Senior Vice President, C_TEC, U.S. Chamber of Commerce
January 26, 2023
At the beginning of the 118th Congress, President Joe Biden penned an op-ed in The Wall Street Journal stating that “the American tech industry is the most innovative in the world.” We agree. The reason for America’s innovation leadership is in large part due to a balanced and flexible approach that has allowed new technologies to flourish.
The President also called for “clear limits on how companies can collect, use and share highly personal data—your internet history, your personal communications, your location, and your health, genetic and biometric data.” We also agree. For there to be clarity there must be uniformity and that is why America needs a truly preemptive, national privacy standard that protects all Americans equally.
The Importance of a National Data Privacy Standard
Without a single national standard, it will be incredibly difficult for businesses—particularly smaller ones—to compete. A confusing patchwork of state privacy laws would significantly deter the use of data necessary to help small businesses thrive.
According to a report released by the Chamber last year, 80 percent of small businesses believed that using technology platforms enabled them to compete with larger firms. That same number are concerned that losing access to data will harm their business operations. One owner of a small coffee shop in California said losing access to data “would essentially be another "pandemic" for us. Not having customer data means that we would go back to the early 1980's where we would market our products to a generic list, which in turn would be extremely costly and not a good customer experience.”
An Evolving Patchwork of State Data Privacy Legislation
Congress must act to get a preemptive, comprehensive privacy law across the finish line since states are already beginning to enact their own laws and take up diverging proposals in their legislatures. To date, five states—California, Virginia, Colorado, Connecticut, and Utah—have enacted comprehensive laws. Currently, 11 state legislatures are debating passage of bills that take divergent models. Most states are considering proposals that look like a version of the laws put into effect by Colorado or Virginia that give consumers the right to opt out of data collection and sales. Legislators in Oklahoma have proposed requiring business to obtain consumer consent for all data uses. Massachusetts has put forward a bill similar to the American Data Privacy and Protection Act (ADPPA).
In addition to diverging statutory proposals, other states are making rules to implement their current privacy laws. California for example will soon make rules around automated decision-making and Colorado is examining how to implement a universal opt-out mechanism.
Congress Must Act to Deliver Clear National Data Protections
Congress has examined potential solutions over the last few years. For example, Representative Suzan DelBene’s (D-WA) Information Transparency & Personal Data Control Act proposes strong preemption language that would end a privacy patchwork. The ADPPA gives consumers the right to delete data and opt out of targeted advertising. Senator Jerry Moran (R-KS) also put forward a bill that would empower consumers by requiring companies to obtain consent before using sensitive data, while also balancing the need for innovation.
Unless all states adopt a uniform standard like the Virginia privacy law, it is only a matter of time before a patchwork of laws erodes small business competition and innovation. Congress must draw upon the best of the proposals that have already been put forward and act to pass national privacy legislation.