Our members provide services and enhanced experiences for their customers and fuel economic growth and opportunity across our nation. When it comes to the future of the federal privacy landscape, we support the following:
- Consumers’ rights to access, correct, and delete their data and data portability.
- Policymakers should ensure any policies adopted do not: undermine privacy or data security interests; stymie the ability to prevent, detect, and defend against fraud or other unlawful activity; interfere with law enforcement or judicial proceedings; or impose unduly burdensome or excessive requirements (particularly for small businesses and new market entrants).
Companies Must Proactively Promote Transparency and Security
- We encourage voluntary business-to-business and business-to-government data-sharing framework models in full compliance with existing laws and regulations. We caution against state and local government mandating “real-time” and seamless data portability without taking into account the privacy implications and technical challenges of adhering to such a mandate.
- We caution against overly restrictive regulations or a prohibition on all uses of biometric technology. Biometric technology has an innovative and diverse range of use cases. Policymakers should avoid one-size-fits-all frameworks for any regulation of biometric technology.
Congress Should Act
- Congress should enact comprehensive federal privacy legislation that protects all Americans regardless of where they live and preempts state law, thereby ending the growing state-by-state privacy patchwork.
- Federal privacy legislation should be tech- and sector-neutral and apply to online and offline entities alike that collect and process personal information.
Clarify the Role of the Federal Trade Commission and Preserve the Role of State Attorneys General in Enforcement
- In comprehensive federal privacy legislation, clear requirements should be set forth in the law, and guardrails should be in place to avoid issuance of regulations that would undermine America’s leadership in innovation. The FTC should be the exclusive federal regulator enforcing the law.
- Congress should clarify the scope of the FTC’s authority to regulate data security and privacy matters that impact significant portions of the American economy. Until such time that Congress provides the agency with clear authorization, the FTC should refrain from expansive rulemaking, particularly in light of the Supreme Court’s recent ruling inWest Virginia v. EPA (2022).
- Congress should ensure that the FTC has the resources it needs to effectively enforce privacy and data security requirements that protect consumers from tangible privacy harms, while also preserving the ability of state attorneys general to protect their constituents and enforce the law based on the federal standard.
- The FTC should maintain its existing efforts of case-by-case enforcement actions rather than pursuing expansive regulatory rulemaking.
Uniform Laws and Regulations Will Enhance Compliance, Promote Even-Handed Enforcement, and Promote Innovation
- Federal policies should harness market incentives to drive effective risk-based management.
- Any law should recognize the value of reasonable data collection, processing, use, and retention activities, including using data to provide customer service, authenticate a consumer’s identity, process or fulfill orders and transactions, improve services, and the ability to personalize to consumers and make them aware of offered products and services.
- Because technology and security threats to consumer privacy evolve constantly, legislation should recognize that security requirements should be risk-based, technology-neutral, and flexible.
- Private rights of action that have the potential to undermine innovation must be avoided. In addition, consumers and businesses should be free to enter into pre-dispute arbitration agreements to resolve disputes.
Congress Should Pass a Strong Federal Data Breach Notification Law
- Congress should pass a strong federal data breach notification law, which preempts existing state-level notification laws and establishes one robust set of uniform protections for all Americans. More details about TechNet’s federal data security principles can be found here.
Ensure New Entrants, Small Businesses, and Underserved-, and Under-resourced Innovators Are Not Adversely Affected by Burdensome Regulations
- While regulations affect all businesses, small, minority-owned, rural, and other under-resourced businesses in particular face disproportionate burdens and unique challenges in complying with complex privacy laws and regulations. This problem is exacerbated when having to deal with multiple sets of inconsistent or conflicting regulatory frameworks at home and abroad, making it important for policymakers to evaluate the global privacy landscape with the goal of promoting interoperability that allows American businesses to innovate and compete globally.
- To some innovative young companies that have limited personnel and resources to devote to overly stringent compliance efforts, regulations that are too prescriptive could effectively stifle their growth. Congress should endeavor to set baseline requirements but provide flexibility in how to meet those requirements, taking care to avoid prescriptive programmatic requirements and consider the unique needs and resource constraints of small and medium-sized enterprises and new market entrants.
- For example, Congress could provide regulatory relief for startups and small businesses if their activities are limited in nature in the amount of personal information they process, in particular, if it does not include sensitive information.
- Congress should establish robust training resources within the Department of Commerce, Small Business Administration, Federal Trade Commission, and/or other appropriate agencies that can provide guidance to startups and small businesses, particularly minority-owned and rural businesses, to ensure they are abiding by the most basic privacy requirements they may be subject to as a result of legislation or rulemaking.
- Furthermore, we must ensure that the complexity of privacy requirements does not effectively become a barrier to entry for new potential innovators. Congress and the Administration must ensure that fundamental core privacy protections for consumers are in place without stifling free market forces.
The U.S. Must Lead Globally
- As the home of the world’s preeminent tech sector, the U.S. must proactively demonstrate global leadership by participating in multi-lateral, multi-stakeholder forums to promote interoperability among privacy frameworks within trade discussions.
- TechNet supports the 2022 European Union-U.S. Data Privacy Framework and President Biden’s Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities.
- Efforts to promote digital trade and negotiate new trade agreements must promote predictable seamless data flows across international borders.
- TechNet supports the efforts of the United States and its partners to expand the Global Cross Border Privacy Rules system, talks in the Organization for Economic Co-operation and Development on Trusted Government Access, and the Data Free Flows with Trust Initiative. Additionally, the U.S. must reverse its decision to abandon longstanding, bipartisan digital trade positions at the World Trade Organization and resume its support for prohibitions on forced data localization, tech transfer, and source code disclosure, while ensuring non-discriminatory treatment of digital products. All of these initiatives will benefit U.S. industry by forging a path for cross border data flows.
Facial Recognition Technology
Facial recognition technology can be utilized in a variety of use cases, many of which can improve security and access for individuals using services online. Facial recognition technology can enable remote access to essential services, removing location- and mobility-based barriers to access. In addition, different types of facial recognition technology can be used to stop fraud and protect consumers.
TechNet supports the following principles:
- TechNet will oppose any legislation that prohibits or effectively prohibits the use of facial recognition technology.
- Legislation should not reduce access to non-identifiable diverse datasets necessary to train models to reduce bias.
- Policies should recognize the wide variety of use cases for technologies that detect and/or recognize faces or other parts of the human form, and policies should avoid over-regulating visual technologies that do not affect individual privacy.