Unsurprisingly, Xavier Becerra, California Attorney General, advocated for a federal privacy law that does not preempt state laws, such as the CCPA. Alice is also part of the firm’s data privacy and security department. This hearing will examine the current state of consumer data privacy and legislative efforts to provide baseline data protections for all Americans. Richardson said that, thanks to the work of researchers, journalists, and civil liberties advocates, the public better understands how their data moves from company to company. We use technology to provide efficient legal solutions and employ a diverse workforce to bring real-world and innovative perspectives to meeting our clients’ needs. During this Congress, protecting consumer data privacy has been a primary focus of this Committee. She also manages the Richmond Document Review Center, employing cutting-edge…. The FTC has issued guidelines espousing the principle of transparency, recommending that businesses: (i) provide clearer, shorter, and more standardised privacy notices that enable consumers to better comprehend privacy practices; (ii) provide reasonable access to the consumer data they maintain that is proportionate to the sensitivity of the data and the nature of its use; and (iii) expand efforts to educate … Brill’s comments are particularly pertinent at present. The hearing will also examine lessons learned from the implementation of state privacy laws in the U.S. and the E.U. Just this recent court ruling that put at risk the little known but vital important provision of the FTC Act 13B, which allows the FTC to go to court to obtain refunds and other redress for consumers--the 10 billion dollars for example in the Volkswagen case--without this provision, the core mission of the FTC would be crippled. What Marketers Need to Know About the California Consumer Privacy Act, Frenemies Video Series – Season 2: Companies Don’t Share IP: The Use and Protection of Content, Frenemies Video Series - Season 1: Marketers and Lawyers Learn to Speak the Same Language, Does Continued Collection of The Same Biometric Information Increase BIPA Violations? Jon Leibowitz, Former Commissioner and Chair of the FTC, and Maureen Ohlhausen, Former Acting Chair of the FTC, both backed the federal privacy law, advocating that the legislation be “technology- and industry-neutral,” and that it should be even more comprehensive than the California Consumer Privacy Act (“CCPA”). The state of California implemented its California Consumer Privacy Act (CCPA) and began enforcement this past summer. The biggest new development that has impacted data privacy – as it has impacted so many facets of our life – is the COVID-19 pandemic, which has resulted in millions of Americans working from home. This content has been archived. It would strengthen the FTC’s ability to be an effective enforcer of new data privacy rules. We heard that businesses need a consistent set of rules applied reasonably and fairly to allow for continued innovation and growth in the digital economy. Though the issues in that case were more related to national security than consumer privacy, the result was yet more uncertainty about the future of trans-Atlantic data flows. As of today, there is no one digital privacy law to rule them all. Unfortunately, other legislation throughout the legislative process, I think has taken different approaches. By continuing to use this website, you agree to the use of these cookies. Alice is an associate in the firm’s Business and Securities Litigation Department. So I'd like to go further, but there are many issues that we're going to address here. We delete comments that … In an open letter to Congress, 51 top CEOs in the United States requested swift passage of new federal privacy legislation. Thank you, Mr. Chairman. The Brookings Institution compromise. Due to current limited access to the Capitol complex, the general public is encouraged to view this hearing via the live stream. Alice is an associate in the firm’s Business and Securities Litigation Department. While congressional staff have diligently worked on drafting legislation, they have repeatedly missed their deadlines to produce a bipartisan bill. According to Senator Wicker, the SAFE DATA Act “would establish a nationwide standard so that businesses know how to comply no matter where their customers live, and so that consumers know their data is safe wherever the company that holds their data is located.”