House Members Spar Over Data Privacy Bills; Path Forward Remains Murky

(Image: Shutterstock)

Members of the House Energy and Commerce Committee’s Communications and Technology Subcommittee sparred today over competing bills that would address online data privacy generally and protection of customer proprietary network information (CPNI) specifically, but appeared to make little headway toward consensus on how to proceed on legislative measures that have languished in the committee since being introduced last year.

Rep. Marsha Blackburn, R-Tenn., chair of the subcommittee, beat the drum for the bill she introduced last year–the Balancing the Rights Of Web Surfers Equally and Responsibly (BROWSER) Act of 2017–which would authorize the Federal Trade Commission (FTC) to enforce information privacy protections across a range of online platforms including use of opt-in and opt-out approvals for varying types and uses of consumer data.

At the same time, Rep. Jerry McNerney, D-Calif., pitched his own bill introduced last year–the Managing Your Data Against Telecom Abuses (MY DATA) Act of 2017–which would prohibit providers of broadband service or Internet content, applications, and devices from using unfair or deceptive practices relating to privacy or data security. The bill would empower the FTC, after consultation with the Federal Communications Commission (FCC), to make regulations to carry out those provisions.

But both bills have found little momentum, and remain in the province of the Subcommittee on Digital Commerce and Consumer Protection. And given the relatively brief legislative calendar remaining this year due to mid-term elections, neither bill is likely to see movement soon.

That legislative inertia, however, does not lessen the need for Congress to act on the issue, lawmakers and witnesses at the hearing said today.

Rep. Mike Doyle, D-Pa., criticized Rep. Blackburn’s bill for failing to provide new powers to the FTC to make new rules to boost privacy protections, and said that following congressional grilling earlier this year of Facebook CEO Mark Zuckerburg, it was “clear that FTC does not have manpower or resources” to even enforce its own existing consent decree with the social media provider.

“We are going to need a comprehensive solution” to improve online privacy protections, he argued, including “more resources, manpower and authority to go after bad actors and… to set the rules of the road for the digital economy.” He added, “After-the-fact enforcement authority cannot help us to right wrongs.”

In the absence of Federal action in the United States on the issue, he pointed to other jurisdictions acting on their own to boost online privacy protections, including the European Union’s adoption of its General Data Protection Regulation, and passage last month the California legislature of online privacy rules regarded as among the toughest in the United States.

Rep. Anna Eshoo, D-Calif., excoriated Republican lawmakers for their action last year to repeal FCC-mandated online privacy rules for broadband service providers, and support for the FCC’s repeal earlier this year of network neutrality rules. As a result of those actions, she asserted, “there are no strong privacy rules” in the Internet ecosystem.

She hammered on Rep. Blackburn’s BROWSER Act, saying it “does nothing for privacy, there is no rulemaking [authority], no penalties, and it preempts state law.” She added, “the FTC can’t do a damn thing, it has no teeth.”

Hance Haney, a senior fellow at the Discovery Institute and a witness at today’s hearing, suggested that any effort by Congress to improve online privacy rules should strive for competitive and technological neutrality and should limit opt-in rules for only the “most sensitive” consumer information.

Former FCC Commissioner Robert McDowell, also a witness at the hearing, echoed those sentiments by urging Congress to look at how to “modernize and harmonize” online privacy rules that can apply across all platforms “including ones we can’t even imagine yet.” He suggested that any new rules focus on the sensitivity of consumer data, rather than the party that might collect the data.

“It’s clear we must do something,” said witness Laura Moy, deputy director at the Georgetown Law Center on Privacy and Technology, citing statistics claiming that 91 percent of Americans believe they have “lost control of their information.” If the FTC were to be tasked with overseeing enforcement of tougher online privacy rules, the agency also needs to be given rulemaking authority to carry out that mission, she said.

“Rulemaking authority is incredibly important,” she said, explaining that agencies armed only with enforcement powers can only act after violations have occurred. “An agency with rulemaking authority can respond faster than Congress” when new problems crop up, she said.

Recent