Senior Vice President, C_TEC, U.S. Chamber of Commerce
January 28, 2022
Today is National Data Privacy Day, which is more than 1,300 days after the nation’s first comprehensive privacy law, the California Consumer Privacy Act (CCPA), was signed into law. To highlight the growing need for Congressional action on data privacy, the Chamber Technology Engagement Center launched a Data Privacy Clock, which tallies the number of days since the CCPA became law that Congress has failed to pass a national data privacy standard that protects all Americans. Congress needs to act quickly and appropriately to bolster emerging U.S. technological competitiveness and ensure that American businesses and consumers are not harmed by a patchwork of state laws.
A patchwork of privacy laws hurts American consumers and business
There is a growing patchwork of state privacy laws. Since passage of CCPA, voters in California have already passed a new ballot initiative, the California Privacy Rights Act, and legislatures in Virginia and Colorado have enacted their own versions of privacy rules. Already in 2022, twenty states and the District of Columbia are considering their own widely different versions of data protection proposals.
Adding to the mix, the Federal Trade Commission (FTC) has indicated that it anticipates initiating a rulemaking on privacy this year. Since FTC rules do not preempt state law, a new rule would force companies to comply with differing federal and state regimes, creating uncertainty and burdening small businesses.
Just this week a new study was released by ITIF showing that a complex state privacy patchwork of 50 laws could cost companies over $1 trillion—and $200 billion for small businesses. With costs like these, the United States will have difficulty competing internationally if its companies have multiple sets of privacy rules to follow while other nations take a more unitary approach.
Congress must get policy right on privacy and AI
Not only does a patchwork harm businesses and consumers because of a confusing compliance and enforcement environment, the lack of clear privacy rules impacts future technologies as well. Just this month, former Congressman Will Hurd (R-TX) talked about the importance of getting a national data privacy law in place to help the nation lead on artificial intelligence (AI).
Congress needs to address fundamental issues regarding consumer privacy rights but should not rush to boil the ocean on all issues concerning technology in a data protection bill. First and foremost, Congress needs to provide a robust privacy standard that creates one single set of rules like data access, deletion, and opt-out rights.
Policymakers should avoid rushing to tackle issues, like automated decision-making, where more data is needed. It is for this reason, the U.S. Chamber of Commerce formed an AI Commission on Competitiveness, Inclusion, and Innovation. The Commission, co-chaired by former Congressmen John Delaney (D-MD) and Mike Ferguson (R-NJ), brings together a diverse group of experts that will hold listening sessions and hearings across the country to address how AI should be regulated fairly on issues like bias. Certainty brought about by reasonable regulations will help the nation compete against China which is working to outpace the United States in research and development of AI as well as regulation. The Commission’s first field hearing will take place in Austin, Texas on March 10th.
If America gets AI policy wrong it will negatively impact many societally enhancing benefits like securing our networks, speeding up vaccine development and delivery, and expanding financial credit to underserved communities.
The U.S. needs a national privacy law to protect individual rights and spur innovation. Just this month, over 80 local and state chambers of commerce recognized the need for the nation to compete by calling on Washington to provide consumers and businesses with real and clear privacy protections. It’s time for Congress to prioritize a federal privacy law.