A pair of House Energy & Commerce Committee Republicans on Tuesday (Nov. 3) unveiled a discussion draft of national privacy legislation, the Control Our Data Act, which would establish a “national privacy standard,” and they are drafting every GOP member of the Consumer Protection Subcommittee to work on it.
Also read: New Federal Data Privacy Bill Introduced
For the legislation to go anywhere, they will have to get buy-in from Democrats who control the committee and the House, though given how long it would take for a comprehensive bill to make it to a vote in either House or Senate, the Republicans may be hoping that by that time the 2022 midterms voters may have given them the upper hand and control of committees.
House E&C ranking member Cathy McMorris Rodgers (R-Wash.) and Consumer Protection ranking member Gus Bilirakis (R-Fla.), who teamed on the draft, said that, guided by four main principles, the bill will set clear rules for consumer privacy and data security, hot button issues in Washington as both sides of the aisle hammer Big Tech over its handling, or mishandling, of both.
The principles:
1.) “The internet does not stop at state lines, so why should one state set the standard for the rest of the country? Creating arbitrary barriers to the internet may result in different options, opportunities, and experiences online based on where you live.
2.) “A lack of transparency has led to where we are today and any federal bill must ensure people understand how their information is collected, used, and shared. We must also ensure that companies who misuse personal information must be held sufficiently accountable.
3.)”Any federal bill must ensure companies are implementing reasonable measures to protect people’s personal information.
4.) “We must also protect small businesses and innovation. We know that in Europe, investments in startups are down more than 40% since their data protection and privacy law — the General Data Protection Regulation — went into effect. We must guard against a similar situation here. We want small businesses hiring coders and engineers, not lawyers.
The GOP member marching orders are as follows:
• Bilirakis will focus on creating a Bureau of Consumer Privacy and Data Security within the Federal Trade Commission;
• Rep. Fred Upton of Michigan will focus on how to define the legitimate purpose is defined for the use and retention of consumer data is handled so as not to become a cybersecurity target;
• Rep. Bob Latta of Ohio will focus on the need for a standard that avoids conflicting regulations and allows for proper third-party data sharing;
• Rep. Brett Guthrie of Kentucky will handle risk assessment and mitigation techniques like blockchain to protect consumer data;
• Rep. Larry Bucshon of Indiana will deal with privacy by design, that design being reasonable policies for collecting, using and sharing data;
• Rep. Neal Dunn of Florida will focus on data security;
• Rep. Debbie Lesko of Arizona will handle categories of sensitive information and anti-discrimination policies;
• Rep. Greg Pence of Indiana will work on the definition of small and midsized entities as well as the definition of personal information, which has been a huge sticking point between Republicans and Democrats;
• Rep. Kelly Armstrong of North Dakota will focus on the proper use of the FTC's enforcement authority, collaboration with state attorneys general, self regulatory guidelines and safe harbors.
“Today’s announcement from Reps. McMorris Rodgers and Bilirakis is the latest reminder that there is broad support to enact comprehensive data privacy legislation in Congress,” said Privacy for America, a coalition of advertising industry groups pushing for federal privacy legislation. “We note that there are significant areas of agreement in proposals advanced by members of both parties on the core principles to protect all Americans. We encourage members of Congress to come together to reach agreement on a framework that will lead to real privacy protections for consumers — no matter where they live — and establish clear rules of the road that allow for the responsible use of data.”
