This week, U.S. Rep. Cathy McMorris Rodgers, R-Wash., who leads Republicans on the U.S. House Energy and Commerce Committee, and U.S. Rep. Gus Bilirakis, R-Fla., who leads Republicans on the U.S. House Consumer Protection and Commerce Subcommittee, issued the following statement on a legislative draft that, they say, establishes a national privacy standard to protect Americans and sets clear rules for consumer privacy and data security in the U.S.
“We now share more of our personal information online than ever before. Everything from information about where we bank, what we buy at the grocery store, to where we drive, and how well we sleep. In order to ensure that our information is protected, we need one national privacy law that supports small businesses and innovation, promotes transparency, and incentivizes solutions for data security. Guided by these principles, Energy and Commerce Republicans are building on our privacy leadership with a new framework to establish a national privacy standard.
“This national standard will provide clear rules of the road and give Americans the same data protections wherever they go. Privacy does not end at state lines and Americans deserve better than a patchwork of different and conflicting state laws. Every Republican member of our Consumer Protection and Commerce Subcommittee will be leading on our solutions to protect people’s privacy. By building a comprehensive, forward-thinking national privacy standard, we will secure American economic leadership and ensure that we win the future.”
Every member on the Consumer Protection and Commerce Subcommittee will lead on framework solutions in this comprehensive package:
· Bilirakis will focus on the creation of a Bureau of Consumer Privacy and Data Security, and how the FTC will implement transparency requirements.
· U.S. Rep. Fred Upton, R-Mich., will focus on how “legitimate purpose” is defined for companies, and how companies handle the retention of information so as not to be a cybersecurity target.
· U.S. Rep. Bob Latta, Ohio, will focus on the need for one national standard and avoiding conflicting regulations, as well as proper third-party data sharing allowances.
· U.S. Rep. Brett Guthrie, R-Ky., will focus on risk assessment, and mitigation techniques that include emerging technologies like blockchain to protect consumer data.
· U.S. Rep. Larry Bucshon, Ind., will focus on privacy-by-design so reasonable policies and procedures are followed through the course of collecting, use and sharing of information.
· U.S. Rep. Neal Dunn, R-Fla., will focus on data security practices to protect data from falling into the wrong hands.
· U.S. Rep. Debbie Lesko, R-Ariz., will focus on categories of sensitive information and ensure longstanding consensus policies on anti-discrimination are followed.
· U.S. Rep. Greg Pence, R-Ind., will focus on how small and mid-size entities are defined versus large entities, as well as how personal information is defined.
· U.S. Rep. Kelly Armstrong, R-ND, will focus on the proper use of enforcement powers by the FTC, cooperation with state attorneys general, and self-regulatory guidelines and safe harbors of which businesses may avail themselves.
The Energy and Commerce Committee Republican privacy framework is guided by four principles articulated by Rodgers and Bilirakis to ensure a national standard that promotes innovation, protects consumers and sets clear rules for data privacy in America. To ensure a national privacy framework that increase transparency and improve accountability, enhances security for Americans, and protect innovation and small businesses, the framework adheres to the following principles:
Principle #1: The internet does not stop at state lines, so why should one state set the standard for the rest of the country? Creating arbitrary barriers to the internet may result in different options, opportunities, and experiences online based on where you live.
Principle #2: A lack of transparency has led to where we are today and any federal bill must ensure people understand how their information is collected, used, and shared. We must also ensure that companies who misuse personal information must be held sufficiently accountable.
Principle #3: Any federal bill must ensure companies are implementing reasonable measures to protect people’s personal information.
Principle #4: We must also protect small businesses and innovation. We know that in Europe, investments in startups are down more than 40 percent since their data protection and privacy law—the General Data Protection Regulation—went into effect. We must guard against a similar situation here. We want small businesses hiring coders and engineers, not lawyers.
