Facebook's Cambridge Analytica scandal, issues with Google and data breaches, and violations affecting the majority of Americans have raised awareness of data protection to a historic high, and Congress is ready to take action.
"Reports of the misuse of personal information undoubtedly frighten the Americans," said Illinois-based MP Jan Schakowsky at the hearing. "Without a comprehensive federal data protection law, the load has been completely transferred to consumers to protect themselves, and that must end."
The hearing takes place when the legislator prepares for a Federal Data Protection Act. Several members of Congress have proposed legislative proposals of varying severity. This includes Senator Ron Wyden, an Oregon Democrat who proposed a privacy law that could arrest CEOs for lying about their practices. Sen. Marco Rubio, a Republican from Florida, came up with his own law in January calling on the Federal Trade Commission to recommend privacy policies.
Several states have their own privacy laws, with the California Consumer Protection Law being the most stringent. However, technology giants hope that a federal data protection law makes the state regulations powerless. Companies like Google, Amazon and Facebook have hoped to influence how a federal data protection law will be blown away and spent a record $ 80 million on lobbying last year, Congress said as the Interactive Advertising Bureau and Business Roundtable passed of federal laws that would impose the laws of the state. It was too confusing for companies to follow different rules for each state, they said.
"Without a single federal data protection standard, a patchwork of state privacy laws will confuse consumers, pose significant challenges for companies that comply with these laws, and fail to meet consumers' expectations about their digital privacy." David Grimaldi Jr., Deputy IAB Vice President of Public Order, said in his opening speech.
Denise Zheng, vice president of technology and innovation at Business Roundtable, reiterated this assessment, saying that state laws do not benefit consumers because they are often confusing to businesses.
This perspective contradicts what advocates of privacy argue: the laws of the countries provide protection that a federal law could miss.
While federal legislation has lagged behind, concerns about technology and privacy have risen, with state lawmakers catching up. There are no federal laws to collect biometric data or notification of injury, but Illinois passed its Biometric Data Protection Act in 2008, and Vermont passed its law on security breaches in 2018. Members of Congress proposed a law after the infringement of Equifax, but more than a year later, it has gone nowhere.
"US data protection laws generally set a floor and no ceiling so that states can afford protection that they deem appropriate for their citizens and are" laboratories of democracy "that offer protection Keeping pace with the rapidly changing technology, "said Brandi Collins-Dexter, senior campaign director of the online civil rights organization Color of Change, in her opening statement.
Nuala O & Connor, CEO of the Center for Democracy and Technology, said the Attorney Generals should be able to enforce a federal law on privacy when it is passed. She noted that every state has different demographic values and data protection values, and prosecutors are best placed to defend these diverse interests.
Rep. Greg Walden, a Republican from Oregon, said the state's data protection laws are helpful, but not enough for the US.
"Your privacy and security should not change, depending on where you live in the US," Walden said. "One state should not set the standard for the rest of the country."
Last May, the General Data Protection Regulation of the European Union entered into force, which imposed strict privacy standards on tech companies. The IAB, which represents companies such as Google, Amazon, Verizon, Facebook and Twitter, said Congress should not impose a federal data protection law in relation to the GDPR or the California Data Protection Act.
Roslyn Layton of the American Enterprise Institute criticized the GDPR, pointing out that it would allow technology giants such as Google, Facebook, and Amazon to grow in Europe, stopping small businesses that could not keep up with regulation.
"The number of agencies and bureaucrats who control our data does not increase our privacy," Layton said. "This reduces our freedom, makes companies more expensive and discourages innovation."
Grimaldi said the legislation should encourage the self-regulation of technology giants, and the IAB's proposals did not include penalties for companies that do not protect people's privacy.
Not all testify before the House Committee approved.
"Self-regulation alone is not enough," said O & Connor. "It was revolutionary in 1999, but it's no longer enough to protect consumers."