At a hearing Wednesday at the House Committee on Energy and Commerce, lawmakers once again asked the U.S. Federal Trade Commission what it needs to carry out its mandate on consumer protection and how a federal privacy bill could best support that mission. Committee Chairman Rep. Frank Pallone, D-N.J., noted the FTC's lean numbers. While the FTC has 40 staffers working on enforcing data protection for 300 million consumers, its global counterparts have staffs 10 times that number, in some cases. The U.K., for example, boasts 500 employees and is a fifth as large population-wise.

And while the Consumer Protection and Commerce Subcommittee hearing seemed framed to discuss what kinds of resources the FTC needs, the five commissioners on hand at the witness table seemed ready to make more specific asks — namely, not to be given "broad" rulemaking authority, to be granted civil penalty authority to levy some hefty fines and for lawmakers to first consider what kind of problem a potential federal privacy law aims to solve before legislating anything at all. 

Perhaps the most nuanced and interesting takeaway from Wednesday's hearing is what seems to be a divide between Democrats and Republicans on whether the FTC should have broad rulemaking authority. That's going to be something to watch.

Rep. Cathy McMorris Rodgers, R-Wash., called for restraint in bestowing the agency with more power. "I remain skeptical of Congress delegating broad authority to the FTC or any agency," she said. " ... It should not be transformed from a law enforcement agency to a massive rule-making regime. To understand the pain this could cause, look no further to the GDPR in Europe. Investment in startups in Europe is down 40 percent" and U.S. companies have shuttered across the continent because of compliance costs, she said. "If we decide to increase FTC's resources and authority to enforce privacy law, then this committee must exercise its oversight of the [commission] to its fullest." 

And that's where Republican Commissioner Noah Phillips and Chairman Joseph Simons agree. Simons, who is typically demure at the witness table, expressed a rare moment of passion in saying to lawmakers: 

"Please do not do it, do not give us broad rule-making authority. Give us targeted rule-making authority," he said. "What we really want to have is have Congress come up with bipartisan privacy legislation ... and give us targeted rule-making authority so we can keep it up to date, make technical changes for developments in technology or in business methods, but please do not give us broad-based authority."

Simons asked the subcommittee not to "dump" that responsibility on the FTC, indicating that because federal privacy legislation is so complicated, it could be tempting to pass the buck, like, "You guys figure this out."

"There's a lot of agreement on a general need for something, but a lot of disagreement on the specifics," Phillips said. He added that different people have different tastes for privacy, and "if you ask the three of us [Republican commissioners] what we want, that's no substitute for the democratic process." 

In a brief chat with reporters after the hearing, Rep. Jan Schakowsky, D-Ill., said she "was interested" in what Rodgers had to say but did not comment on whether the issue would create an impasse between Democrats and Republicans. She added, "We will hopefully be able to work that out. I heard that [part], too." 

Inevitably, the issue of fining powers came up. Currently, the FTC can only issue fines in the event that a company under consent decree with the agency violates those terms. 

Rep. Michael Clifton Burgess, R-Texas, wanted to talk about the ongoing dispute between the FTC and Facebook. While Simons said the commission can't comment on an ongoing investigation, Burgess shared concerns that the rumored $5 billion fine for a company as rich as Facebook is "inconsequential." 

Democratic FTC Commissioner Rohit Chopra agreed, saying that for some, fines are merely a "parking ticket," and that unless penalties are "painful," behavior doesn't change. He told lawmakers the agency doesn't "just need resources, that's not enough," and called for "bright-line rules that give clear guidance" and "penalties with real teeth." 

He agreed with Burgess that there should be some deliberation on who the agency is targeting and for what purposes. 

"There needs to be an evenness in this," Chopra said. "You’re right that even a subpoena can be very very costly for small firm so we need to think hard about where we’re allocating our resources. Are we allocating our resources to a lot of small firms or are we gaining credibility by challenging larger firms .. and who have resources to litigate."

He said litigation gives much more credibility to the outcome versus settling with a firm because it's cheaper than going into a lengthy legal process. 

"The FTC goes after individuals all the time, especially when it comes to smalltime scanners. I do think we need to level the playing field a bit in that in our investigations on privacy look at individuals who made the decision it was worth violating the law in order to profit. We cannot change behavior unless those penalties are painful, and often times that means finding out who at the top is calling shots."

Where there was consensus among commissioners was that any federal law, when and if crafted, should pre-empt state laws. This is a big part of the federal debate, given that states themselves have started to move on privacy laws, in absence of a broad baseline. That said, Commissioner Rebecca Slaughter, a Democrat, said she'd be "concerned about a federal law that lowered standards that already exist in the states." Phillips and Chopra also noted that a federal law should consider anti-trust law, in that crafting a law that favors large firms could continue to give them an edge over small businesses. 

"I think ... we have to think hard about competition," Chopra said. "We're seeing a real slow down in small business formation, even in the digital economy." He said there's a growing sentiment among small businesses that, "'the big guys have taken all the key data, we're never gonna catch up.' That can really distort innovation in our country." 

Also of note, in her opening statement, Schakowsky took Simons to task for not yet having hired a chief technologist, adding that only five staffers at the FTC are even identified as technologists in general.

The hearing was recorded, and its archive can be found here.