Lawmakers are working through the August recess to cobble together legislation on data privacy after missing a deadline they set to unveil a bill before the summer break.
Advocates for a federal data privacy standard are feeling a time crunch as they fret over the limited number of days left in this session and the upcoming 2020 elections.
Most importantly, California's strict new privacy law is slated to take effect in January, raising the stakes for lawmakers who were hoping to pass a federal law before the stringent state-level rules go into place.
“We’re waiting with bated breath to see what will come out of these discussions,” said Heather West, senior policy manager at privacy-focused tech company Mozilla.
August is known as prime time for staffers to buckle down in their legislative discussions because they’re no longer bogged down by daily votes and hearings.
Industry watchers told The Hill that this month they’re mainly paying attention to the ongoing negotiations between Sens. Roger WickerRoger Frederick WickerGOP senator will 'probably' vote for debt limit increase Rep. Tim Ryan becomes latest COVID-19 breakthrough case in Congress Top Republican: General told senators he opposed Afghanistan withdrawal MORE (R-Miss.) and Maria CantwellMaria Elaine CantwellLooking to the past to secure America's clean energy future Democrats demand more action from feds on unruly airline passengers Delta variant's spread hampers Labor Day air travel, industry recovery MORE (D-Wash.), the chairman and ranking member, respectively, of the tech-focused Senate Commerce Committee.
Wicker and Cantwell began negotiating directly after the Washington Democrat earlier this year backed away from a larger Senate privacy working group, which includes other members on the Commerce Committee.
“Everything got blown up there when it looked like Cantwell had decided that she would like to work on a bilateral basis with Sen. Wicker,” an industry source told The Hill. “It’s my understanding that conversations between the ranking member and the chairman — on a staff and member level — [took] place at the end of last month.”
Those conversations are likely to continue throughout August. Spokespeople for Wicker and Cantwell declined to comment on the record.
Most of the working group’s discussions have happened behind closed doors, as Wicker has instructed the lawmakers involved not to “negotiate through the press.”
But just before the recess, a series of leaks revealed that Cantwell’s office was passing around a privacy framework that would allow consumers to sue companies for mishandling their data. That “private right of action” is a non-starter for industry and Republicans.
“We’re not going to have a private right of action,” Wicker told reporters. Despite the hiccup, he offered a new deadline for releasing a draft privacy bill: Labor Day.
Other prominent sticking points in the negotiations have included the Republican push to include preemption, which would allow the federal law to override state laws. Preemption has been a top priority for the tech industry, which has warned against a “patchwork” of state laws, but Democrats insist they won’t approve any law that is weaker than the California one.
“We believe that having one standard is important,” Sen. John ThuneJohn Randolph ThuneSchumer sets Monday showdown on debt ceiling-government funding bill Congress facing shutdown, debt crisis with no plan B GOP warns McConnell won't blink on debt cliff MORE (R-S.D.), a member of the Senate privacy working group and majority whip, told The Hill. “And of course, the Democrats have their priorities in this as well.”
Some lawmakers were seeking to pass legislation this year in an effort to head off California’s privacy rules and get ahead of states like Washington and New York that are considering their own laws.
“There are some deadlines coming up that will encourage people to work harder at a federal level,” Michelle Richardson, the director of the Center for Democracy and Technology’s privacy and data project, told The Hill.
California’s law will not be enforceable until July, giving the lawmakers a bit more room in their negotiations.
In the House, the most prominent privacy conversations have taken place between the offices of Reps. Frank Pallone Jr. (N.J.) and Jan SchakowskyJanice (Jan) Danoff SchakowskyDemocrats seek to cool simmering tensions American workers need us to get this pandemic under control around the world Democrats repeal prohibition on funding abortions abroad MORE (Ill.), top Democrats on the House Energy and Commerce Committee.
Their negotiations have been quieter and more sporadic, and it is unclear if the Democrats could get Republican support.
“Chairman Pallone is developing comprehensive data privacy and security legislation with Chair Schakowsky and other Committee members,” an Energy and Commerce Committee spokesperson told The Hill. “Bipartisan discussions continue, which he hopes will produce strong consumer privacy protections for all Americans.”
According to multiple sources, there have been meetings on privacy among Republicans and Democrats on the committee. But the talks have not resulted in any substantial proposals yet.
“We need clear rules of the road,” a GOP Energy and Commerce spokesperson said. “We need one national privacy standard while improving transparency, accountability, and security for consumers while protecting innovation and small businesses.”
Tech trade groups and companies, as well as some privacy advocates, have offered their own drafts of potential privacy legislation, which are continuing to circulate on Capitol Hill.
And all the stakeholders are planning to continue to push their ideas for a data privacy bill throughout the month.
Jason Oxman, the president of the Information Technology Industry Council (ITI), told The Hill that his organization will be attending staff-level meetings throughout the recess. ITI represents tech companies including Amazon, Apple, eBay, Google and IBM.
“Our understanding is that there is still strong interest in the House and in the Senate in moving forward with federal privacy legislation,” he said, describing himself as “optimistic.”
The negotiations, though, have dragged on for more than a year and lawmakers in both chambers have blown past multiple self-imposed deadlines.
Michelle Richardson, the director of the Center for Democracy and Technology’s data privacy project, said she’s not deterred.
She said it is “very complicated” to construct “a single legal regime that will cover businesses of different sizes, different business models, that use information for different purposes” in a way that is “meaningful for consumers.”
As soon as the lawmakers release the draft bill, there will be a rush of lobbying and public comments as every stakeholder — privacy advocates, tech groups, companies and anyone else touched by data collection regulations — offers their perspective.
"I'm cautiously optimistic that we’re going to get a product out of this Cantrell-Wicker negotiation,” the industry source said. “We need them to come together on something and we really need this to get done."
"It’s consumers, it’s Americans ... every day we don’t have a strong federal privacy standard, it’s hurting their privacy and their data security."