This month, the California Consumer Privacy Act (CCPA) went into effect, increasing the pressure on Congress to act on a single national standard for data privacy.
Without one standard, more states will continue to advance their own privacy laws. This would be disastrous for people and small businesses alike. The internet knows no borders, and a patchwork of state laws could fragment it, changing the convenient and seamless consumer experience we expect. If state laws conflict with one another, it could be impossible for a company to do business across state lines. It would be impossible for users to know how data is being collected and used under 50 different standards, or have trust that their data is secure. A patchwork of state laws would also drive up compliance costs, and those costs would be passed on to the consumer. We are already seeing this happening under the General Data Protection Regulation (GDPR) in Europe.
In any legislation, we need to be mindful that not all data collection is bad. We need to target negligent activities while still allowing companies to innovate and provide the tailored services people want. We need to have clear and attainable data security standards and encourage companies to adopt innovative tools to keep data safe in an ever-changing technology ecosystem. We must create standards that are workable for small businesses and startups who fuel our economy. If we don’t, we risk driving out small businesses with skyrocketing compliance costs like is happening in Europe.
With these principles, we can advance a solution that leads us to a strong future, but it needs to happen soon. The good news is we are making progress. Bipartisan House Energy and Commerce Committee leaders are coming together around privacy legislation, and I encourage industry leaders to engage with us as we advance a final bill.
–Rep. Cathy McMorris Rodgers (WA-05), Republican Leader on the Energy and Commerce Subcommittee on Consumer Protection and Commerce