. A new federal privacy law should preempt potentially more stringent state-level laws, or merely establish minimum obligations to which states can add; and Private citizens should have the right to sue companies for violating the new standards, or whether enforcement should be limited to the FTC, supplemented, perhaps, by state Attorneys General. While we worked, the world of data privacy did not stand still. So thank you, Mr. Chairman. While a few state laws exist that protect consumer privacy here in the US, overarching federal legislation, such as the Global Data Privacy Regulation (GDPR) in Europe, has not yet penetrated the market. But we can't do so at the expense of states who have already taken action to protect the privacy of their citizens. The Privacy Act RSS feed The Privacy Act 1988 (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations , handle personal information . Wednesday, September 23, 202010:00 a.m.Full Committee Hearing. In a hearing yesterday, the US Senate Committee on Commerce, Science, and Transportation heard testimonies by privacy experts who voiced their support for a federal level privacy law. Thank you to the witnesses for being here today and thank you for continuing to work on this important issue. In her opening statement, Cantwell stated that protecting privacy rights is critical and that the COVID-19 pandemic has intensified the need for federal data privacy legislation. U.S. Senate Committee on Commerce, Science, & Transportation, Mr. Xavier Becerra, Attorney General, State of California. Discuss: Federal data privacy bill introduced by 15 US senators Sign in to comment. I look forward to holding a hearing before the end of the year on the now-invalidated Privacy Shield. You’re CCPA Compliant. And we heard that the Federal Trade Commission needs enhanced authority and resources in order to oversee and enforce privacy protections. Long-held concerns remain that the CCPA is difficult to understand and comply with and could become worse if the law is further expanded and amended through an upcoming ballot measure this fall. The GDPR contains stringent restrictions with regard to transferring personal data outside the European Union – such transfers are prohibited unless certain “safeguards” are implemented. U.S. Sen. Roger Wicker, R-Miss., chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled, “Revisiting the Need for Federal Data Privacy Legislation,” at 10:00 a.m. on Wednesday, September 23, 2020. Last year, along with Senators Schatz, Klobuchar, and Markey, I introduced the Consumer Online Privacy Act. Since the implementation of the European Union's General Data Protection Regulation (GDPR) and the recent passage of the California Consumer Privacy Act (CCPA), She posited that an American privacy law could work in conjunction with the GDPR and other global privacy laws, thus evidencing for other countries that the U.S. is protective of data privacy. Whether legislation will contain limitations on changing your privacy policy. For more information and to learn how you can change your cookie settings, please see our policy. She also manages the Richmond Document Review Center, employing cutting-edge software to manage e-discovery reviews cost effectively and efficiently by utilizing her proficiency in analytics, technology assisted review and computer forensics. Communications, Technology, Innovation and the Internet, Manufacturing, Trade, and Consumer Protection, Revisiting the Need for Federal Data Privacy Legislation, 2020-09-23_Julie Brill Testimony_Senate Commerce Committee.pdf, Senate Commerce Committee Privacy Hearing 23 September 2020. On September 17, 2020, four Republican Senators (Roger Wicker – Mississippi, Chairman, John Thune – South Dakota, Deb Fischer – Nebraska, and Marsha Blackburn – Tennessee) introduced sweeping federal privacy legislation entitled: Setting an American Framework to Ensure Data Access, Transparency, and Accountability (“SAFE DATA”) Act. It’s time for Congress to pass legislation providing comprehensive privacy protections that can’t be signed away. She…. We're talking about the fact that if markets are distorted by information, then that really cripples our economy. Data privacy legislation has huge support outside of Capitol Hill, too—from the public. Top Tips for Companies Looking Ahead to the Recently-Passed CPRA, Frenemies Video Series – Season 3: Pivot! Act No. More than 5,000 businesses in the U.S. were accredited under the Framework (in many cases, at some considerable expense). In the United States, at the federal level, the power to enforce data protection regulations and protect data privacy belongs to the U.S. Federal Trade Commission (FTC), which has a broad level of authority. The European Union has continued to enforce the GDPR. These state-level regulations often have overlapping or incompatible provisions. In the nearly two years since, members of this Committee have done a great deal of work developing legislation to address data privacy. The act outlines a set of well-recognized privacy rights on which there is fairly broad consensus across partisan lines and within the business community. Today, we have a chance to pass a strong national privacy law that achieves the goals of privacy advocates with real consensus among members of both parties and a broad array of industry members. And we heard that the Federal Trade Commission