Prepared Statement by Senator Chuck Grassley of Iowa
Senate Committee on the Judiciary Hearing
GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation
Tuesday, March 12, 2019
Thank you, Mr. Chairman, for scheduling this important hearing.
Last year, as Chairman, I convened two hearings on data privacy. Those hearings helped start an open dialogue about how we should address growing consumer privacy concerns. I’m glad we’re continuing that work here today.
America’s digital and innovation economy is the envy of the world. Nearly all of the top tech companies call the United States home. That shouldn’t surprise anyone. In the U.S., innovators and entrepreneurs can thrive. Disruptive technologies and applications can take flight and improve our daily lives.
That’s been the case, largely because the government hasn’t stood in the way. Here, someone with a few good ideas and perseverance can become the next face of Silicon Valley.
One such innovator, Robert Noyce, was born in Burlington, Iowa and graduated from Grinnell College.
He’d go on to invent the microchip and co-found Intel Corporation.
And one innovation leads to another. Our ever-evolving tech and digital landscape helps keep us safer, healthier, more informed, and more connected with each other than ever before.
It’s become clear, though, that these advancements come at a cost. Today’s most successful technologies, platforms, and apps rely on the collection and use of immense amounts of sensitive consumer data and personal information. And it’s not slowing down. According to one report, by 2025 each person will have at least one data interaction every 18 seconds – or nearly 5,000 times per day.
Consumers should know when and how data is collected and used. And consumers need to be confident that their personal information is protected. But more and more, Americans wake up to news about another massive data breach, or the misuse of personal information. Consumers have a fundamental right to privacy protection. How we best protect and enforce that right is why we’re here today.
The European Union and California have recently taken bold steps to protect data and consumers’ personal information. But bold doesn’t necessarily mean right. Significant compliance costs and risks under the new General Data Protection Regulation (GDPR) have already driven some well-known products and services out of the European marketplace. And for entrenched firms with teams of lawyers, GDPR may serve as a deterrent to small start-ups and competition.
In California, the recently adopted Consumer Privacy Act takes cues from European-style regulation. But folks on all sides of the privacy debate are urging for reforms to the hastily enacted legislation.
An unworkable regulation helps no one. So if Congress is to move forward, we need to get it right. We should protect consumers. But we shouldn’t, at the same time, construct needless barriers to trade, consumer choice, innovation, and the flow of news and information.
I’ll note that it’s Sunshine Week. That’s a good reminder that transparency should be at the center of these discussions. At minimum, consumers must have the transparency necessary to make informed decisions about the use of data and their personal information.
Today is an opportunity to start sorting through what works and what doesn’t. So I thank the Chairman for holding this hearing, and I look forward to the testimony.