National privacy standard eyed by Congress for data harvested by big tech companies

By: - April 18, 2024 5:00 am

Ava Smithing, director of advocacy for the Young People’s Alliance, testifies before a U.S. House Committee on Energy and Commerce subpanel on April 17, 2024, on several data privacy bills being considered in Congress. (Screenshot from U.S. House Committee on Energy and Commerce)

If you are having thoughts of suicide, contact 988. For resources regarding eating disorders, visit nationaleatingdisorders.org/get-help/.

WASHINGTON — U.S. House members tasked with addressing what happens to loads of user data collected by big tech companies see a “long overdue” opportunity for a national privacy standard, particularly for children and teens.

Lawmakers on a subpanel of the House Committee on Energy and Commerce met Wednesday to hear from advocates and online safety experts on a series of data privacy bills that are drawing rare bipartisan and bicameral support.

The 10 bills discussed by six witnesses and members of the Subcommittee on Innovation, Data and Commerce would regulate how data is collected and stored, allow users to opt out of algorithms, and ensure safeguards for minors on the internet.

The hearing came on the heels of widespread bipartisan support for a bill that would force the popular video platform TikTok to split from its Chinese parent company ByteDance. The legislation passed the House in March in a 352-65 vote.

“Today we find ourselves at a crossroads,” said Energy and Commerce Committee Chair Cathy McMorris Rodgers. “We can either continue down the dangerous path we’re on, letting companies and bad actors continue to collect massive amounts of data unchecked, or we can give people the right? to control their information online.”

Washington state lawmakers unite

The Washington Republican’s discussion draft of the American Privacy Rights Act was a focus of the Wednesday hearing.

The bipartisan, bicameral proposal, introduced alongside Senate Committee on Commerce Chair Maria Cantwell, a Washington Democrat, would shrink the amount of data companies can collect, regulate data brokers, allow users to access their own data and request deletion, and empower the Federal Trade Commission and state attorneys general to enforce the policies.

Placing the burden on consumers to read “notice and consent” privacy agreements “simply does not work,” said Energy and Commerce Committee ranking member Frank Pallone of New Jersey.

“By contrast, data minimization limits the amount of personal information entities collect, process, retain and transfer to only what is necessary to provide the products and services being requested by the consumer,” Pallone said, praising provisions in the American Privacy Rights Act.

Rodgers said the “foundational” legislation would protect minors and establish a national standard to quash a “modern form of digital tyranny where a handful of companies and bad actors are exploiting our personal information, monetizing it and using it to manipulate how we think and act.”

One national standard would preempt “the patchwork of state laws, so when consumers and businesses cross state lines, there are consistent rights, protections and obligations,” GOP Rep. Gus Bilirakis of Florida, the subcommittee’s chair, said during his opening remarks.

Seventeen states have enacted their own privacy laws and regulations with another 18 states actively pursuing various pieces of legislation, creating a “complex landscape of state-specific privacy laws,” testified Katherine Kuehn, chief information security officer-in-residence for the National Technology Security Coalition, a cybersecurity advocacy organization.

‘Insecurity as data’

Among the other proposals the panel discussed was an update to the 1998 Children and Teens’ Online Privacy Act, co-sponsored by Michigan Republican Rep. Tim Walberg and Kathy Castor, a Florida Democrat.

The bill aims to ban targeted advertising to children and teens, prohibit internet companies from collecting the data of 13-to-17-year-olds without consent, and require direct notice if data is being stored or transferred outside of the U.S.

Ava Smithing of Nashville, Tennessee, described for the committee her teen years spent on Instagram and the body image issues and eating disorder that ensued after repeated targeted content.

“The companies’ abilities to track engagements, such as the duration of time I looked at a photo, revealed to them what would keep me engaged — my own insecurity,” she testified.

“They stored my insecurity as data and linked it to all my other accounts across the internet. They used my data to infer what other types of content I might ‘like,’ leading me down a pipeline from bikini advertisements to exercise videos to dieting tips and finally to eating disorder content,” Smithing, director of advocacy for the Young People’s Alliance, said.

‘Big tech has failed’

Bilirakis is a sponsor of the similarly named Kids Online Safety Act, along with fellow Reps. Erin Houchin, an Indiana Republican, Washington Democrat Kim Schrier and Castor.

“We know that big tech has failed, ladies and gentlemen, to prioritize the health and safety of our children online, resulting in a significant increase in mental health conditions, suicide and drug overdose deaths. We’ve heard stories over and over and over again in our respective districts,” Bilirakis said.

Bilirakis’ bill would outline a set of harms to children under 17 and require big tech and video game companies to mitigate those harms. The bill also aims to increase parental protections on platforms and commission a study of age verification options.

A companion bill in the U.S. Senate has been introduced by Connecticut Democrat Richard Blumenthal and Tennessee Republican Marsha Blackburn.

Samir C. Jain, of the Center for Democracy and Technology, told the House panel that some proposals, including the Kids Online Safety Act, “while well-intentioned and pursuing an important goal, do raise some concerns.”

“Legislation that restricts access to content because government officials deem it harmful can harm youth and present significant constitutional issues,” said Jain, vice president of policy for the civil liberties advocacy organization.

“Further, requirements or strong incentives to require age verification systems to identify children often require further data collection from children and adults alike, and thereby can undermine privacy and present their own constitutional issues,” Jain testified.

However, Jain praised provisions in the American Privacy Rights Act that would increase transparency into the algorithms employed by large data companies and “prohibit using data in a way that perpetuates or exacerbates discrimination based on protected characteristics such as race, sex, religion, or disability status — whether a Black person looking for a job, a woman seeking a loan to start a business, or a veteran with a disability trying to find housing.”

During questioning, Bilirakis asked each panelist: “Yes or no, do you think this is the best chance we have to getting something done on comprehensive data privacy?”

All witnesses answered yes.

Meta, which owns Instagram, did not respond to a request for comment.

Creative Commons License

Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our website. AP and Getty images may not be republished. Please see our republishing guidelines for use of any other photos and graphics.

Ashley Murray
Ashley Murray

Ashley Murray covers the nation’s capital as a senior reporter for States Newsroom. Her coverage areas include domestic policy and appropriations.

Kentucky Lantern is part of States Newsroom, the nation’s largest state-focused nonprofit news organization.

MORE FROM AUTHOR