Listening to Consumer Privacy Advocates

Benton Foundation

Friday, October 12, 2018

Weekly Digest

Listening to Consumer Privacy Advocates

 You’re reading the Benton Foundation’s Weekly Round-up, a recap of the biggest (or most overlooked) telecommunications stories of the week. The round-up is delivered via e-mail each Friday.

Round-Up for the Week of October 8-12, 2018

Robbie McBeath

On October 10, 2018, the Senate Commerce Committee held a hearing on privacy titled Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. Two weeks ago you may recall, the committee heard from industry representatives, and this week, it was the time to listen to consumer privacy advocates. 

Chairman John Thune (R-SD) set the tone in his opening statement by reiterating what you'd think everybody can agree on: the country needs a federal privacy law. “[I]t is increasingly clear that industry self-regulation in this area is not sufficient. A national standard for privacy rules of the road is needed to protect consumers,” he said. 

This week's hearing highlighted that consumer advocates and industry representatives don’t always see eye-to-eye on how protective a national law should be. But who will get to influence the legislation while it is drafted? “I want to be clear that the next federal privacy law will not be written by industry,” Thune said. “Any federal privacy law should incorporate views from affected industry stakeholders and consumer advocates in an effort to promote privacy without stifling innovation.” 


Witnesses before the Senate Commerce Committee

Witnesses at the October 10 hearing were:

  • Andrea Jelinek, the chair of the European Data Protection Board
  • Alastair Mactaggart, the advocate behind California's Consumer Privacy Act
  • Laura Moy, executive director of the Georgetown Law Center on Privacy and Technology
  • Nuala O'Connor, president of the Center for Democracy and Technology.

Do We Need A National Privacy Law? Yes, But...

At the September 26 hearing, industry representatives pressed for a federal law that would safeguard user privacy — so long as the law was not as stringent as the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

Tech companies essentially want a federal privacy law to be a ceiling that would limit how far states could go with their own privacy rules, while privacy advocates want it to be more of a floor that states can build on.

“As Congress considers establishing new privacy and data security protections for Americans’ private information, what it should not do is eliminate existing protections that are already benefiting Americans in state or other federal laws,” said CTD President Nuala O’Connor. 

Alastair Mactaggart, the wealthy Northern California real estate developer who spearheaded the campaign to enact the CCPA, agreed. “We understand this committee is considering a national standard for data privacy, but we implore you not to weaken or undo the safeguards California has so recently put in place, which now cover 40 million Americans.”

“To avoid doing harm to consumers benefiting from...existing consumer protections, any federal legislation on privacy or data security must preserve strong state standards,” said Laura Moy, executive director of the Georgetown Law Center on Privacy and Technology.

At the previous hearing, industry representatives, such as Leonard Cali, the senior vice president of global public policy at AT&T, called for a new federal law that “learns from” and “does better than” CCPA and GDPR.

“Providers struggling with compliance may have no choice but to adopt the most restrictive elements of each state’s law, given the impracticability of complying with multiple state rules,” he warned. “The result may be a more restrictive privacy framework than any state intended with less innovation, investment and consumer welfare.”

Mactaggart countered by saying the companies’ criticism is alarmist:

You heard from representatives of giant corporations only two weeks ago that the sky will essentially fall if you leave CCPA intact. "This law was rushed and badly drafted," they said, "and it needs preemption right away." On the contrary, we spent years talking to legal and technical experts, academics, businesses, privacy advocates. And its language reflects thousands of hours of careful drafting.

The FTC’s Authority Issues

There were many complaints from witnesses about the inadequacy of the Federal Trade Commission to handle consumer privacy protections.

CDT’s O’Connor highlighted the limitations on the agency itself. “Because the FTC is prohibited from using traditional rulemaking processes, the agency has created a ‘common law’ of privacy and security through its enforcement actions. Creating proactive privacy rights through a process-of-elimination approach will not be able to keep up with advances in technology and the explosion of device and app manufacturers,” she said.  

Witnesses said Congress needs to enhance the FTC’s power to fine companies for privacy violations. “At present, although the Federal Trade Commission is expected to enforce the privacy promises of most of the commercial sector, with few exceptions, the agency does not have the ability to levy fines for privacy and data security,” said Georgetown’s Moy. “To improve privacy and data security for consumers, the FTC—or another agency or agencies—must be given more powerful regulatory tools and stronger enforcement authority.”

