Senate Commerce Committee Examines Federal Preemption, Private Right of Action at Privacy Hearing

By: Bethany Patterson

Witnesses from the private sector and civil society groups pushed for comprehensive federal legislation today at a Senate Commerce, Science & Transportation Committee hearing on consumer data privacy. 

Both Senator Roger Wicker and Senator Maria Cantwell have circulated privacy bills in the past week. While both bills give more enforcement authority to both the Federal Trade Commission and state attorneys general, they notably differ on the issues of federal preemption of state privacy laws and private rights of action. 

Senator Wicker’s proposal includes federal preemption, which would harmonize privacy laws to protect consumers equally, no matter where they are in the country. Both Maureen Ohlhausen, former acting-chair of the FTC and current co-chair of the 21st Century Privacy Coalition, and Nuala O’Connor, senior vice president of Digital Citizenship at Walmart asserted that a patchwork of state laws would harm consumers and confuse businesses. 

“A proliferation of different state privacy requirements would create inconsistent protections for consumers, as well as significant compliance and operational challenges for businesses of all sizes,” Ohlhausen said. 

Julie Brill, corporate vice president and deputy general counsel at Microsoft and former FTC commissioner, and Michelle Richardson, director of privacy and data at the Center for Democracy and Technology, also advocated for comprehensive privacy legislation. Richardson stated that since it took 15 years for all states to pass data breach notification laws, the country can’t wait for them to do the same with privacy.

Laura Moy, executive director and associate professor at the Georgetown Law Center of Privacy & Technology, came out against federal preemption of state privacy laws. 

Both Senator Wicker’s and Senator Cantwell’s bills allow for greater enforcement of privacy. Senator Cantwell’s includes the private right of action, which would allow individuals to file lawsuits against entities that violate their privacy. O’Connor touched on the “broader industry concerns” over private rights of action, while Ohlhausen highlighted that they aren’t that effective at protecting privacy. 

According to her, private rights of action “often result in class actions that primarily benefit attorneys while providing little, if any, relief to actual victims.”

While Moy asserted that the private right of action is necessary to empower marginalized groups to protect themselves, Richardson advocated for a “middle ground” approach. In her view, a federal law should ensure that consumers have the same amount of rights that are currently allowed under state laws. “State and federal laws are full of examples when [private rights of action] are crafted to limit litigation to the most important harms,” she wrote in her testimony. 

The hearing made clear that the current privacy environment in the United States is too confusing for consumers and that comprehensive federal privacy legislation could help clear the way. 

“Simply adding more complexity to consumers’ lives is not actually helping their privacy. There is strength in clarity, simplicity and consistency that could be offered at the federal level,” O’Connor said.

Photo: Pierre-Selim (flickr)