ACA International urges Congress to weigh important consumer protections with needs of legitimate businesses as it continues talks on federal data privacy legislation.
10/24/2019 12:00
Members of the Senate Committee on Banking, Housing and Urban Affairs discussed ownership of data in a hearing Thursday as the debate on consumers’ privacy rights and legislation at the state, national and international level continues.
In a letter to Committee Chairman U.S. Sen. Mike Crapo, R-Idaho, and the committee’s Ranking Member U.S. Sen. Sherrod Brown, D-Ohio, ACA International noted that there is a need for balance between the important goal of protecting consumers’ data privacy and ensuring legitimate businesses are not faced with duplicative laws that create regulatory burdens.
“We strongly support the goal of protecting the privacy of consumers and their data, and are committed to vigorous compliance in furtherance of this pursuit,” said ACA International CEO Mark Neeb in the letter submitted before the “Data Ownership: Exploring Implications for Data Privacy Rights and Data Valuation” hearing. “However, there are many lawful and important reasons why those in the accounts receivable management industry may collect and store consumer data in compliance with already existing privacy and consumer protection laws,” Neeb said.
State laws such as the California Consumer Privacy Act (CCPA) in effect next year and the European Union’s General Data Protection Regulation (GDPR) shaped part of Thursday’s discussion and debate over whether data should be treated as property to further protect consumers.
Witness Chad Marlow, senior advocacy and policy counsel for the American Civil Liberties Union, said data privacy laws were pursued or introduced in 11 states during the 2019 state legislative session, including some that made important advances in protecting consumers’ privacy without treating data as property.
In California, the CCPA includes the right for consumers to opt out of the sale or sharing of their personal information and that businesses must disclose data collection and sharing practices to consumers, ACA previously reported.
The European Union’s GDPR also has similar protections for consumers and, as Crapo noted in his opening statement, “it is difficult to ignore the concept of data ownership that appears in existing data privacy frameworks.”
He continued, “For example, the European Union’s General Data Protection Regulation, or GDPR, grants an individual the right to request and access personally identifiable information that has been collected about them. There is an inherent element of ownership in each of these rights, and it is necessary to address some of the difficulties of ownership when certain rights are exercised, such as whether information could pertain to more than one individual, or if individual ownership applies in the concept of derived data.”
Witnesses and committee members also argued that consumers’ ownership over their data does not necessarily guarantee their knowledge of how and where it is being used and argued the European Union’s GDPR has privacy disclosures and impact assessments that should be adopted in the U.S.
“This is part of the beauty of what is in the GDPR that we would love to see in the federal bill, which is the privacy disclosures and privacy impact assessments that need to be done,” said Michelle Dennedy, CEO of DrumWave Inc., a data processing and management company in Silicon Valley, during her testimony.
“I am concerned that if we do not come up with a federal solution to this problem that deals with data [breaches], data privacy and data ownership, that we’re creating a patchwork of laws that’s going to make it more difficult for American-based innovators,” U.S. Sen Thom Tillis, R-N.C. said as the hearing came to a close. “We’ve got to better educate Congress on what layer we have to protect and what consequences there are for platforms that fail to be good stewards of the data. One of the things we have to do fairly quickly is figure out how we come together.”
Meanwhile, ACA continues to urge Congress to enact federal laws that preempt state requirements.
“As Congress moves forward with any potential new laws for federal data privacy, we ask that it is cautious not to create any duplicative, conflicting, or overly complex standards for those in the accounts receivable management industry who already work carefully to protect consumer data,” Neeb said is his letter. “ACA and its members have also outlined their concerns specific to the CCPA in hearings and through comments at the state level. We ask that you consider that feedback and those concerns if the committee looks to different state laws, as it considers a federal standard.”
Related Content from ACA International:
California Consumer Privacy Act Proposed Regulations Released for Public Comment