Dear Chairwoman Schakowsky &
Ranking Member McMorris Rodgers:

We at the R
Street Institute (“R Street”) commend you and the Subcommittee for holding this
hearing on “Protecting Consumer Privacy in the Era of Big Data.”1 Given the changing nature of
the economy and recent legal developments, both abroad and among the various
states, a comprehensive review of the United States’ approach to consumer
privacy is both appropriate and timely.

R Street’s
mission is to engage in policy research and outreach to promote free markets
and limited, effective government. As part of that mission, R Street has
researched and commented upon multiple policy issues relating to consumer
privacy. Recent comments provided to the National Telecommunications and
Information Administration aptly summarized this work.2 A full review of that work is beyond the scope
of this hearing, but we offer the following points to guide the Subcommittee’s
examination of these important issues:

Only Congress can establish a uniform national privacy framework.

Motivated by
recent legislation in California and elsewhere, there have been increasing
calls for a national privacy framework to preempt state laws and establish
uniform privacy protections throughout the United States. The Federal Trade
Commission (“FTC”) has the ability to make privacy rules under its general
consumer-protection rulemaking authority3—as privacy abuses are surely now “prevalent”
enough to satisfy the demands of (b)(3)4—but
they would merely set a floor, not a ceiling. Such rules would preempt state
laws that conflict with or frustrate the purpose of the federal framework, but
would likely not preempt state laws that go above and beyond the federal
framework, potentially leaving consumer privacy protections inconsistent from
state to state. Thus, if Congress wants to establish a national framework that
preempts the field and establishes truly uniform privacy protections, it must
take action.

Data privacy and competition issues are intertwined.

When properly
balanced, the relationship between data privacy and competition is symbiotic—
with strong consumer protections that promote fair competition and in turn
promote innovation and consumer welfare. But pushing too far in either
direction may generate harms that far outweigh any benefits. For example, laws
like the General Data Protection Regulation in Europe may offer stronger
privacy protections for consumers, but they may also impose costs on industry
that are ultimately manifested in higher prices, increased consolidation and
reduced innovation. Similarly, prohibiting certain data-driven business models
or practices may result in higher prices and fewer choices for consumers. Thus,
when considering any potential changes to the current privacy framework,
Congress should recognize that data privacy and competition issues are
intertwined. Protecting consumer privacy in the era of big data will require a
careful balance between the two.

Existing institutions can be improved significantly.

Before making
wholesale changes to the current privacy framework, Congress should first try
to identify the strengths and weakness of the current approach and look for
ways to make incremental improvements. For example, commenters have criticized
the FTC for relying too heavily on consent decrees and failing to provide
adequate guidance for industry or redress for affected consumers.

Many of these criticisms could be addressed through internal process reforms and additional appropriations.5 Additional staff for the Bureau of Consumer Protection’s Privacy and Identity Protection Division would surely help, and the role of state attorneys general should not be discounted. A uniform federal framework would necessarily limit the influence that state legislatures wield over consumer privacy, but it could also utilize the resources and experience of state attorneys general to supplement and reinforce efforts at the federal level. These ideas deserve thorough consideration, as the optimal framework for consumer privacy must efficiently utilize all available resources.

Any grant of new authority should be carefully limited.

The debate over
consumer privacy covers a wide variety of issues, but Congress should try to
focus its review on specific harms and practices that are not adequately
covered by existing law. History shows that unbounded administrative rulemaking
authority can cause serious problems for both industry and consumers,6 so any grant of new
authority to the FTC (or any other agency) should be carefully limited in order
to minimize the potential for future abuse.

* * *

We again commend
you for your efforts to protect consumer privacy. We look forward to working
with you and the rest of the Subcommittee as you consider potential legislation
in this area.

Sincerely,

Charles Duan, Technology and
Innovation Policy Director R Street Institute

Sasha Moss, Federal Government
Affairs Manager R Street Institute

Tom Struble, Technology and
Innovation Policy Manager R Street Institute

Jeff Westling,
Technology and Innovation Policy Associate R Street Institute

CC:

The Honorable Frank Pallone,
Chairman

The Honorable Greg Walden, Ranking
Member

Featured Publications