New bills and discussion about the recent Epsilon data breach have made privacy a popular talking point on the Hill. But a lot of politics stands between the talk and actual movement on legislation.
Four major privacy proposals have been floated on the Hill this session. In February, Reps. Bobby Rush (D-Ill.) and Jackie Speier (D-Calif.) each introduced privacy legislation. Earlier this week, Sens. John Kerry (D-Mass.) and John McCain (R-Ariz.) and Reps. Cliff Stearns (R-Fla.) and Jim Matheson (D-Utah) offered privacy bills for each chamber.
The privacy bills have some key differences. Stearns’s bill promotes industry self-regulation and requires companies to notify consumers about privacy policies and data use. The bill from Kerry and McCain encourages self-regulation but also requires an opt-in measure to share sensitive personal information, or information that could harm a person if released, depending on the situation.
Rush’s reintroduced bill requires companies to provide an opt-out option before they can share data with other companies. Speier’s privacy package includes the only proposed legislation with a do-not-track measure; the other bill is aimed at protecting financial information.
Having bipartisan bills in the House and Senate is a key step forward, said Justin Brookman, a privacy expert from the Center for Democracy and Technology. That at least gives this week’s bills a chance to move along, he said.
Even that, though, might not be enough. “Both bills have an overwhelming amount of momentum, but my enthusiasm is tempered by the calendar, given the looming election season,” said Amy Mushahwar, a lawyer and privacy expert at Reed Smith law firm.
Staffers for Kerry and Rush have said both offices are trying to schedule privacy hearings. A person in Kerry’s office said that they are trying to schedule a hearing on the consumer privacy act as soon as possible, likely after the April recess.
“I think we’ll see action in the Senate sooner,” Brookman said, as the House’s new Republican majority hasn’t had as much time to work on privacy issues.
There are a lot of players in this debate. In the Senate, privacy issues have traditionally been the jurisdiction of the Senate Commerce, Science and Transportation committee. But in February, Sen. Al Franken (D-Minn.) was tapped to lead the chamber’s new Judiciary subcommittee on privacy, adding more voices to the mix.
And with two bills already proposed in the House, Rep. Mary Bono Mack (R-Calif.), who chairs the subcommittee with jurisdiction over consumer privacy issues, has also highlighted privacy issues as main concern.
Stearns has said he will work closely with Mack, but that the Kerry/McCain bill should not be viewed as a companion to his bill.
“I believe that our approach of greater consumer notice and choice balances the needs of privacy and innovation,” Stearns said in a statement. “Our bill provides the necessary flexibility and avoids one size fits all regulations and unnecessary government intervention.”
With all the high-minded, conceptual talk about privacy, Mushahwar said that it’s also important to concentrate on basic definitions in the bills, and not lose sight of how companies can actually apply the language to their own business practices.
“These bills have to be implemented by data centers and require a practical mindset,” she said.