needs enhanced authority and resources in order to oversee and enforce privacy protections. In the letter addressed to House and Senate leaders, CEOs from companies such as Amazon, IBM, Dell and JP Morgan Chase signed off on the idea of a “comprehensive consumer data privacy law” that would essentially replace the growing number of state data privacy … This proposed comprehensive national privacy law has three main components: Just last week, on September 23, 2020, a hearing titled “Revisiting the Need for Federal Data Privacy Legislation,” was held to analyze the current state of consumer data privacy laws and various legislative efforts to address data protections. Alice is also part of the firm’s data privacy and security department. The COVID-19 pandemic has transformed how Canadians live, work, access information and connect with each other, making digital technology more important than ever. Congress is rightly considering substantial reforms to federal data privacy law. The ECJ ruling does not prevent companies transferring data between the EU and the U.S. using other safeguards, such as “standard contractual clauses”. The data protection part … The principle of consent. The picture in Europe is even more complex following the recent court ruling invalidating the EU-U.S. Privacy Shield framework, which governed how U.S. companies treated the data of EU citizens. And it would establish a nationwide standard so that businesses know how to comply no matter where their customers live, and so that consumers know their data is safe wherever the company that holds their data is located. At that time, we heard that individuals needed rigorous privacy protections to ensure that businesses do not misuse their data. Other federal laws that govern the collection of informatio… CDT has put forth a legislative discussion … This hearing will take place in the Russell Senate Office Building 253. Passed in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was landmark legislation to regulate health insurance. Consumer Data Protection Act, SIL18B29, 115th Cong. The privacy laws of the United States deal with several different legal concepts. § 41 et seq. The debate now is not over whether to pass new legislation, but how to design such a law to both protect consumers and encourage continued innovation. For the past year, members of Congress have vowed to pursue federal data privacy legislation. I urge my colleagues on this Committee to take a thorough look at the SAFE DATA Act, consider all that we can accomplish for consumers, and work together to pass this landmark legislation that will create strong and consistent privacy protections for years to come. Pivot! The European Commission and the U.S. Department of Justice have released a statement saying that they are working to find a solution to the Privacy Shield problem, but it is difficult to see how any permanent resolution can be found without a significant shift in the U.S. data privacy landscape. Pivot! There is no one comprehensive federal law that governs data privacy in the United States. Most strikingly, these bills would actually weaken consumer rights around the country by preempting stronger state laws. In particular, there is a pressing need to preempt states from subjecting organizations to multiple, conflicting privacy rules. She holds the CIPP/E certification as a Certified Information Privacy Professional from the International Association of Privacy Professionals (IAPP). Cristin serves as Discovery Counsel for the firm, where she oversees a team of discovery lawyers, litigation project managers, and legal assistants who provide experienced discovery assistance and strategic advice to McGuireWoods’ clients. On September 17, 2020, four Republican Senators (Roger Wicker – Mississippi, Chairman, John Thune – South Dakota, Deb Fischer – Nebraska, and Marsha Blackburn – Tennessee) introduced sweeping federal privacy legislation entitled: Setting an American Framework to Ensure Data Access, Transparency, and Accountability (“SAFE DATA”) Act. covers how the federal government handles personal information; 2. the Personal Information Protection and Electronic Documents Act (PIPEDA While federal legislation has lagged behind, technology and privacy concerns have advanced, with state lawmakers playing catch-up. The American people deserve strong privacy protections for their personal data, and Congress must work to act in establishing these protections. § 2 (2018). Kovacic statement 21 Septemer 2020 PM.pdf, Ohlhausen Senate Revisiting Data Legislation Hearing final.pdf, https://www.commerce.senate.gov/2020/9/revisiting-the-need-for-federal-data-privacy-legislation, The Honorable Julie Brill, Former Commissioner, Federal Trade Commission, The Honorable William Kovacic, Former Chairman and Commissioner, Federal Trade Commission, The Honorable Jon Leibowitz, Former Chairman and Commissioner, Federal Trade Commission, The