Over the past decade, American businesses have become increasingly dependent on consumers’ personal data to develop their products and services. This data has become the lifeblood of our nation’s burgeoning digital economy. For example, consider how you reached this editorial. Whether it was through a news site, Facebook post, Tweet, email or Google search, your collected, stored and processed personal data likely generated targeting efforts that ultimately led you here.
The collection and processing of data has led to fascinating advancements that almost every American takes advantage of every day. From improvements in accessing health care and education systems, to developments in the agriculture and manufacturing sectors, to how we shop and buy products, innovative solutions produced through the creative and convenient uses of data are changing the way our world works.
While these developments have generated an entirely new sector of the global economy and improved the quality of life for many people, Americans should not be asked to trade the privacy and security of their personally identifiable information for technological advancements and the benefits that come with them.
As chairman of the Senate Commerce Subcommittee on Consumer Protection, I held a hearing nearly two years ago to examine the privacy concerns that were uncovered during Facebook’s Cambridge Analytica scandal. After the personal data of millions of people was harvested without their consent, the witnesses who came before my subcommittee voiced concerns that companies were taking advantage of consumers’ personal data and avoiding accountability due to the existing patchwork of laws and regulations.
Since then, states like California and Nevada have enacted consumer privacy laws, and the incompatibility of these different regulatory frameworks raises the compliance costs to businesses located within and outside of those states.
From the start of this process, it was clear to me and my colleagues that the United States needs a single, uniform federal standard to govern the data privacy protections of consumers – and we need it now more than ever. A patchwork of inconsistent state and local laws is simply not sufficient to protect consumers’ privacy and intrudes upon the interstate commerce that our economy is built upon.
To that end, I have worked alongside my Senate colleagues, consumer advocacy organizations and countless businesses to develop legislation that strikes an appropriate balance between protecting consumers’ personal data and encouraging American businesses to continue developing innovative products and services.
As a result, I introduced the Consumer Data Privacy and Security Act of 2020 to establish a uniform consumer protection framework for all Americans. This federal standard governs the collection and processing efforts related to consumers’ personal data and solidifies a clear, measurable standard for American businesses that is technology-neutral, replacing the patchwork of state laws that are confusing to consumers and leave small businesses uncertain on how to comply.
This legislation would establish robust, yet reasonable data collection and processing responsibilities, including: individual rights for consumers to access, control and erase their personal data; appropriate notice and consent requirements coupled with transparency standards of how businesses are processing and collecting data; and mandates for companies to establish and maintain a comprehensive data security program.
However, I also recognize a federal consumer protection law is only as effective as its enforcement provisions, which is why it is critical to ensure that there are appropriate and predictable enforcement provisions in any legislation passed into law. This bill prioritizes the enforcement capacity of the Federal Trade Commission by dramatically bolstering staff numbers and providing the necessary resources to effectively enforce consumer privacy protections. It also allows for state attorneys general to enforce the federal standard.
In addition to enacting substantive consumer protections, this legislation provides clear standards on consumer data privacy and security without creating an unnecessary burden for small businesses and entrepreneurs who play a vital role in our economy. Based on discussions with small businesses and a subcommittee hearing focusing on their specific resource and compliance needs, this legislation aims to effectively scale the regulatory burden for small business enterprises and appropriately reduce their costs of compliance, while mandating a baseline of privacy requirements to be upheld by businesses of all sizes.
When Americans witnessed the nefarious actions of data scientists at Cambridge Analytica and various industry actors collecting and processing their personally identifiable information, an alarm sounded for Congress to hold bad actors accountable. Every American deserves to have a say in how their personal data is collected and used. As advancements in data processing continue to develop, consumers need to know, without a doubt, that the companies collecting and processing their data are not using that information in bad faith and taking advantage of American consumers.
Sen. Jerry Moran (R-Kan.) is the chairman of the Senate Commerce Subcommittee on Manufacturing, Trade, and Consumer Protection with jurisdiction over consumer data privacy and security.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.