Privacy for America submitted comments for the record to the Senate Commerce, Science, and Transportation Committee in connection with its hearing, “Revisiting the Need for Federal Data Privacy Legislation,” to examine the current state of consumer data privacy and legislative efforts to provide baseline data protections for all Americans.
The Honorable Roger Wicker, Chairman
The Honorable Maria Cantwell, Ranking Member
Committee on Commerce, Science, and Transportation
U.S. Senate
Washington, D.C. 20510
September 23, 2020
Dear Chairman Wicker and Ranking Member Cantwell:
Privacy for America, a coalition of top trade organizations and companies representing a broad cross- section of the American economy, commends the Committee for its ongoing focus on data privacy and for holding this hearing, “Revisiting the Need for Federal Data Privacy Legislation,” to examine the current state of consumer data privacy and legislative efforts to provide baseline data protections for all Americans. We submit these comments for the record.
Members of our coalition came together in 2019, united in the belief that all Americans deserve clear, strong, and effective data privacy protections and committed to working with a broad range of stakeholders to build consensus for enactment of a national legislation. Developments since the coalition’s founding have reinforced the need for a comprehensive federal data privacy law and we appreciate your leadership in working toward it.
The COVID-19 pandemic has exposed and increased America’s reliance on online services as social distancing and working and learning from home have become the norm for many. During this national emergency, Americans are relying on these services for valuable news and health information, to stay connected with family and friends, to continue to work and be productive, to ensure educators stay engaged with students, and to order and receive essential goods from the safety of their homes. Many of these online services are supported and subsidized by online advertising that helps make them available to as many Americans as possible, reinforcing the critical importance of responsible data use. These services continue to operate despite the economic and infrastructure challenges that have impacted businesses and employees across the economy, and they will likely become mainstays of many of our lives even after the pandemic is over. There is no doubt that the American economy will continue to depend on data and the online services it enables for a long time to come.
We also read of and are encouraged by innovative uses of geolocation and mobile app data with the potential to inform policy makers and health officials to help track and prevent the spread of the coronavirus. At the same time, we heard concerns that the government could use the same information to violate civil liberties or that bad actors could take advantage of the current situation to violate the privacy interests of Americans.
While addressing the challenges posed by the pandemic, businesses across the country face significant new compliance costs and regulatory confusion related to a growing patchwork of state data privacy laws. Setting the merits of any one of these laws aside, the cost implications and challenges to compliance where state laws conflict are serious. A national law, architected to protect privacy and encourage commerce and innovation, is both necessary and possible.
In California alone, an analysis released by the state Attorney General estimated that initial compliance costs for in-state businesses alone to comply with the California Consumer Privacy Act (CCPA) will be $55 billion, equivalent to 1.8 percent of California Gross State Product in 2018. The report estimated that additional regulations developed by the Attorney General and finalized on August 14 will impose additional costs as high as $16.5 billion over the next decade. The study, however, made no attempt to provide any assessment of the major costs that would be imposed on non-California companies in order to comply with the Act. Also, as companies across the country were adapting their businesses practices to comply with the CCPA, and before the Attorney General’s regulations were finalized, the California Secretary of State certified a new initiative for the November ballot that would alter CCPA further. In addition to California, data privacy bills were seriously considered in Washington, Hawaii, Louisiana, New Jersey, and Virginia this year and were introduced in various other states, with additional measures under development for next year’s legislative sessions. Many of these bills are significantly inconsistent with the CCPA and the ballot initiative.
We believe that the current situation underscores the need for a national privacy law that permits the responsible use of data while clearly defining illegal data practices that would harm, or present serious risk to, consumers. The Privacy for America Framework (the “Framework”), publicly released last year and available here, not only draws clear distinctions between permissible and impermissible data practices, but also provides the Federal Trade Commission the ability and resources required to identify and define additional prohibited practices as they appear in the marketplace and enforce the Framework. As a result, the Framework is uniquely suited to protect consumer interests when new threats to consumer privacy emerge, including threats that are difficult, if not impossible, to predict. The framework outlined by the coalition is more comprehensive than the CCPA and the ballot initiative, provides robust protections for consumers, clearly outlines prohibited data practices, and is backed by strong enforcement.
Privacy for America thanks you for your continued focus on these important issues. We remain committed to working with you and other members of Congress to build the consensus necessary to enact federal data privacy legislation.
Sincerely,
Stu Ingis
cc: Members, Senate Committee on Commerce, Science, and Transportation