News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Senate committee talks need for FTC resources, federal privacy law Related reading: FTC commissioner talks privacy legislation impasses, Dems urge privacy rulemaking and other updates

rss_feed

""

During the first U.S. Senate privacy hearing of the year before the Committee on Commerce, Science, and Transportation Wednesday, former members of the Federal Trade Commission said the agency is lacking resources to handle the privacy and data protection challenges of today’s digital world, while Sen. Roger Wicker, R-Miss., called on the Biden administration to appoint a senior staffer to lead the charge on a federal privacy law.

The former FTC officials urged enhanced enforcement authority for the agency, a comprehensive federal privacy legislation with strong consumer rights, and stated support for a budget reconciliation package being considered by the House and Senate that would give the agency $1 billion over 10 years to create a new privacy and data security division.

Not enacting the budget package would be “penny wise and pound foolish,” Georgetown Law Professor and former director of the FTC’s Bureau of Consumer Protection David Vladeck said. He urged lawmakers to give the FTC necessary tools to prevent and punish privacy violations and digital harms.

“Without more resources, especially more technologists and engineers, the FTC will simply not be able to stem the growing tide of attacks on privacy and other digital harms. As a result, the cost to the United States will continue to vastly exceed the sums proposed in this legislation,” he said. “The FTC is the only privacy cop on the beat. It’s time that Congress gave it the tools it really needs to be in this fight.”

In her opening remarks before the Committee, Chair Sen. Maria Cantwell, D-Wash., said the information age has brought new products and services, but has also “exposed and threatened consumer privacy by unnecessarily collecting, storing, selling and exposing consumers’ most personal data.” In the last five years, she said more than 140 million people have been affected by data breaches, identity theft is on the rise, and companies are not doing enough to safeguard the information they collect.

Wicker, the committee's ranking member, called the impact on consumers “deeply troubling” and said safeguards are needed, or “we risk losing consumers’ trust in the internet marketplace and undermining national security and technological leadership abroad.”

He called on the Biden administration “to make a comprehensive data privacy law a reality,” and for President Joe Biden to appoint a member of his senior staff to prioritize enactment of a law and serve as a liaison to Congress on the issue.

“This is not only essential to a thriving digital economy, but it would also demonstrate to our allies around the world a serious and sincere commitment to the value of data protection as we seek to replace the EU-U.S. Privacy Shield, to preserve trans-Atlantic data flows and enter into a new bilateral partnership on trade and technology,” said Wicker, who introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act in July.

Federal privacy legislation should have several components, former FTC acting chairman and Baker Botts Partner Maureen Ohlhausen said. It should give consumers clarity and choice around companies’ data collection use and sharing practices, provide a national and uniform set of protections and rights, and ensure strong enforcement that protects consumers from harmful data practices while enabling companies to provide innovative services.

“There’s no question that a strong privacy law needs to include strong FTC authority to protect consumers’ rights. A single federal privacy law that gives the FTC more enforcement authority will dramatically strengthen consumer protections and should authorize the FTC to fine companies for certain first-time violations and in certain cases to issue rules to keep up with developments in technology,” she said. “It should also give the FTC more resources.”

Former FTC chief technologist and independent researcher and technologist Ashkan Soltani said the agency is “critically under resourced to oversee the nation’s myriad of privacy and cybersecurity issues,” with “a barebones staff of about 40 attorneys and a handful of technologists.” Comparatively, he said Germany’s data protection authority has 745 staff, with nearly 100 tech experts, while France’s data protection authority employs 200 staff, including 30 tech experts.

Cantwell expressed concern that companies continue to violate FTC orders in enforcement actions knowing the agency doesn’t have time for enforcement, which she called “beyond frustrating,” while Sen. Jon Tester, D-Mont., asked if large fines, which could be a “drop in the bucket” to some larger companies, are effective.

“What you’re really asking is did it create behavior change,” President of The App Association Morgan Reed said. “Without federal legislation you’re never going to see behavior change. Companies are looking at the lengths and depths of the law … If you want behavior change, it starts with you.”

Vladeck said the additional FTC funding proposed within the budget package “is a good start” to bringing the agency “to parity with some sister agencies.” But he’s not sure it’s enough.

“The first time we saw Google they had 600 lawyers. Now they have probably close to 1,000,” he said. “As the tech sector grows, and it’s the most dynamic sector of our economy, the FTC is going to need resources commensurate with that.”

The privacy and data security division would help with staffing in key areas, like technologists, and assist in enhancing enforcement, Soltani said. While some lawmakers questioned whether the creation of a bureau should await federal privacy legislation, Vladeck said constituents are at risk today and that risk only continues to grow.

Last week, lawmakers wrote a letter to FTC Chair Lina Khan calling on the commission to commence a rulemaking process around data privacy and this week The Wall Street Journal reports the commission is considering rules to strengthen online privacy protections, including new obligations for how businesses handle consumer data.

Ohlhausen cautioned that she doesn’t believe this would give the FTC necessary statutory authority, while Vladeck argued “Congress is the right body to finally decide what the law should be.”

The Senate Committee on Commerce, Science, and Transportation will also hold a hearing today, Sept. 30, titled, “Protecting Kids Online: Facebook, Instagram, and Mental Health Harms.”

Photo by Quick PS on Unsplash


Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 1

Submit for CPEs

Author
Headshot Jennifer Bryant IAPP Staff Contributor
Tags
Government
U.S.
Enforcement
FTC
Privacy Law
Comments

If you want to comment on this post, you need to login.

Related Stories
Democrats urge FTC to begin privacy rulemaking
Nine U.S. Senate Democrats signed a letter calling on the Federal Trade Commission to commence a rulemaking process around data privacy, The Verge reports. Led by Sen. Richard Blumenthal, D-Conn., the group of lawmakers said a federal standard for privacy "is urgently needed" and FTC rulemaking shou...
Read More queue Save This
Privacy bills in the 117th Congress
As the August recess commences, it seems an opportune moment to consider the legislative developments around privacy in the 117th U.S. Congress. More than halfway into 2021, dozens of privacy-related federal bills have been introduced that, if passed, would have a major impact on how organizations h...
Read More queue Save This
How the proposed APRA could impact AI
U.S. Congress' latest attempt at crafting comprehensive federal privacy legislation comes as the digital policy landscape is focused on how the concept of data privacy intersects with artificial intelligence. The American Privacy Rights Act discussion draft includes some holdover AI provisions from...
Read More queue Save This
Related Stories
Tags
Government
U.S.
Enforcement
FTC
Privacy Law
Recent Comments