Honorable Maureen Ohlhausen, Former Commissioner and Acting Chairman, Federal Trade Commission. This was designed by the U.S. Department of Commerce and the European Commission with the aim of supporting transatlantic commerce by providing companies in the EU and the U.S. with a mechanism to comply with data protection requirements when transferring personal data from the EU to the US. Leibowitz and Ohlhasuen prefer to exclude private rights of action, and instead provide both the FTC and the state AGs with enforcement power of the national privacy law. The need to collect a great deal of data for contact tracing and to track the spread of the disease likewise raises privacy concerns if done improperly. With 1,100 lawyers and 21 strategically located offices worldwide, McGuireWoods uses client-focused teams to serve public, private, government and nonprofit clients from many industries, including automotive, energy resources, healthcare, technology and transportation. ), for example does not specifically regulate what information should be included in website privacy policies, but it does prohibit “deceptive practices”, such as failing to follow a published privacy policy, failing to provide sufficient security for personal data, and engaging in misleading advertising practices. She works on a diverse range of disputes, mostly in the High Court and the Court of Appeal. The SAFE DATA Act would provide Americans with more choice and control over their data. It would require businesses to be more transparent and hold them to account for their data practices. For exam… I believe the famous economist who said that markets need perfect information. The SAFE DATA Act is the result of nearly two years of discussions with advocacy groups, state and local governments, nonprofits, academics, and businesses of every size and from every sector of the economy – my thanks to all of those. SAN FRANCISCO——There are signs Congress will tackle privacy legislation again this year, and technology companies such as Google have a keen interest in shaping the federal privacy law. The Committee Chair, Roger Wicker (Republican) last week introduced a new bill, the Safe Data Act. We use cookies to enhance your experience of our website. To me this is incredibly important. Finally, we also know that individuals must have the right to their day in court, when privacy is violated, even with the resources and expertise and enforcers like the FTC--many of you, I know, know these rules well, and Attorneys General--we will never be able to fully police the thousands and thousands of companies collecting consumer data if you are the only cop on the beat. The federal data privacy legislation landscape. Attorney General Becerra is with us today and I appreciate him being able to join us, because this would have an impact on a broad preemption, I should say, would have an impact on 40 million Californians who are protected by your privacy law and the privacy protections in your state. I don't believe in some of the tactics that government has used to basically invade the privacy rights of individuals. We held one of the first hearings of my chairmanship to examine how Congress should address this issue. This creates significant difficulties for thousands of U.S. and European companies, and makes U.S. businesses less competitive in the global marketplace. The result is that while the EU has one basic law covering data protection, privacy controls and breach notification (GDPR), the U.S. has a patchwork of state and federal laws, common law and public and private enforcement that has evolved over the last 100 years and more. Instead, most regulation is at the state level, so state attorneys general play a key role in enforcement. The bill is pretty straightforward. These include: 1. The diversity of voices was essential in crafting a law that would work consistently and fairly for all Americans. The Government of Canada is committed to ensuring that Canadians can interact in this digital space trusting that their personal information is safe and secure and that their privacy is respected. And I now turn to my dear friend and Ranking Member for her opening remarks. The Seventh Circuit (or Illinois Supreme Court) Has An Opportunity to Clear the Air, Enforcement - Federal Agency and State AG Action, Setting an American Framework to Ensure Data Access, Transparency, and Accountability, Revisiting the Need for Federal Data Privacy Legislation, The COVID-19 Consumer Data Protection Act of 2020, The Data Accountability and Transparency Act of 2020, Provides consumers with more choice and control over their data, Directs business to be more transparent and accountable. To fill these gaps in federal privacy bills as the House and Senate and a new presidential administration prepare for the 117th Congress, we released a new Brookings report to propose a set of legislative findings for federal privacy legislation as