Chamber Submits Testimony on Data & Information Privacy Legislation
October 15, 2021
October 13, 2021
The Chamber believes protecting consumer data and privacy is paramount, but there are significant concerns about policy approaches that authorize private rights of action and create a second standard for entities covered under existing federal laws. Furthermore, instead of a state law, the Chamber prefers federal legislation to create a single, national standard.
The Chamber strongly opposes any legislation, including S. 46, that allows for a private right of action related to data use or privacy, particularly when the action would be coupled with potentially exorbitant awards like 0.15% of global revenue. Furthermore, there are vague and subjective terms that would create a maelstrom if private rights of action were to be litigated. For example, S. 46 prohibits covered entities from using personal information in a way that is “highly offensive” and that they must be “loyal to the individuals whose personal information is processed.” The vagueness of these terms, combined with the potential for tens of millions in awards, risks a tsunami of lawsuits.
In addition, several bills before the committee create a second standard for entities covered by federal data privacy and protection rules. Virginia’s recently adopted law includes more than 10 exemptions for entities already regulated under federal statute for data privacy and data security standards. For example, financial institutions are already required by the Gramm-Leach-Bliley Act to provide data collection notice requirements, establish institutional privacy policies, and collect consumer third-party data processing consent, among additional requirements. Other instances in which the state should defer to federal law would include, but is not limited to, health information that already is required to be de-identified in accordance with HIPPA and public health data.
In general, and because of the issues described in this letter, the Chamber strongly prefers federal legislation for addressing consumer data protection and privacy. A single, national standard would make compliance simpler and avoid confusion for both covered entities and consumers about individual data rights.
Download the letter here.
Download the Letter