Pallone Opening Remarks at Legislative Hearing on Protecting Kids Online and Ensuring Americans' Right to Data Privacy

Energy and Commerce Committee Ranking Member Frank Pallone, Jr. (D-NJ) delivered the following opening remarks at an Innovation, Data, and Commerce Subcommittee Hearing titled, "Legislative Solutions to Protect Kids Online and Ensure Americans’ Data Privacy Rights:"

Today we take another significant step towards providing Americans with strong, comprehensive, data privacy and data security protections. For far too long, Americans have been virtually powerless against Big Tech’s unceasing drive to collect, use, and profit from the sale of vast amounts of Americans’ personal information.

Last Congress, as Chair of this Committee, I was proud to work with then-Ranking Member Rodgers and Subcommittee leaders Schakowsky and Bilirakis, to take bold action to protect Americans’ personal information. The American Data Privacy and Protection Act (ADPPA) was the first bipartisan and bicameral comprehensive data privacy legislation in decades and was reported out of this Committee with a 53-2 vote. That historic legislation included strong federal data privacy and security standards that put people back in control of their personal data, curbed data collection abuses by Big Tech, reined in the shadowy world of data brokers, and provided important protections to keep kids safe online.

I’m pleased that the American Privacy Rights Act discussion draft adopts so many of the key pillars of ADPPA, with data minimization rather than notice and consent as its foundation. Notice and consent as the basis for a privacy regime imposes unreasonable burdens on consumers and it simply does not work.

By contrast, data minimization limits the amount of personal information entities collect, process, retain, or transfer to only what is necessary to provide the products and services being requested by the consumer. That means no more flashlight apps collecting and sharing geolocation information. No more dating apps gathering health-related information to use for targeted marketing. No more wellness apps selling mental health information to data brokers. This discussion draft combines data minimization with provisions that empower consumers to access, correct, delete, and port their personal data; opt out of targeted advertisements; and prohibit data brokers from collecting their personal information.

There are several key areas where I believe it can be strengthened, starting with the area of children’s privacy. I’ve long said that any comprehensive privacy law must provide heightened privacy protections for children. This new draft recognizes that information about children is sensitive, but it does not provide many of the specific protections for children that can be found in ADPPA. To start, we should explicitly prohibit targeted advertising to children who often cannot distinguish between advertising and non-advertising content. We should also require companies to incorporate privacy by design into their practices, and to adopt policies, practices, and procedures that take special care to identify, assess, and mitigate privacy risks with respect to children.

We should also consider establishing a Youth Privacy Division at the FTC to ensure that substantial resources are provided to protect children’s privacy.

COPPA 2.0, which is one of the bills under consideration today, does not provide sufficiently robust privacy protections for children. It offers a nod to data minimization but leaves websites and apps largely free to collect, use, and disclose minors’ information after obtaining consent from a teen or the parent of a child. COPPA 2.0 would actually provide children and teens with less robust privacy protections than those provided to adults in the American Privacy Rights Act.

We should also explore whether there are additional tools we can give consumers to control the data in the possession of data brokers. The Chair’s discussion draft directs the FTC to create a single mechanism that would allow consumers to opt out of future data collection by all data brokers. ADPPA went one step further and directed the creation of a universal deletion mechanism, which would allow consumers to direct all data brokers to delete their information. Without such a provision, consumers who don’t want data brokers retaining and selling their data would have to visit hundreds of data broker websites and opt out on each one.

Furthermore, in a digital society, privacy rights are civil rights. The combination of artificial intelligence and personal data can be weaponized to deprive people of the equal opportunity to find housing, look for a job, or receive information about goods and services. As we advance comprehensive privacy legislation that includes provisions on algorithmic accountability and discrimination, we should examine whether the current legislation adequately reflects what we have learned about AI, particularly generative AI, since ADPPA moved through this Committee two years ago.

I look forward to hearing from our witnesses and other stakeholders about ways we can strengthen the discussion draft beyond what I’ve highlighted. I’m optimistic that we’ll be able to get comprehensive privacy legislation across the finish line and I’m committed to working with Chair Rodgers and my colleagues to get it done. I also want to hear more about the other bills on today’s agenda. And with that, I yield back the remainder of my time.

###