TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Senate committee talks need for FTC resources, federal privacy law Related reading: FTC commissioner talks privacy legislation impasses, Dems urge privacy rulemaking and other updates

rss_feed

""

""

During the first U.S. Senate privacy hearing of the year before the Committee on Commerce, Science, and Transportation Wednesday, former members of the Federal Trade Commission said the agency is lacking resources to handle the privacy and data protection challenges of today’s digital world, while Sen. Roger Wicker, R-Miss., called on the Biden administration to appoint a senior staffer to lead the charge on a federal privacy law.

The former FTC officials urged enhanced enforcement authority for the agency, a comprehensive federal privacy legislation with strong consumer rights, and stated support for a budget reconciliation package being considered by the House and Senate that would give the agency $1 billion over 10 years to create a new privacy and data security division.

Not enacting the budget package would be “penny wise and pound foolish,” Georgetown Law Professor and former director of the FTC’s Bureau of Consumer Protection David Vladeck said. He urged lawmakers to give the FTC necessary tools to prevent and punish privacy violations and digital harms.

“Without more resources, especially more technologists and engineers, the FTC will simply not be able to stem the growing tide of attacks on privacy and other digital harms. As a result, the cost to the United States will continue to vastly exceed the sums proposed in this legislation,” he said. “The FTC is the only privacy cop on the beat. It’s time that Congress gave it the tools it really needs to be in this fight.”

In her opening remarks before the Committee, Chair Sen. Maria Cantwell, D-Wash., said the information age has brought new products and services, but has also “exposed and threatened consumer privacy by unnecessarily collecting, storing, selling and exposing consumers’ most personal data.” In the last five years, she said more than 140 million people have been affected by data breaches, identity theft is on the rise, and companies are not doing enough to safeguard the information they collect.

Wicker, the committee's ranking member, called the impact on consumers “deeply troubling” and said safeguards are needed, or “we risk losing consumers’ trust in the internet marketplace and undermining national security and technological leadership abroad.”

He called on the Biden administration “to make a comprehensive data privacy law a reality,” and for President Joe Biden to appoint a member of his senior staff to prioritize enactment of a law and serve as a liaison to Congress on the issue.

“This is not only essential to a thriving digital economy, but it would also demonstrate to our allies around the world a serious and sincere commitment to the value of data protection as we seek to replace the EU-U.S. Privacy Shield, to preserve trans-Atlantic data flows and enter into a new bilateral partnership on trade and technology,” said Wicker, who introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act in July.

Federal privacy legislation should have several components, former FTC acting chairman and Baker Botts Partner Maureen Ohlhausen said. It should give consumers clarity and choice around companies’ data collection use and sharing practices, provide a national and uniform set of protections and rights, and ensure strong enforcement that protects consumers from harmful data practices while enabling companies to provide innovative services.

“There’s no question that a strong privacy law needs to include strong FTC authority to protect consumers’ rights. A single federal privacy law that gives the FTC more enforcement authority will dramatically strengthen consumer protections and should authorize the FTC to fine companies for certain first-time violations and in certain cases to issue rules to keep up with developments in technology,” she said. “It should also give the FTC more resources.”

Former FTC chief technologist and independent researcher and technologist Ashkan Soltani said the agency is “critically under resourced to oversee the nation’s myriad of privacy and cybersecurity issues,” with “a barebones staff of about 40 attorneys and a handful of technologists.” Comparatively, he said Germany’s data protection authority has 745 staff, with nearly 100 tech experts, while France’s data protection authority employs 200 staff, including 30 tech experts.

Cantwell expressed concern that companies continue to violate FTC orders in enforcement actions knowing the agency doesn’t have time for enforcement, which she called “beyond frustrating,” while Sen. Jon Tester, D-Mont., asked if large fines, which could be a “drop in the bucket” to some larger companies, are effective.

“What you’re really asking is did it create behavior change,” President of The App Association Morgan Reed said. “Without federal legislation you’re never going to see behavior change. Companies are looking at the lengths and depths of the law … If you want behavior change, it starts with you.”

Vladeck said the additional FTC funding proposed within the budget package “is a good start” to bringing the agency “to parity with some sister agencies.” But he’s not sure it’s enough.

“The first time we saw Google they had 600 lawyers. Now they have probably close to 1,000,” he said. “As the tech sector grows, and it’s the most dynamic sector of our economy, the FTC is going to need resources commensurate with that.”

The privacy and data security division would help with staffing in key areas, like technologists, and assist in enhancing enforcement, Soltani said. While some lawmakers questioned whether the creation of a bureau should await federal privacy legislation, Vladeck said constituents are at risk today and that risk only continues to grow.

Last week, lawmakers wrote a letter to FTC Chair Lina Khan calling on the commission to commence a rulemaking process around data privacy and this week The Wall Street Journal reports the commission is considering rules to strengthen online privacy protections, including new obligations for how businesses handle consumer data.

Ohlhausen cautioned that she doesn’t believe this would give the FTC necessary statutory authority, while Vladeck argued “Congress is the right body to finally decide what the law should be.”

The Senate Committee on Commerce, Science, and Transportation will also hold a hearing today, Sept. 30, titled, “Protecting Kids Online: Facebook, Instagram, and Mental Health Harms.”

Photo by Quick PS on Unsplash


Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 1

Submit for CPEs

Comments

If you want to comment on this post, you need to login.