In early 2021, the 117th Congress will convene with many new members in both the House of Representatives and Senate. How might this new class of entrants shift Congress’s priorities regarding privacy and cybersecurity, if at all? To answer this question, we searched the websites, social media accounts, LinkedIn pages, legislative histories and news articles quoting or mentioning these new members of Congress to identify any sentiments they have expressed publicly about privacy and cybersecurity issues. We then analyzed these statements to understand what type of legislation or regulation, if any, these new members of Congress would likely support or oppose.
Our research showed new members of Congress have expressed opinions on a federal privacy law, international data transfers, net neutrality, surveillance and online censorship. An overarching bipartisan issue is the lack of broadband and internet access in rural and underserved areas, with both sides of the aisle expressing a desire to work toward a solution to increase connectivity.
Even though several House races have yet to be called, there are, as of this writing, 58 known new members of the House of Representatives. There are currently seven known incoming Senators that are new, as the Georgia runoff elections will not yield results until January. Some incoming members have worked in politics before and already have prior legislative histories that show an emphasis on privacy. Others are completely new to politics but have released policy objectives related to privacy and cybersecurity.
While many new members of the House have not publicly stated a view on privacy issues, nearly all new members of the Senate have publicly stated their views on cybersecurity, emerging technology or privacy. Historically, privacy and cybersecurity laws tend to receive bipartisan support, a trend that may continue from incoming members of Congress. However, there are differences down party lines that have the potential to impact any future legislation. These differences include federal preemption and a private right of action.
New members with political experience with privacy stances
There are members entering both the House and Senate with prior political experience and stated views on privacy or a history of introducing privacy legislation. Their previous legislation may be a preview of bills introduced during the 117th Congress.
Jay Obernolte, R-Cal., was previously a California state assemblyman when the California Consumer Privacy Act was passed. He did not have a favorable view of the private right of action aspect of the law, telling the Associated Press he thought “the parts of the bill allowing people to sue companies over data breaches are too broad.” His views on the private right of action could play out on a larger scale and along party lines, if an overarching privacy law is introduced.
Incoming members of the Senate have also signaled an interest in a federal privacy law. Sen.-elect Ben Ray Lujan, D- N.M., has expressed a desire to see a comprehensive privacy law. In 2018, after the Equifax breach, he questioned the U.S. Federal Trade Commission about the breach and expressed his belief that Congress needs to enact privacy legislation to help prevent future breaches. He was also vocal after Cambridge Analytica’s use of Facebook data was announced, stating “[t]hese breaches will continue. It’s time for Congress to hold companies like Facebook accountable and to pass comprehensive privacy and data protection legislation.”
Additionally, beyond a federal privacy law, new House members have advocated for increased privacy protections on the local level prior to being elected to Congress. New York City Council Member and Rep.-elect Ritchie Torres, D- N.Y., introduced a 2018 bill in New York City that would have required facial recognition notifications on building entrances detailing the collection, use and storage of facial images. An IAPP article on his facial recognition bill notes the bill “would require companies to post signs at every entrance detailing if and how they collect, retain, convert and store facial images. Companies would also be required to post four components online: the amount of information it retains, the type of data it collects, a privacy policy, and whether it shares the information with third parties.”
Also on the local level, current Miami-Dade County Mayor and Rep.-elect Carlos Gimenez, R-Fla., recently rolled out a COVID-19 application that tracks infections. Gimenez emphasized the privacy of his local constituents, stating, "[l]et me stress that this app requires no personal information, no GPS or location information is tracked." He also said that the "information is encrypted, so there’s absolutely no reason to fear that the government is tracking your every move. It’s really about protecting you."
International laws are also important to incoming members of Congress. Rep.-elect Darrell Issa, R-Calif., who previously represented California's 49th district, co-sponsored the International Communications Privacy Act that would have allowed law enforcement to obtain U.S. information stored on overseas cloud storage with a warrant. While the 2017 bill died, once back in Congress, Issa could be involved in conversations surrounding other international data transfer bills because of his expressed interest in the subject. A potential bill could be of interest in light of the "Schrems II" decision and the invalidation of the EU-U.S. Privacy Shield.
So far, all new members of the Senate have prior political experience. Three senators-elect were previously members of the House of Representatives: Roger Marshall, Ben Ray Lujan (discussed previously) and Cynthia Lummis.
Sen.-elect Roger Marshall, R-Ky., a medical doctor, introduced a bipartisan telehealth bill and H.R. 7998, the NIST COVID-19 Cybersecurity Act while a member of the House. The bill, which was introduced but never passed the House, would require the National Institute of Standards and Technology to “disseminate and make publicly available resources to help research institutions and institutions of higher education identify, assess, manage, and reduce their cybersecurity risk related to conducting research with respect to COVID-19.”
Sen.-elect Cynthia Lummis, R-Wyo., has owned bitcoin since 2013 and is a proponent of the cryptocurrency and cryptocurrency in general. As a member of the House, she co-sponsored a 2011 bill that aimed to limit the U.S. Federal Communications Commission’s ability to regulate the internet or other IP-enabled services.
Two other members of the Senate will be coming from previous political positions: John Hickenlooper and Bill Hagerty.
