What is the Status of Federal Privacy Legislation?

Posted by Thomas E. Sowers on

The Senate Commerce Committee held a hearing last December to discuss proposals for federal privacy legislation.  The hearing came approximately one week after members of the committee submitted separate privacy bills for consideration (George Wicker (R-Miss.) and Maria Cantwell (D-Wash.)).

Federal Privacy Legislation Proposals

The two proposals highlight that there are still important issues that need to be resolved by Democrats and Republicans in order for a federal privacy statute to become a reality.  Though there are many issues of varying levels of importance that will need to be agreed to, most privacy observers seem to agree that two main issues need to be negotiated by the two parties. The first issue is whether a federal privacy law should preempt state law.

Most Republicans argue for preemption claiming that leaving in place a patchwork of state laws with differing requirements makes it very difficult and too costly for businesses to comply with.  This is the position taken by most tech companies. Republicans believe that having to figure out the different compliance obligations of each state will be particularly difficult for small businesses and also confusing for consumers.

Democrats, on the other hand, generally believe that allowing state laws to survive would result in greater innovation and advancement of privacy laws leading to greater personal data protection for consumers.   

The second issue is whether a federal privacy law should allow for a private right of action for consumers (and if so, to what extent?).  Republicans argue that a private right of action would be particularly difficult and too costly for small businesses to contend with.  They also claim a private right of action could overwhelm the federal agency named to oversee enforcement of the law (such as the FTC).  Democrats argue that a private right of action is necessary for consumers to be properly protected, particularly in the event of data breaches.

California Consumer Privacy Act

It is clear that any federal privacy bill coming from the Senate will be bipartisan and reflective of compromise on the key issues mentioned above. Assuming this can be accomplished, a complicated negotiation with the House would likely ensue.  Though no federal legislation appears imminent and there are clear hurdles to be overcome, perhaps 2020 will be the year it happens.

Many believed that the pending effectiveness of the California Consumer Privacy Act (CCPA), which went into effect January 1, 2020, would spur Congress to enact a federal privacy law prior to the end of 2019.  Given the scope of the CCPA and the unique and heavy burden it places on businesses, together with the potential enactment of other state privacy laws (there are currently over a dozen state bills at varying stages of the legislative process), privacy observers anticipated this would generate the Congressional momentum needed to generate a federal privacy statute. Though this did not happen, the fact that the two parties are now at a stage where specific aspects of a potential privacy law are being debated could be viewed through an optimistic lens as progress.  Earlier discussions involved debates around the merits of a federal privacy law or very general discussions around the scope of a federal privacy law. 

It is clear that any federal privacy bill coming from the Senate will be bipartisan and reflective of compromise on the key issues mentioned above. Assuming this can be accomplished, a complicated negotiation with the House would likely ensue.  Though no federal legislation appears imminent and there are clear hurdles to be overcome, perhaps 2020 will be the year it happens.