Pallone Highlights Concerns Regarding the Administration’s Consumer Privacy Bill of Rights
WASHINGTON, DC – Today, Rep. Frank Pallone, Jr. (NJ-06), Ranking Member of the House Energy and Commerce Committee, and Rep. Jan Schakowsky (IL-09), Ranking Member of the Committee’s Commerce, Manufacturing, and Trade Subcommittee, issued the following statement upon release of the Obama Administration’s Consumer Privacy Bill of Rights.
In light of recent cyberattacks and data breaches and the exponential growth of big data, online consumers should have more control over the massive amounts of personal information collected and often widely shared by the companies with whom they interact on a daily basis. Pallone expressed specific concerns, though, that the Administration’s proposed changes would actually weaken existing privacy protections and the framework for privacy protections moving forward:
“Today, the Obama Administration released its Consumer Privacy Bill of Rights. Unfortunately, not only does this bill fail to move consumer protection forward, it may move it backward.
“We are pleased that the President has made consumer privacy a top priority this year, and we are eager to work with his Administration to advance that objective. However, we believe that a number of provisions within this proposal are deeply problematic, including:
- The draft encourages a self-regulatory system that could allow companies to design the privacy policies the FTC would enforce. Based on that model, all current practices related to data collection, use, and sharing – even flawed practices – would be allowed to continue. The FTC’s already limited authority to prevent the unfair acts or practices regarding privacy would be further weakened.
- State laws designed to hold companies accountable for protecting their customers’ personal information would be preempted, and individuals would be prevented from pursuing legal action if privacy policies are violated.
- The proposal exempts new companies from any privacy requirements for their first 18 months of data collection, discouraging start-ups from designing consumer-focused privacy and security into their products and services.
- This framework sets caps on penalties for companies that violate the privacy policies the companies themselves created. With some of the biggest and fastest-growing companies on earth – including those valued in the hundreds of billions of dollars – covered by this bill, a $25 million maximum penalty is just a slap on the wrist.
“The Energy and Commerce Committee – and specifically the Subcommittee on Commerce Manufacturing, and Trade – is the committee of jurisdiction on consumer privacy and FTC issues. We have decades of experience dealing with the same issues this proposal attempts to address, and we have repeatedly expressed our interest in being actively involved in this process. Despite those efforts, our staff was not permitted to participate in drafting the proposal, or even to see it until just yesterday.
“We were pleased to see that the Administration took our suggestion and removed the provision, found in an earlier draft, which would have moved telecommunications carriers and cable companies from the privacy regime regulated and enforced by the Federal Communications Commission to a self-regulatory system within the Federal Trade Commission’s (FTC) purview. But much more work remains.
“We believe that the public will have serious concerns about the changes this bill would make to existing privacy protections and the framework it would establish for privacy protections moving forward. We share those concerns, but we stand ready and willing to help strengthen privacy protections in this proposal.”