The makeup of the bipartisan Senate Cybersecurity Caucus will already be different, as John Hickenlooper, D-Colo., beat Caucus co-founder Cory Gardner, R-Colo. However, Sen.-elect Hickenlooper, the former governor of Colorado, may be equally concerned about cybersecurity and privacy issues. As governor, he signed Colorado’s Privacy and Cybersecurity Law into law, which includes a 30-day breach notification window and security procedures aimed at protecting personal information, and created the Colorado Council for the Advancement of Blockchain Use. As a 2020 presidential candidate in 2019, his economic plan included breaking up Big Tech.
In Tennessee, former ambassador to Japan and Sen.-elect Bill Hagerty, R-Tenn., has spoken at conferences that explore IT, the Internet of Things, digital currencies and connected vehicles. As a keynote speaker at the 2017 Cyber3 Conference in Tokyo, then-Ambassador Hagerty reiterated the need for global cooperation between governments, business and academia to mitigate cyber risk. Like others, he is outspoken in his support of increased broadband connectivity, stating “21st century infrastructure is not limited to our roadways, it also includes reliable internet access.”
New members without political experience but have privacy stances
There are several new members entering the House who do not have prior political experience but have stated views on privacy and cybersecurity. They may push for change by introducing new legislation in the house. Sara Jacobs, D-Calif., has made net neutrality one of her key issues with a highlight on her campaign website. She specifically finds the lack of net neutrality an issue that will “affect your privacy and rights.” Another new member concerned with the rights of individuals online is Madison Cawthorn, R-N.C., who has spoken about Big Tech. He believes “Facebook and Google are assaulting our First Amendment rights” through social media posts and has described social media platforms as the “new town square.” He has posted messages describing his stance on platform censorship.
Another hot topic for incoming new members of the House is surveillance. Andrew Garbino, R-N.Y. is concerned about foreign interference in digital infrastructure, stating, “it is necessary we fight to keep Chinese-owned technology and telecommunications companies, Huawei, out of our data, infrastructure, and networks.” Meanwhile, Peter Meijer, R-Mich., has views about both private and public surveillance as a whole, saying, “[i]n an age of increasing technological surveillance and diminishing personal privacy, we must ensure that our government does not trade hard-fought liberty for security, and that the private sector does not have the ability to turn our private information into profit without our knowledge and consent.” Marilyn Strickland, D-Wash., also believes in “increase[d] transparency on personal data usage, how it is collected and how it is used.”
The most-discussed bipartisan objective: Increased broadband access
The most-discussed bipartisan objective is increased access to broadband internet. There is broad bipartisan support for increasing broadband access to rural and unconnected areas. On both sides of the aisle, incoming representatives and senators view broadband as an infrastructure issue.
In the House, Strickland views universal broadband as a utility “like water and electricity” that should be regulated and available universally at an affordable price. Jacobs previously ran an initiative by the United Nations Children's Fund that maps internet connectivity at schools around the world.
In the Senate, Sen.-elect Bill Hagerty, R-Tenn., believes that internet access is part of the infrastructure and will “work with members of both parties to close the digital divide and ensure” reliable internet. As governor of Colorado, Hickenlooper signed into state law a rural broadband expansion bill in 2018. As a member of the House of Representatives, Sen.-elect Ben Ray Lujan, D-N.M., co-sponsored a bipartisan bill that would put Wi-Fi on school buses to bring digital connectivity to students in rural areas because “students should be given every opportunity to succeed in their schoolwork. Today, that means having access to a reliable Internet connection to complete homework, study, and explore academic pursuits. When one-fifth of our students can’t log on to further their studies, we’re creating a digital divide that will have impacts long after graduation.”
Key takeaways
New members of Congress with prior political positions have previously introduced and discussed privacy and cybersecurity legislation at the federal and state level, which gives some indications as to the type of regulation they might support or oppose. Many incoming Democrats and Republicans will have cybersecurity, technology and privacy issues on their agenda, and it will be important to track the issues of greatest concern.
There appears to be support from many new entrants for regulating large technology companies in some capacity. While new members appear to want to regulate Big Tech, like Facebook, they seem to approach the topic from different angles, whether that means focusing on censorship or breach prevention. For example, Cawthorn may support content moderation, while Lujan and Hickenlooper may want to see Big Tech regulated to prevent breaches or broken up in an antitrust case.
Protecting privacy while conducting COVID-19 tracking or other surveillance may also be likely to garner bipartisan support. On both sides of the aisle, newly elected House members advocated and touted privacy features as benefits instead of detriments. The continuing pandemic is likely to push remote options, like telehealth and increased health research, to the forefront, something Marshall may weigh in on as topics needing cybersecurity risk assessments.
Finally, there is broad bipartisan support for increasing broadband access to rural and unconnected areas. It is yet to be seen if novel privacy issues arise from expanding broadband or if broadband access would be treated as a utility.
If the incoming Biden administration emphasizes cybersecurity and privacy, Congress may respond with new privacy bills. Beyond the new administration, other motivating factors include national and international data privacy laws. Domestically, California is leading the way with the CCPA, California Privacy Rights Act and Proposition 24. Two other states, Nevada and Maine, also have privacy laws on the books, and more than 20 other states are in various stages of the legislative process. Globally, Canada, Brazil, China and India all have passed or proposed new privacy laws, which may further encourage Congress to enact privacy bills. Uncertainty about the future of cross-border data transfers with the European Union may also be a motivating factor. Ultimately, privacy professionals could find it important to monitor the 117th Congress for new privacy laws that may shift the privacy regulation and enforcement landscape.
IAPP Legal Extern Hannah McDonnell also contributed to this article.
Photo by Quick PS on Unsplash