HB Ad Slot
HB Mobile Ad Slot
Ten Ways the 2014 Election May Affect Privacy and Data Security Law
Wednesday, November 12, 2014

When Republicans take over the Senate in January, new leaders will control key committees that oversee privacy and data security issues, and their priorities will differ significantly from those of their predecessors.  Privacy issues, however, generally tend not to break neatly along party lines and there will remain bipartisan support – and bipartisan opposition – to most initiatives.

But you shouldn’t expect an immediate sea-change in privacy laws, leaders of Covington’s privacy and data security practice said on a post-election conference call on Monday.  Although Republicans will have a majority of votes in the Senate next year, they will be short of the 60 votes necessary to bring a bill to the floor.  That said, the Republicans will control the agenda.

Below are 10 of the key privacy and data security trends to watch in the next Congress, as identified on the conference call by Covington’s Aaron Cooper, David Fagan, Lindsey Tonsager, Gerry Waldron, and Kurt Wimmer:

  1. Whither Senate Commerce?  Retiring Senate Commerce Committee Chairman Jay Rockefeller, D-W.V., has been among the most active senators on privacy and data security issues.  Rockefeller has called for regulation of data brokers, and he is a vocal critic of companies’ privacy and data security practices.  He is expected to be replaced by South Dakota’s John Thune, a moderate Republican whose track record on privacy issues is not as extensive as that of Rockefeller. Similarly, the likely new top Democrat on the committee, Bill Nelson of Florida, has not been as vocal about privacy issues as Rockefeller.  Among the Senate Commerce Committee members who have expressed the most interest in privacy issues are Richard Blumenthal of Connecticut and Ed Markey of Massachusetts, neither of whom has the Senate seniority that Rockefeller had.

  2. Regulating the FTC. . .  The Federal Trade Commission in recent years has increased its oversight of companies’ data security practices.  The FTC does not have explicit statutory authority to regulate data security; instead, it claims authority under Section 5 of the FTC Act, which allows it to regulate unfair and deceptive practices.  Many companies argue that the FTC has overstepped its bounds, and some Republican members of Congress agree.   For example, Sen. Deb Fischer of Nebraska, a member of the Commerce Committee, has criticized the FTC’s “unchecked” authority.

  3. .  .  . and the FCC. The FCC has stepped up its privacy enforcement, recently imposing a total of $10 million in fines on two phone companies that the Commission claims did not properly secure their data.  The Commerce Committee may question why two agencies are regulating privacy issues, and whether it is necessary to have two cops on the beat.

  4. Do-Not-Track becomes less likely.  Without Rockefeller in Congress, it is unclear who will carry the torch for the Do Not Track legislation that he has sponsored.  Blumenthal was a co-sponsor of Rockefeller’s Do Not Track legislation, but he does not have Rockefeller’s seniority — or committee chairmanship.  And Markey may not want to expand the scope of his Do Not Track Kids bill to cover adults, which could make it more difficult to garner support.

  5. Loss of a key privacy watchdog?  Because Senate Judiciary Committee member Al Franken, D-Minn., quickly emerged as a leading advocate on consumer privacy issues after his election in 2008, Judiciary Committee Chairman Patrick Leahy created the Subcommittee on Privacy, Technology, and the Law for Franken to chair. Franken used the subcommittee to hold hearings on a wide range of privacy issues, including facial recognition and geolocation.  It is unclear whether Chuck Grassley, R-Iowa, the likely new Judiciary Committee Chairman, will retain this subcommittee.

  6. Scrutiny of government surveillance?  Reauthorization of key Patriot Act provisions that sunset in June will be a big test of the new leadership’s willingness to reign in government surveillance.  Grassley has criticized National Security Agency surveillance in recent years.  Tea Party-aligned Republicans on the Judiciary Committee, including Ted Cruz of Texas and Mike Lee of Utah, also have long criticized government surveillance.  Bipartisan legislation reauthorizing and reforming government surveillance was sponsored by Chairman Leahy and Senator Lee, and companion legislation passed the House in May.

  7. Modernizing ECPA. Government surveillance of email and other electronic communications is governed by a 1986 statute, the Electronic Communications Privacy Act (ECPA).  The statute requires law enforcement to obtain a warrant to access electronic communications content that is stored for 180 days or less, but it does not require a warrant for content that is stored for longer than 180 days.  Members of both parties recognize that this distinction is outdated, and it is increasingly likely that Congress will pass legislation requiring a warrant regardless of the length of time that the content has been stored.

  8. Improving foreign relations.  Since Edward Snowden’s disclosures about U.S. government surveillance programs, a number of foreign data protection regulators — particularly in the European Union — began to question whether their residents’ data is secure when it is transferred to the United States.  For instance, EU regulators released a report highlighting 13 shortcomings of the voluntary U.S.-EU Safe Harbor program.  Increased restrictions on U.S. government surveillance might ease some of the foreign regulators’ concerns.

  9. National Data Security Legislation? For a decade, members of Congress have been attempting to pass a national data security and breach notification that would replace the patchwork of state laws that contain different requirements. During the current Congress, senators introduced six different data security and breach notification bills, prompted in part by high-profile data breaches.  The bills vary in scope, requirements, and penalties, and in light of the many years of inaction on the issue, it is unlikely that members will reach a compromise in the next two years.

  10. Cybersecurity more likely.  For about five years, members of Congress also have been attempting to pass legislation that improves cybersecurity infrastructure and allows the private sector to share information about cyber-threats with the government.  Privacy watchdog groups have criticized some of these proposals for providing companies with immunity from liability arising from sharing information with the government.  The Republican takeover increases the chances of overcoming opposition to such immunity provisions and passing cybersecurity legislation.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins