Details still elusive on possible federal data privacy standard

data protection (Ditty_about_summer/ 

There appears to be growing bipartisan consensus across multiple congressional committees, the Federal Trade Commission and tech companies that some national data privacy legislation is needed in part to harmonize with European rules, eliminate the confusing patchwork of state-level laws and protect U.S. consumers against Equifax-style breaches. But as ever, details and a timeline on new legislation remain unclear.

All five FTC commissioners testified at a Nov. 27 hearing of the Consumer Protection, Product Safety, Insurance and Data Security subcommittee of the Senate Commerce Committee.

According to FTC chairman Joseph Simons and other commissioners, the agency doesn't have enough resources or authorities to go after abusers of consumer data.

"In my view, we need more authority" in order to carry out enforcement against data misuses, Simons said, adding that any federal privacy law must include three elements: the ability to seek civil penalty for unlawful conduct, jurisdiction over nonprofits and common carriers, as well as rulemaking authority.

Subcommittee chairman Sen. Jerry Moran (R-Kan.) said that the FTC needs "additional authorities…to accomplish greater levels of privacy and data security in this country… I can be convinced — and may be already convinced — they need more financial resources to appropriately perform their duties today."

Committee Democrats want to make sure that any new federal standard includes consumer protections that are on par with the General Data Protection Regulation in the EU or in California statutes.

Rohit Chopra, one of the two FTC Commissioners appointed by Democrats, said that federal law should respect those states which have elected to enact strict data privacy laws.

"We need some clear rules of the road at the federal level," Chopra said, but added that "broad preemption [of state laws] would be a huge mistake."

Moran said the California and EU provisions offer "a way to at least have negotiations about a national standard."

Both Blumenthal and Moran said they want significant bipartisan support on legislation and expect a bill to be introduced early next year.

Some privacy advocates are less keen on turning to the FTC for data privacy enforcement.

Caitriona Fitzgerald, chief technology officer and policy director at the Electronic Privacy Information Center, noted in past cases of data protection, the FTC has "has failed to use the authority it already has."

"Given the enormity of the challenge, the United States would be best served to do what other countries have done and create a dedicated data protection agency," she said.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.