Our members provide services and enhanced experiences for their customers and fuel economic growth and opportunity across our nation.  When it comes to the future of the federal privacy landscape, we support the following:

  • Reasonable frameworks that set out clear privacy rights, including rights to access, correct, and delete their data and data portability, as well as organizational accountability.
    • Policymakers should ensure any frameworks adopted do not: undermine privacy or data security interests; stymie the ability to prevent, detect, or defend against fraud or other unlawful activity, or protect the security and integrity of systems; interfere with law enforcement or judicial proceedings; or impose unduly burdensome or excessive requirements (particularly for small and medium-sized businesses, non-profit 501(c)(3) organizations, and new market entrants) including requirements that would exceed a consumer’s reasonable expectation of privacy.

Companies Must Proactively Promote Transparency and Security 

  • We encourage voluntary business-to-business and business-to-government data-sharing framework models in full compliance with existing laws and regulations. We caution against state and local government mandating “real-time” and seamless data portability without taking into account the privacy implications and technical challenges of adhering to such a mandate.
  • We caution against overly restrictive regulations on the uses of biometric technology or automated decision-making systems.

Congress Should Act

  • Congress should enact comprehensive federal privacy legislation that protects all Americans regardless of where they live and preempts state laws related to the federal standard, thereby ending the growing state-by-state privacy patchwork and preventing another patchwork from developing in the future.
  • Federal privacy legislation should be tech- and sector-neutral and apply across sectors to both online and offline entities that collect and process personal information.

Clarify the Role of the Federal Trade Commission and Preserve the Role of State Attorneys General in Enforcement

  • In comprehensive federal privacy legislation, clear requirements should be set forth in the law, and guardrails should be in place to avoid issuance of regulations that would create uncertainty and undermine America’s leadership in innovation. The FTC should be the exclusive federal regulator enforcing the law.
  • Congress should clarify the scope of the FTC’s authority to regulate privacy and data security matters that impact significant portions of the American economy.  Until such time that Congress provides the agency with clear authorization, the FTC should refrain from expansive rulemaking, particularly in light of the Supreme Court’s recent ruling in Loper Bright Enterprises v. Raimondo (2024).
  • Congress should ensure the FTC has the resources it needs to effectively enforce privacy and data security requirements that protect consumers from tangible privacy harms, while also preserving the ability of state attorneys general to protect their constituents and enforce the law based on the federal standard.
  • The FTC should maintain its existing efforts of case-by-case enforcement actions rather than pursuing expansive regulatory rulemaking.

Uniform Laws and Regulations Will Enhance Compliance, Promote Even-Handed Enforcement, and Promote Innovation

  • Federal policies should harness market incentives to drive effective risk-based management.
  • Any law should recognize the value of reasonable data collection, processing, use, and retention activities, including using data to provide customer service, authenticate a consumer’s identity, process or fulfill orders and transactions, improve services, and the ability to personalize to consumers and make them aware of offered products and services.
  • Any law should provide a flexible framework that provides consumers with the appropriate information and control mechanisms with respect to how their information will be processed.
  • New federal laws should mirror state approaches by acknowledging commonsense exceptions and exemptions in definitions of personal data—including continuing to exempt publicly-available information from any definition of personal data and continuing to exempt certain entities, such as archives, museums, and libraries, from being covered by the law.
  • In addition, any law should avoid restricting consumer access to free, ad-supported services, harming small and medium-sized businesses and non-profit organizations, and undermining a healthy Internet ecosystem, such as restrictions on first-party, contextual, and personalized advertising.
  • Consumers, rather than regulators, should be the arbiters of beneficial and valuable private sector technological innovation. We oppose proposals that would unduly restrict consumers’ ability to access new, beneficial, and innovative technologies, products, and services.
  • Because technology and security threats to consumer privacy evolve constantly, legislation should recognize that security requirements should be risk-based, technology-neutral, and flexible.
  • Private rights of action that have the potential to undermine innovation must be avoided. In addition, consumers and businesses should be free to enter into pre-dispute arbitration agreements to resolve disputes.

Congress Should Pass a Strong Federal Data Breach Notification Law

  • Congress should pass a strong federal data breach notification law, which preempts existing state-level notification laws and establishes one robust set of uniform protections for all Americans. More details about TechNet’s federal data security principles can be found here.