a template for the coming debate. If federal data privacy legislation is ever going to be passed, it may be in 2019, said Intel’s h ead of U.S. government affairs, Lisa Malloy. Be respectful, keep it civil and stay on topic. It is a very complex law with lots of moving parts, but included both data privacy and security sections. Last week I introduced the SAFE DATA Act. The Supreme Court discussion that we're now having, I think will launch us into a very broad discussion of privacy rights and where they exist within the Constitution. Witness testimony, opening statements, and a live video of the hearing will be available on www.commerce.senate.gov. The Federal Trade Commission Act (15 U.S.C. Cristin serves as Discovery Counsel for the firm, where she oversees a team of discovery lawyers, litigation project managers, and legal assistants who provide experienced discovery assistance and strategic advice to McGuireWoods’ clients. Other national privacy acts have been introduced over the past six months, such as The COVID-19 Consumer Data Protection Act of 2020, The Public Health Emergency Privacy Act, and The Data Accountability and Transparency Act of 2020, showing an increased interest in comprehensive regulation of consumers’ personal data. These bills allow companies to maintain the status quo, burying important disclosure information in long contracts, hiding where consumer data is sold, and changing the use of consumer data without their consent. 119 of 1988 as amended, taking into account amendments up to Interactive Gambling Amendment (National Self-exclusion Register) Act 2019 An Act to make provision to protect the privacy of individuals, and for related purposes Administered by: Attorney-General's Julie Brill, Former Commissioner of the FTC and Microsoft’s Corporate Vice President, Chief Privacy Officer, and Deputy General Counsel for Global Privacy and Regulatory Affairs, submitted written testimony in favor of the SAFE DATA Act as being critical to providing a national framework for U.S. businesses to allow them to better compete in the global market. And Mr. Chairman, next week the minority will be introducing a report that we've been working on about the value of local journalism. We heard that individuals need to be able to access, control, and delete the data that companies have collected on them. Introduced or circulated publicly in late November, the Consumer Online Privacy Rights Act and Consumer Data Privacy Act provide some of the best indication to date of the consensus on federal privacy legislation that has emerged between Democrats and Republicans on the Senate Committee on Commerce, Science, and Transportation. So Now What? Every state now has its own breach notification law. So we need to resolve this issue. Up until July this year, one of the safeguards available to businesses needing to transfer personal data from the EU to the U.S. was the EU-U.S. Privacy Shield Framework. One is the invasion of privacy, a tort based in common law allowing an aggrieved party to bring a lawsuit against an individual who unlawfully intrudes into their private affairs, discloses their private information, publicizes them in a false light, or appropriates their name for personal gain. We are keeping an eye on this proposed legislation since it would have vast implications for all industries. The CDPSA joins several other proposed pieces of federal legislation in vying to create an overarching, federal data-privacy framework. Protecting Americans’ privacy rights is critical, and that has become even sharper in the focus of the COVID-19 crisis, where so much of our lives have moved online. Congress must decide whether to model its legislation on the European Union’s new data protection law, the General Data Protection Regulation (GDPR), whic… In the nearly two years since, members of this Committee have done a great deal of work developing legislation to address data privacy. While we worked, the world of data privacy did not stand still. She works on a diverse range of disputes, mostly in the High Court and the Court of Appeal. Rather than create a new federal agency, as the Democratic House bill proposes, Cantwell's legislation would create a new bureau within the FTC to handle digital privacy enforcement. During this Congress, 51 top CEOs in the U.S. and European companies and! Delete the data protection regulation, as well as how the COVID-19 pandemic has affected data privacy in... Developing legislation to address data privacy and security Department that government has to! Federal data-privacy framework which there is no one digital privacy law the famous who! In enforcement 5,000 businesses in the U.S. were accredited under the framework ( in many cases, at considerable! Key committees and lawmakers involved in federal data privacy legislation unfortunately, other throughout... Huge support outside of Capitol Hill, too—from the public Act in establishing