When we next see a public version of the American Data Privacy and Protection Act, it will be considered before a U.S. House of Representatives group called the Subcommittee on Innovation, Data, and Commerce. You can be forgiven for not recognizing the name. This is a re-brand of the subcommittee most recently known as Consumer Protection and Commerce. Before that, it was called the subcommittee on Commerce, Manufacturing, and Trade. No matter what we call it, this branch of the Energy and Commerce Committee is the first forum in the House for consumer protection and trade issues, including oversight of the U.S. Federal Trade Commission and consumer privacy bills.
Name changes are not uncommon in the world of congressional committees. The Energy and Commerce Committee has gone through a few name changes itself over time. It is, after all, the oldest continuous standing committee in the House. Though consumer protection is not highlighted in the new name of the subcommittee, data takes center stage as a policymaking area deserving of special attention. Efforts to reform personal data practices will no doubt remain core to the subcommittee’s work this term.
At an event this week titled The Future of Data Privacy and Security in the 118th Congress, hosted by R Street, the Washington policy scene got its first taste of the political appetite for privacy and other data reforms in the coming term, at least in the House. Tim Kurth, who continues to serve as chief counsel on the subcommittee from the Republican side, spoke about his boss’s enduring commitment to seeing federal privacy legislation across the finish line. His boss, of course, is Rep. Cathy McMorris Rodgers, R-Wash. She is the first woman to chair the Energy and Commerce Committee, exactly 100 years after Mae Ella Nolan became the first woman to chair any House committee. Rodgers has also been one of the key figures behind the ADPPA.
Kurth stressed the importance of passing bipartisan privacy legislation, “one of the most American of initiatives right now,” as a milestone that would build toward multiple overlapping goals: regulatory certainty, national security, consumer rights, and protecting kids. He spoke about national legislation as a preferred alternative to states like California layering on regulations “outside the legislative process” and the FTC's “extraordinarily broad rulemaking process.” He conveyed Rodgers is ready to focus on educating new members on privacy, reconnecting with stakeholders and revisiting the ADPPA this term.
Kurth’s new counterpart on the Democrat side, Lisa Hone, also gave remarks at the event. She echoed the Republican sentiments, as Ranking Member Frank Pallone, D-N.J., remains committed to moving forward on the progress made last term.
This continuity of messaging from Energy and Commerce leaders is remarkable, bordering on surreal, at a time when rancorous political discourse dominates. Nevertheless, the path to full passage of any federal privacy bill will include the same obstacles that blocked passage last year, not to mention new unknowns.
Sen. Ted Cruz’s, R-Texas, thoughts on data privacy legislation remain unknown. Cruz is expected to serve as minority leader on the Senate Committee on Commerce, Science, and Transportation. Support from Cruz, Sen. Maria Cantwell, D-Wash., plus new House Speaker Kevin McCarthy, R-Calif., will be essential for any federal privacy initiative to make it all the way. Those working to accomplish this will need to leverage support from President Joe Biden, as demonstrated in his recent op-ed, while building on support from high-profile Republican voices and not disrupting the delicate bipartisan balance reached in the committee last year.
Like dormant sugar maple trees, policymakers are just beginning to wake up as the days lengthen into the new term. Whether innovation, competitiveness, safety, security or even pure privacy concerns drive the narrative, the policy discourse is tapped and ready to flow in 2023.
Here's what else I’m thinking about:
- U.S. states are wasting no time on new privacy bills. An avalanche of privacy legislation is already on display across the country. To keep up, IAPP updated its state privacy bill tracker for the first time in 2023, with routine updates to come. Noncomprehensive privacy bills are also spreading, mostly focused on kids’ (and teen) privacy and safety, health privacy and biometrics. Tech Policy Press posted a useful analysis of these, and other platform policymaking trends, based on a report from the University of North Carolina at Chapel Hill's Center on Technology Policy.
- There is a new AI risk framework from NIST. As requested by Congress in the 2021 defense spending bill, the National Institute of Standards and Technology released its Artificial Intelligence Risk Management Framework. The NIST also released statements from a handful of companies committed to adopting the voluntary framework as part of their approach to AI, including Microsoft, Google, Workday and IBM.
- Senators want PETs in the National Secure Data Service. In a letter to the Director of the National Science Foundation, Sens. Ron Wyden, D-Ore., and Rob Portman, R-Ohio, urge the agency to clarify the agency's mandated levels of encryption as it builds the new NSDS platform, a service that will enable government agencies to collaborate by sharing research data. The letter highlights that encrypted data can still be shared, but only through the embrace of privacy-enhancing technologies such as multi-party computation.
- Class action cases keep getting more creative. Gizmodo’s Thomas Germain highlighted some recent trends in privacy class action suits, including a wiretapping case against Footlocker, alleging a lack of consent for recording customer support transcripts, and a Video Privacy Protection Act claim against Chick-fil-A based on a website that combined video content with third-party tracking.
Upcoming happenings
- Jan. 28 is Data Privacy Day, or Data Protection Day if you prefer.
- Jan. 31 at 10 a.m. EST, the U.S. Equal Employment Opportunity Commission hosts a hearing, Navigating Employment Discrimination in AI and Automated Systems: A New Civil Rights Frontier (virtual).
- Jan. 31 at 10 a.m. EST, Social Movement Technologies hosts a virtual training, Mastodon How-To for Activists, Organizations, Movements & Journalists.
- Feb. 2 at 5 p.m. EST, IAPP’s D.C. KnowledgeNet chapter hosts a happy hour.
- Feb. 7 at 2 p.m. EST, the Information Technology & Innovation Foundation hosts What Will It Take for Congress to Pass Bipartisan Privacy Legislation? (hybrid).
- Feb. 16 at 5:30 p.m. EST, Future of Privacy Forum hosts its 13th annual Privacy Papers for Policymakers (in-person only).
Please send feedback, updates, and tree similes to cobun@iapp.org.