Ensure New Entrants, Small- and Medium-Sized Businesses, Non-Profits, and Underserved-, and Under-resourced Innovators Are Not Adversely Affected by Burdensome Regulations

  • While regulations affect all businesses, small, medium-sized, minority-owned, rural, non-profit, and other under-resourced businesses in particular face disproportionate burdens and unique challenges in complying with complex privacy laws and regulations. This problem is exacerbated when dealing with multiple sets of inconsistent or conflicting regulatory frameworks at home and abroad, making it important for policymakers to evaluate the global privacy landscape with the goal of promoting interoperability that allows American businesses to innovate and compete globally.
  • To some innovative young companies that have limited personnel and resources to devote to overly stringent compliance efforts, regulations that are too prescriptive could effectively stifle their growth. Congress should endeavor to set baseline requirements but provide flexibility in how to meet those requirements, taking care to avoid prescriptive programmatic requirements and consider the unique needs and resource constraints of small and medium-sized businesses and new market entrants.
    • For example, Congress could provide regulatory relief for startups and small businesses if their activities are limited in nature in the amount of personal information they process, in particular, if it does not include sensitive information.
  • Congress should establish robust training resources within the Department of Commerce, Small Business Administration, Federal Trade Commission, and/or other appropriate agencies that can provide guidance to startups and small businesses, particularly minority-owned and rural businesses, to ensure they are abiding by the most basic privacy requirements they may be subject to as a result of legislation or rulemaking.
  • Furthermore, we must ensure the complexity of privacy requirements does not effectively become a barrier to entry for new potential innovators. Congress and the administration must therefore ensure that fundamental core privacy protections for consumers are in place without stifling free market forces.

The United States Must Lead Globally

  • As the home of the world’s preeminent tech sector, the United States must proactively demonstrate global leadership by participating in multi-lateral, multi-stakeholder forums to promote interoperability among privacy frameworks within trade discussions.
  • TechNet supports the 2022 European Union-U.S. Data Privacy Framework and preserving Executive Order 14086 on Enhancing Safeguards for United States Signals Intelligence Activities.
  • TechNet believes efforts to promote digital trade and negotiate new trade agreements must promote predictable seamless data flows across international borders.
  • TechNet supports the efforts of the United States and its partners to expand the Global Cross Border Privacy Rules system, talks in the Organization for Economic Co-operation and Development on Trusted Government Access, and the Data Free Flows with Trust Initiative. Additionally, the United States must reverse its decision to abandon longstanding, bipartisan digital trade positions at the World Trade Organization and resume its support for prohibitions on forced data localization, tech transfer, and source code disclosure, while ensuring non-discriminatory treatment of digital products.  All of these initiatives will benefit American industry by forging a path for cross border data flows.

Facial Recognition Technology

Facial recognition technology can be utilized in a variety of use cases, many of which can improve security and access for individuals using services online.  Facial recognition technology can enable remote access to essential services, removing location- and mobility-based barriers to access.  In addition, different types of facial recognition technology can be used to facilitate entry to locations and stop fraud and protect consumers.

TechNet believes the following:

  • Legislation should not prohibit or effectively prohibits the use of facial recognition technology.
  • Legislation should not reduce access to non-identifiable diverse datasets necessary to train models to reduce bias.
  • Policies should recognize the wide variety of use cases for technologies that detect and/or recognize faces or other parts of the human form, and policies should avoid over-regulating visual technologies that do not affect individual privacy.

Protecting Children and Teens

Protecting children and teens is a top priority for the technology industry.  When examining protections for children and teens, Congress should:

  • Align any updates with the Children’s Online Privacy Protection Act (COPPA), including continued adherence to an actual knowledge standard and focus on services directed to minors.
  • Avoid imposing vague standards and obligations on the design and presentation of content that would run afoul of the First Amendment and fail to provide clear notice to companies about their obligations.
  • Ensure any proposals are technology and sector-neutral.
  • Ensure that student data is protected, while also providing parents, teachers, and students the ability to access educational tools to promote innovation and technology in the classroom.
  • Include clear language to expressly preempt state children’s privacy laws that relate to any federal law, to end the current patchwork and prevent another patchwork from developing in the future.
  • Grant exclusive federal enforcement authority to the FTC, without expanding the scope of the types of organizations over which the FTC has authority, while preserving the ability of state attorneys general to protect their constituents and enforce the law based on the federal standard.
  • Provide law enforcement agencies with the resources and tools to hold perpetrators of child sexual exploitation material (CSAM) accountable.

Other Policy Agendas

Immigration

January 1, 2025

Read More

Privacy

January 1, 2025

Read More

Artificial Intelligence

January 1, 2025

Read More