U.S. lawmakers renew push on federal privacy legislation
Policymakers want federal data privacy legislation limiting businesses' ability to collect data on individuals and banning targeted advertising to teens under age 17.
Lawmakers committed this week to pursuing federal data privacy legislation after the American Data Privacy and Protection Act stalled in 2022.
The ADPPA advanced further than any previous privacy legislation, passing out of the U.S. House Committee on Energy and Commerce in a 53-2 vote in July 2022. However, it never made it to a House floor vote, leaving the U.S. once more without the possibility of a federal data privacy law -- something advocates believe will provide clearer privacy rules to businesses and better data protections for consumers.
"We were almost there. We were able to pass in an almost unanimous way the ADPPA," said Rep. Jan Schakowsky (D-Ill.), ranking member of the House Subcommittee on Innovation, Data and Commerce, during a data privacy hearing Wednesday. "Absent any action by Congress, big tech is collecting ever more information about us -- our personal information, intimate data."
The ADPPA included enhanced protections for minors, such as banning targeted advertising to teens under age 17 and requiring companies to collect the minimum amount of data necessary on individuals, rather than offer basic consent and opt-in mechanisms.
During the hearing, lawmakers set their sights on building on the ADPPA and passing a federal data privacy law this year. The hearing was the committee's second in its data privacy series. TikTok CEO Shou Zi Chew is set to testify before the committee's final hearing in the series March 23.
"We need a national data privacy standard that changes the status quo regarding people's data," said Rep. Cathy Rodgers (D-Wash.), Energy and Commerce Committee chair, during the hearing.
Witnesses reiterate need for federal privacy legislation
Congress has held 31 hearings on consumer privacy in the last five years, building a detailed record of the "overwhelming need for a comprehensive federal privacy law," said Alexandra Givens, president and CEO of the nonprofit Center for Democracy and Technology and a witness during the hearing.
The lack of a comprehensive federal privacy law is leaving consumers open to exploitation and abuse.
Alexandra GivensPresident and CEO, Center for Democracy and Technology
Givens detailed several examples of how companies can use personal data to harm consumers, such as predatory lenders targeting veterans or families navigating medical crises with payday loans and high interest rates.
"The lack of a comprehensive federal privacy law is leaving consumers open to exploitation and abuse," she said.
Indeed, one of the data privacy concerns that bills such as the ADPPA sought to address was tracking. A majority of companies that run digital ads have added tracking software from dozens of ad platforms the companies do business with, which allows ad platforms to build "tremendously rich profiles of people's browsing and buying behavior across millions of websites," said Graham Mudd, founder and chief product officer at privacy technology company Anonym and a witness at the hearing.
"Does the average American expect and appreciate that their internet behavior on millions of sites is being beamed to dozens of advertising companies so they can build a profile on them? Of course they don't," Mudd said.
Given the lack of federal privacy legislation, the Federal Trade Commission (FTC) is considering crafting its own data privacy rules to crack down on commercial surveillance. However, developing such rules can be a cumbersome, difficult process, said Jessica Rich, a senior policy advisor for consumer protection at Kelley Drye & Warren LLP and former director of the FTC's Bureau of Consumer Protection.
The FTC needs federal data privacy legislation because the agency is currently limited as an effective privacy enforcer, she said as a witness during the hearing.
"Because there is no comprehensive federal privacy law, the FTC has had to bring most of its privacy enforcement under Section 5 of the FTC Act, a general-purpose consumer protection law enacted long before the internet existed," Rich said. "Sometimes the legal tests simply don't work for privacy because they weren't written with privacy in mind."
Makenzie Holland is a news writer covering big tech and federal regulation. Prior to joining TechTarget Editorial, she was a general reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Dealer.
