Skip to main content

Senate Talks Privacy, Data Protection

A Senate Commerce Committee hearing on privacy and data security came to an early close Wednesday for a series of votes, but not before the differences between some Democrats and Republicans on the issue surfaced.

In what an apologetic committee chairma, Jay Rockefeller (D-W. Va.), called a "travesty of scheduling," the second panel of witnesses was confined to summarizing prepared statements, though Rockefeller said Senators would submit written questions and that might work out even better given their chance to provide fuller answers, "or not," he added.

But the committee was able to rush through questioning of the first panel, comprising government witnesses: Federal Trade Commission member Julie Brill, Commerce Department gGeneral counsel Cameron Kerry and FCC general counsel Austin Schlick.

That questioning reinforced that while there is bipartisan agreement that privacy in the digital age is an important issue, political divides remain over whether government action/intervention is needed and how that should proceed.

Asked by Rockefeller for their take on proposed legislation, all three government witnesses gave shout-outs to legislation introduced by Senators Rockefeller, John McCain (R-Ariz.), John Kerry (D-Mass.) and Mark Pryor (D-Ark) that would create a privacy bill of rights, a Do-Not-Track mechanism, and a national data breach security and notification standard.

But Senator Patrick Toomey (R-Pa.), ranking member of the Consumer Protection subcommittee, was unconvinced that all that legislative firepower was called for.

He pointed out that there was broad support for a national standard for protecting data security, superseding either 47 or 48 different state data security laws (both figures were cited in the hearing), and said that legislation was likely "in the near future."

But he said he was not sure whether legislation was the best solution, and thought more information was needed to make sure that the bills were not a solution in search of a problem. He said he wanted to find out if any real harm had occurred. He also wanted to know what consumers' privacy expectations were given that millions share personal info on Facebook and other social network sites. He said that rather than Congress or the FTC or others stepping in, perhaps consumers should be setting the standard by "mutual consent" through their interactions.

He said the bills were well intentioned and thoughtful, but that perhaps their backers had not thought through their unintended consequences. He also said he had reservations about moving forward with legislation absent a "clearer picture" of the harms being addressed and a cost-benefit analysis of the bills' impact and whether it would be overly restrictive of online advertising.

Sen. Kerry, co-author of the privacy Bill of Rights bill, seemed surprised that there was not a baseline agreement on whether an online privacy protection problem exists that needs addressing.

He used his abbreviated questioning to get each of the government witnesses, including his brother, Cameron, to weigh in on what the problems and the harms were. Brill said the problem is insufficient privacy policies -- in the mobile app space, for example -- and even when a privacy policy exists, it sometimes takes 100 screens to get through the entire statement. She said consumers could not be expected to do that.

While Brill said she has been a strong proponent of self regulation, she was not convinced that self-regulation alone would be enough given the way the online advertising and marketing industry was set up. She said industry has stepped up and made significant strides in giving consumers more control over their data, particularly after the FTC recommended a Do-Not-Track mechanism in a December privacy draft report, but that more was needed.

The FCC's Schlick said there was absolutely a problem. As the National Broadband Plan pointed out, he said, if consumers and developers don't trust that their privacy will be protected, then broadband deployment will be harmed.

Cameron Kerry said Commerce had gotten that same message from businesses that agreed trust was the key. He said a lot of companies recognize the importance of trust and have good privacy protection practices in place, but that there are "malicious actors and outliers" who exploit that trust.

There has been some jurisdictional squabbling between Commerce and Judiciary over the privacy issue, particularly after Justice created a new privacy subcommittee headed by Sen. Al Franken.

Rockefeller made a point of saying he was chairman of the "committee of jurisdiction" and added that he was saying it "clearly" for everyone to hear. He also made the point that his goal in the privacy hearings -- this was the committee's third in this Congress -- and the proposed legislation, was to give consumers information on just how their data was being used and the power to control it.