Republican senators are banding together to push for a national privacy law that would empower the Federal Trade Commission and state attorneys general to crack down on the unbridled storage, use and transfer of consumer data.
Sen. Roger Wicker, R-Miss., recently filed a sweeping bill to create a framework to shield individuals' personal data and use national requirements instead of a growing patchwork of state laws. But critics say the bill suffers from gaping loopholes — some perhaps deliberate — that could hobble more ambitious state efforts.
The bill, filed July 28, is the latest version of the SAFE DATA Act that Wicker sought to push through the Senate last year with Senate Minority Whip John Thune. This year, Sen. Marsha Blackburn, R-Tenn., has signed on as co-sponsor.
Wicker's legislation would allow consumers to correct, delete and "port" their data, prohibit businesses from processing or transferring sensitive data without their consent, and minimize what could be collected. His office says it would establish uniform data protections across the country enforced by the FTC and state attorneys general, while also imposing transparency mandates on businesses, among other things.
A national set of requirements would ostensibly reduce confusion for companies that want to do business in California, which was the first state to craft its own comprehensive privacy law, and also deal with newer such laws in Colorado and Virginia.
But that virtue of Wicker's bill cuts both ways, in the view of some privacy legal experts. They are dismayed that the bill would preempt tougher state laws that impose tighter restrictions on companies' use of data, possibly leading to even bigger legal headaches.
. . .
Beefing Up The FTC
Though it's unclear if Democrats plan to come up with a similar package, recent talks concerning FTC reform have occasionally involved privacy legislation. A top House Republican, Rep. Cathy McMorris Rodgers of Washington, said a Democratic bill to restore court-ordered restitution power to the FTC was "a huge missed opportunity to enact a national privacy standard." She added that "Congress has a responsibility to do our job. We cannot have California dictating policy for the other 49 states."
But a federal law that disrupts California's efforts is exactly what some privacy experts don't want to see advancing in Congress. Other states are moving ahead with data protection laws that are expected to take years to enact and enforce.
Wicker's bill — though very early in the legislative process even if heard in committee, where he's the ranking Republican on Commerce — would hand the FTC another enforcement mandate after it just lost part of its enforcement teeth, at least temporarily.
Betsy A. Miller, partner at Cohen Milstein Sellers & Toll PLLC, told Law360 in an email that authority to seek disgorgement and restitution "is enormously important to deter and prosecute data privacy misconduct."
"Consumer protection historically has been an area of robust state legislation and enforcement activity. It would be a damaging departure from these guiding principles if a bill like this were passed," she said. "Doing so would rob the states — which are focused on this issue [and] able to move the ball forward more quickly with meaningful and less diluted legislation — of the ability to advance the thoughtful evolution of privacy law. Preemption is a dangerous and unnecessary path to take."
Miller noted, for example, that enforcement under state laws has never been preempted by the FTC Act, and "in fact, consumer protection has thrived as a robust blend of a federal, state, public and private enforcement."
"Congress hasn't kept pace with Big Tech, and it simply can't move fast enough to keep up with the speed of expansion in the data privacy industry," Miller said. "This is the reality, and Congress shouldn't be attempting to legislate data privacy with specificity or take measures that cut out the essential role of state-led enforcement or private actions."
The complete article can be viewed here.