Moy also advocated for legislation that would enhance individual consumers’ ability to litigate on behalf of their privacy. "To provide an additional backstop for consumers in the event that agencies lack the capacity or motivation to effectively enforce, Congress should also consider granting individual consumers themselves the right to bring civil actions against companies for violating privacy regulations."

And Moy didn’t stop there. She also called for privacy protections to be enforced by state attorneys general: 

State attorneys general should also be empowered to enforce privacy. A single agency cannot hope to police the entire digital ecosystem. State attorneys general do a large volume of important work in this area, both enforcing privacy laws and providing valuable guidance to companies trying to comply with the law...To ensure that consumers receive the best protection they possibly can, state attorneys general must be given the ability to help enforce any new federal standard.


The Wall Street Journal reported this week that Google exposed the private data of hundreds of thousands of users of its Google+ social network. But the company chose not to disclose the issue in part because of worries that news of the incident would bring on regulatory scrutiny and reputational damage.

Chairman Thune referenced the story in his opening remarks. “In the wake of Facebook’s Cambridge Analytica scandal and other similar incidents, including a vulnerability in Google-plus accounts reported just this past week, it is increasingly clear that industry self-regulation in this area is not sufficient.” 

Senator Maggie Hassan (D-NH) also discussed the Google+ story. “This incident further highlights the need for a closer look at how we might structure data breach notification in federal legislation, as it is really concerning to meet that an incident affecting this many people didn’t have to be disclosed publicly.”

Senator Richard Blumenthal (D-CT) was the most critical. “I think this kind of deliberate concealment is absolutely intolerable,” he said. Hours after the hearing, Senators Blumenthal, Ed Markey (D-MA), and Tom Udall (D-NM) sent a letter to FTC Chairman Joseph Simons, urging the agency to immediately open an investigation into Google. 

The next day, Chairman Thune, Communications Subcommittee Chairman Roger Wicker (R-MS), and Consumer Protection Subcommittee Chairman Jerry Moran (R-KS) sent their own letter to Google CEO Sundar Pichai, seeking answers about the Google+ vulnerability and what actions the company took to remedy it. The senators are calling for Google to provide the requested information by October 30.


This week, privacy advocates got their turn to speak, laying out the necessity of a national privacy law that goes beyond the protections already offered by some states. Their message is different than what industry asked of the committee last month. Who will Congress listen to?

“As we continue to work toward possible legislation, I encourage my colleagues to challenge what industry told us at our first hearing, but also to examine both the benefits as well as the potential unintended consequences of the new rules put forth by the European Union and the state of California,” said Chairman Thune. 

Obviously, with elections just around the corner and a lame duck Congress returning in November, we will not see comprehensive privacy legislation this year. But these recent hearings could help inform proposals that the 116th Congress considers next year and beyond. 

Quick Bits

Weekend Reads (resist tl;dr)

ICYMI from Benton

October 2018 Events

Oct 15 -- Call for Panels and Paper Proposals: National People of Color Legal Scholarship Conference

Oct 15-16 -- CPB Board of Directors meeting

Oct 15-18 -- Digital Media and Developing Minds Conference

Oct 15-17 -- Competition and Consumer Protection in the 21st Century, (FTC & Global Antitrust Institute)

Oct 17 -- Federal Broadband Funding: Policies and Programs to Connect America (NTIA)

Oct 23 -- FCC October 2018 Open Meeting

Oct 30 -- Virginia Broadband Summit (NTIA)

Nov 1 -- FCBA Foundation Charity Auction

Nov 1 -- U.S. Manufacturing and Healthcare: How 5G Can Give U.S. Companies an Edge, Georgetown Center for Business and Public Policy

Benton, a non-profit, operating foundation, believes that communication policy - rooted in the values of access, equity, and diversity - has the power to deliver new opportunities and strengthen communities to bridge our divides. Our goal is to bring open, affordable, high-capacity broadband to all people in the U.S. to ensure a thriving democracy.

© Benton Foundation 2018. Redistribution of this email publication - both internally and externally - is encouraged if it includes this copyright statement.

For subscribe/unsubscribe info, please email headlinesATbentonDOTorg

Kevin Taglang

Kevin Taglang
Executive Editor, Communications-related Headlines
Benton Foundation
727 Chicago Avenue
Evanston, IL 60202
headlines AT benton DOT org

Share this edition:

Benton Foundation Benton Foundation Benton Foundation

Benton Foundation