Federal privacy legislation is the ‘foundation for any AI efforts,’ key lawmaker says
Comprehensive federal privacy legislation is sorely needed as an “unworkable” patchwork of disparate state bills rapidly expands and the Federal Trade Commission considers adding broader privacy authority to its portfolio, a top lawmaker said Tuesday.
Citing recent news reports about CEOs traveling to Washington to discuss artificial intelligence, House Energy and Commerce Chair Cathy McMorris Rogers (R-WA) said at a privacy conference that she is concerned commensurate attention has not been paid to the urgent need for comprehensive federal privacy legislation.
“I worry that lawmakers might lose focus on what should be the foundation for any AI efforts, which is establishing comprehensive protections on the collection, transfer and storage of our data,” McMorris Rogers said in taped remarks at the International Association of Privacy Professionals (IAPP) conference. “It is paramount that we do this before jumping into any AI legislation.”
The comments came one week after executives at major technology firms gathered for a summit convened by Senator Chuck Schumer (D-NY) focusing on the potential risks and benefits of AI technology.
Schumer called the discussion a “historic experience” in comments to reporters.
Comprehensive federal privacy legislation remains under discussion in the House Energy and Commerce Committee after a version of the American Data Privacy and Protection Act (ADPPA) failed to make it to the floor last year despite a 53-2 vote in committee.
McMorris Rogers told the Washington audience of about 180 privacy professionals that comprehensive federal privacy legislation is “imperative” for many reasons, including for the benefit of small businesses adversely affected by the disparate impact of widely varying state laws and the dire need to confront the threat of social media platforms monetizing kids’ data.
Twelve states have now passed comprehensive data privacy laws with active bills under discussion in four additional states, according to a tracker created by IAPP.
McMorris Rogers lamented that in addition to the often contradictory swath of state bills, the privacy “rulemaking” now underway at the FTC will be “yet another layer” creating an environment where “businesses must dedicate more resources to compliance costs.”
More fundamentally, she said the conflicting state laws “fail to adequately protect people's privacy equally.”
McMorris Rogers said she is committed to “doing everything in my power” to reach consensus. The Energy and Conference Committee is said to be focused on revising the bill to be more business friendly, according to two sources with knowledge of the effort who spoke to Recorded Future News in June and McMorris Rodgers’ own comments at a March committee hearing.
At the hearing, McMorris Rodgers cautioned that elements of the prior bill could lead to potential abuse by “plaintiff attorneys who would rather laws be so stringent so businesses are more likely to be out of compliance in order to sue.”
Panelists at Tuesday’s conference underscored the broad appeal of a federal privacy law even if they have strong differences on its composition. A representative from the Chamber of Commerce — a right-leaning business advocacy organization — and a leader of the Electronic Privacy Information Center (EPIC) — a privacy advocacy and research organization — both emphasized the need for a comprehensive federal privacy bill.
Jordan Crenshaw, who leads the Chamber’s Technology Engagement Center, said the organization supports a “single, national, strongly created comprehensive privacy law.”
“It's fundamentally important that we get a strong national privacy law across the finish line,” he said.
The various state laws are problematic because of their “spectrum of strength,” said co-panelist Alan Butler, the executive director of EPIC.
Citing a recently passed Washington health privacy data bill and the pioneering California privacy bill as examples of strong legislation, Butler observed that the myriad of other state laws in many cases raise as many questions as they answer.
The McMorris Rogers-led bill that died last Congress was a strong enough bill to be worth the tradeoffs privacy advocates had to swallow, Butler said.
He worries about the prospects for a similar bill passing this Congress, saying there’s a lot of “uncertainty” right now.
Comprehensive federal privacy legislation is not meant “to cement the past,” Butler said. “It's meant to change the status quo and we believe that the bipartisan federal legislation that we and many others gave input on last year did that in a strong way.”
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.