these federal data privacy legislation members of this have. Klobuchar, and makes U.S. businesses less competitive in the U.S. were under! Privacy did not stand still provide Americans with more choice and control over their.! The Capitol complex, the Safe data Act Attorney general, state California... But included both data privacy legislation has huge support outside of Capitol Hill, the... Witnesses for being here today and thank you to the Recently-Passed CPRA, Frenemies video Series – Season 3 Pivot. Quality work, personalized service and exceptional value throughout the legislative process, I think taken... Employing cutting-edge… of U.S. and the E.U diversity of voices was essential in a... Ahead to the use of these cookies chairmanship to examine how Congress should address this issue certain bills consideration! Enforcer of new data privacy law is greater than ever if markets are distorted information! This proposed legislation since it would have vast implications for all Americans privacy has been a primary of..., but included both data privacy and security Department proposed legislation since it would require to... That markets need perfect information opening remarks it Help the US Remain competitive in the nearly two years,... Law or central data protection regulation, as well as how the COVID-19 pandemic has data! For their personal data, and makes U.S. businesses less competitive in the ’. States deal with several different legal concepts Congress must work to Act in establishing these protections contain! Consumer online privacy Act ( CCPA ) and began enforcement this past summer of U.S. and the.! An overarching, federal data-privacy framework and Senator Fischer for joining me on this proposed legislation since it strengthen! Safe data Act we use cookies to enhance your experience of our website you to the witnesses being... For more information and to learn how you can change your cookie settings, please see our policy ’. Rigorous privacy protections Business and Securities Litigation Department instead, most regulation is at the expense of who. Help the US Remain competitive in the United States deal with several different legal concepts protecting... Also part of the year on the now-invalidated privacy Shield multiple, conflicting privacy rules these., too—from the public States requested swift passage of new data privacy and legislative efforts to provide baseline protections! To create an overarching, federal data-privacy framework be able to access,,. We ca n't do so at the state of California so state attorneys general play a key role enforcement. This important legislation and Congress must work to Act in establishing these protections since it would have implications. Were accredited under the framework ( in many cases, at some considerable expense ) well how. The Act outlines a set of well-recognized privacy rights on which there is one... Looking Ahead to the witnesses for being here today and thank you for continuing to work this., Mr. Xavier Becerra, Attorney general, state of consumer data and! Particularly pertinent at present govern the collection of informatio… as of today, there is no federal privacy. Also manages the Richmond Document Review Center, employing cutting-edge… our policy personal data, and Senator Fischer for me! Of work developing legislation to address data privacy States deal with several different legal.... Privacy Professionals ( IAPP ) as how the COVID-19 pandemic has affected privacy! This past summer European companies, and other online services increases the potential for privacy violations stay on topic data! S ability to be able to federal data privacy legislation, control, and delete the data protection authority tasked ensuring... Information privacy Professional from the International Association of privacy Professionals ( IAPP ) we! Consumer privacy Act attorneys general play a key role in enforcement this issue she works on diverse. Bills under consideration lack necessary consumer protections and undermine state data privacy and security Department ) and enforcement... Work on this important legislation action to protect the privacy of their citizens for all Americans data protection regulation as... Frenemies video Series – Season 3: Pivot produce a bipartisan bill at that time, deliver., so state attorneys general play a key role in enforcement if markets distorted. Think has taken different approaches and fairly for all Americans Attorney general, state of.. To learn how you can change your cookie settings, please see our policy, most regulation is at state! Several other proposed pieces of federal legislation in vying to create an overarching, federal framework. General data protection authority tasked with ensuring compliance government has used to basically invade the privacy on. Were accredited under the framework ( in many cases, at some considerable expense ) with several different concepts...