Eric Walden Bloomberg Law Leadership Forum

Rep. Greg Walden Prioritizes Innovation in Push for Federal Data Privacy Bill

High-profile data breaches continue to regularly make news and raise consumer concerns, prompting the White House, Congress, and tech groups to push for a nationwide privacy framework that clarifies privacy protections for consumers and also gives companies less burdensome compliance procedures.

However, with California taking the lead and other states considering new privacy statutes, lawmakers in Washington are eager to get out ahead and create a national standard that works, but isn’t so onerous or stringent that it hinders business growth and innovation.

Rep. Greg Walden (R-Ore.), Ranking Member of the House Energy and Commerce Committee and a vocal proponent of federal data privacy legislation, spoke on this subject at the Bloomberg Law Leadership Forum held on Sept. 18, 2019, in Washington, D.C. He emphasized the need to protect the innovative spirit at the core of internet and tech companies that would be most impacted by such a law.

“I worry a lot about the high cost of federal mandates and the effect that has on innovation,” Walden said. “Microsoft put 1,600 engineers into work to comply with GDPR. If you’re the new, competitive startup to Microsoft, and you’ve got 10 guys in a dorm room, you probably aren’t going to have what you need to comply.”

Though there is consensus in Congress that federal regulations need to be implemented that will establish a national standard for data privacy, Democrats and Republicans are divided on the level of regulation necessary and how those regulations will impact the American business climate.

In reference to Facebook’s recent $5 billion fine levied by the Federal Trade Commission, Walden discussed his intention to avoid overburdening “incredibly creative people that start literally in garages and in dorm rooms, who create worldwide global companies that have enormous magnitude and influence on society and commerce.”

Facebook faces the fine for its involvement with Cambridge Analytica.

Walden warned against allowing for massive fines that could have a disproportionate impact depending on the size of the company.

“Over time, what you intend for the biggest player to be more than a slap on the wrist gets used against a midsize player that practically wipes them out,” he said. “Because once you give that authority and that limit to an agency, you have given up control over that assessment.”

Walden is optimistic that federal legislation will pass this year, referencing good bipartisan discussions and urgency spurred on by the potential for continued action by the states.

Currently, 22 states have data privacy laws in effect. Walden stated the need for this national legislation to preempt enforcement of those state laws. “I don’t see how you have a national standard if you don’t have preemption,” he said.

The California Consumer Privacy Act, which goes into effect January 1, 2020, is the first major piece of modern data privacy legislation. Many believe it will be a standard bearer for how other states handle privacy enforcement.

“We’re waiting to see how the regulations are going to be written on it,” Walden said, “but there are concerns about what it mandates in terms of your right to be forgotten,” and the individual right to control what data is public and what can be hidden or erased.

Legislative action is also motivated – and inspired – by GDPR, which went into effect in May 2018. The legislation established data privacy rights for citizens of the European Union and a uniform set of regulations for companies doing business in Europe.

“I think we should look at what’s worked and not worked in GDPR,” Walden said, stating a concern that “you can go too far where the compliance costs are too high and the threat of damages are too high” and can inhibit innovation. “I think we just need to see how we can get to a national standard that works for all sizes.”

Related Content:

Privacy Rules are Key to Building Trust

After a series of high-profile data breaches at major companies like Facebook and Capital One, organizations are overhauling privacy policies while working to regain consumers’ trust.

Ask an Analyst D.C.

Bloomberg Law Regulatory & Compliance Team Lead Amanda Allen and analysts Mark Smith, Dori Goldstein, and Betsy Mountenay discuss the need for implementing an agile framework that takes into account the ever-changing terrain of the privacy and data security landscape.

A Conversation with Hugo Teufel

As chief privacy counsel at Raytheon, and a former chief privacy officer for the Department of Homeland Security, Hugo Teufel has been closely involved with changes in how personal information must be handled.

A Conversation with Corey Dennis

European regulators wasted no time getting serious about the European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018.