we finally have the opportunity to imagine the Internet as a force for prosperity and good,” Rodgers said at the beginning of the hearing. “I'm excited,” IDC subcommittee Chairman Gus Bilirakis (R-FL) said after Rodgers' remarks. “We have to do this.”
Pallone, now a ranking member of the full committee, echoed that sentiment. But he then proceeded to point out areas that he considered lacking in the proposal. While he said he's “pleased” the new proposal adopts many of the same protections as the previous one he sponsored, he said he hopes to add more specific protections for children, such as bans on targeting ads at children and requiring “privacy by design.” . Pallone also wants to create a youth privacy division at the Federal Trade Commission to ensure it gets the funding needed to enforce the law.
Still, Pallone said he is “optimistic that we will be able to get comprehensive privacy legislation across the finish line” and said he is committed to working with his colleagues to get there.
On the Senate side, Commerce Committee Ranking Member Ted Cruz (R-TX) has already indicated potential areas of opposition to the proposal, saying in a statement after its release that he “cannot support any project.” data privacy law that empowers trial lawyers, strengthens Big tech by imposing crushing new regulatory costs on upstart competitors, or gives unprecedented power to the FTC to become arbiter of Internet speech and DEI compliance “The proposal would allow individuals to sue for alleged violations of their rights but would also give companies the opportunity to correct mistakes.
With Cantwell holding the gavel in that committee, the proposal could still have a chance to advance once introduced.
At one point, Bilirakis asked each of the five experts in the hearing if this was the best chance Congress had to pass comprehensive data privacy. He got a unanimous “yes.”
“I think there is a recognition that things are getting worse and they can get worse.”
In an interview after the hearing, Jan Schakowsky (D-IL), ranking member of the IDC subcommittee, said he is “very optimistic as of today.” She says this time, lawmakers are even more aware of the consequences of not signing privacy protections into law. “I think there's a recognition that things are getting worse and they can get worse,” Schakowsky said. “So if we don't act, more states will now be crafting their standalone privacy bills. That's not good at all. I mean, all over the world we are atypical countries that do not have some type of protection for consumers. So I think there is an urgency to do this.”
Schakowsky acknowledges that there are areas of the draft that even she would like to see changed, and noted that she preferred how the ADPPA handled preemption of laws, including Illinois' biometric data protection law. But she said that “overall, the need to get it done is more pressing than the disagreements” and, ultimately, “there is a real consensus that we just have to figure it out.”
Schakowsky isn't overly concerned about opposition from California lawmakers, who have historically been adamant about upholding the applicability of the state's own data privacy law, noting that only two members voted against ADPPA in a vote. of the committee.
And when it comes to the tech lobby, Schakowsky says it will only go so far this time. “People are fed up with Big tech, which gets away with it in every way possible. I think we’ve kind of moved past that,” he said. “I just think they won't be on solid ground. I'm sure they will look at every detail and see how they could do it. But I think people are tired of them and the role they play in our lives.”
