Republican senators tell FTC to back off data security, surveillance rules
And they don't like the states' 'patchwork' privacy laws, either
US federal rulemaking on surveillance and data privacy should be left to Congress, not American consumer watchdog agencies — or states — according to a trio of Republican senators.
In a letter to Federal Trade Commission (FTC) Chair Lina Khan, Senators Kevin Cramer (R-ND), Cynthia Lummis (R-WY), and Marco Rubio (R-FL), urged the agency to back off its proposed rule-making process on commercial surveillance and data security.
These are "complex" issues that require "robust, adaptive" standards that balance consumers' best interests and businesses' needs, the three wrote [PDF].
"We believe that this balance can only be struck within federal legislation that is comprehensive and preemptive, such that the law creates a single national standard," according to the letter. "Without federal preemption, any new privacy rules issued by the FTC would only add to the existing 'patchwork' of state privacy laws and create an additional layer of requirements for businesses."
The FTC this summer announced the effort to formulate privacy rules to deter unwelcome online monitoring and shoddy data security. It has since held public hearings on the issue to consider input from industry voices and consumer privacy advocates.
In their letter, the senators also cite the five US states making up this patchwork of privacy laws — California, Colorado, Connecticut, Utah, and Virginia — and say they're not fans of this approach, either.
States' laws use different data processing limitations, transparency requirements, and even definitions of what constitutes sensitive data, all of which translates into more costs to businesses, the letter-writing lawmakers noted. They cited the Information Technology and Innovation Foundation's (ITIF) estimate that puts a $112 billion a year price tag on the cost of complying with various state anti-snooping laws.
"The effects of these compliance costs would likely be felt disproportionally by small businesses that cannot take advantage of economies of scale to reduce the marginal cost of, and definitions of sensitive data."
Of the $112 billion a year annual compliance costs, small businesses will end up paying about $23 billion, according to the ITIF.
- Data tracking poses a 'national security risk' FTC told
- Mozilla CSO demands fines to curb Big Tech surveillance
- National data privacy law for the US clears first hurdle
- Vonage to pay $100m for making it nearly impossible to cancel internet phone services
Adding FTC rules on top of state data privacy laws would only make things worse they argue, compounding confusion and compliance costs if and when the state laws conflict with FTC rules. Plus there's also the still-unanswered question of whether the FTC has the authority to undertake preemptive rulemaking, although it's not tough to guess where the three senators sit on this issue.
"We urge the FTC to withdraw this ANPR and leave the task of creating data privacy and security rules to the elected officials in Congress," the senators wrote.
There is, of course, a draft federal bill: the American Data Privacy and Protection Act (ADPPA). It's currently held up in the US House of Representative by House Speaker Nancy Pelosi, who has issues with the legislation because it doesn't provide protections that are as strong as those legislated in her home state of California.
The Register reached out to Sens. Cramer, Lummis and Rubio to find out what they think about the ADPPA and if they plan to support the privacy bill if it ever reaches a vote on the Senate floor.
Your humble vulture did not immediately hear back from any of the three, but we will update this story when we get their responses. ®