Blackburn, Klobuchar Restart Privacy Bill Conversation in Senate
Sens. Marsha Blackburn, R-Tenn., and Amy Klobuchar, D-Minn., on Wednesday restarted the Senate's privacy legislation conversation with a hearing exploring what “core principles” and state protections could be incorporated into a federal bill.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Blackburn, chairing the Senate Privacy Subcommittee hearing, said Congress needs a federal bill that prioritizes transparency, data minimization and “meaningful consent.” Both she and ranking member Klobuchar agreed it’s “past time” for Congress to act.
Klobuchar referenced previous legislative efforts, including a 2019 bill she introduced with Sen. Maria Cantwell, D-Wash., then chair of the Senate Commerce Committee. Klobuchar mentioned that bill’s data minimization and consumer consent requirements. She also highlighted how companies are increasingly using personal data to set individual prices for consumers, an issue Cantwell has focused on (see 2507170046).
The House Commerce Committee in 2022 approved the American Data Privacy Protection Act, a bipartisan bill backed by then-Chair Cathy McMorris Rodgers, R-Wash., and ranking member Frank Pallone, D-N.J. Rodgers eventually struck a bicameral deal in 2024 with Cantwell on the American Privacy Rights Act (APRA), but the bill stalled in the lower chamber due to opposition from House Republican leadership.
Klobuchar on Wednesday thanked Blackburn for working with her and other members like Sen. Richard Blumenthal, D-Conn., who has been a key Democrat in Senate discussion on privacy legislation. Klobuchar noted how she also sits on the Senate Commerce Committee with Blackburn.
Former FTC Consumer Protection Bureau Director Samuel Levine on Wednesday urged the Senate to establish bright-line rules on what data can be collected, how it can be used and with whom it can be shared. Today, he said, companies are taking the position that they can basically do “whatever they want” as long as it’s stated in their privacy policies. That was the main argument from companies before FTC enforcers, he said: that it’s legal if it’s mentioned in the policies. FTC and state enforcement will be far more effective with bright-line federal rules, he said.
Levine also testified in favor of Congress banning companies from using personal data to set individual prices for consumers. He voiced support for APRA treating minors’ data as “sensitive” and a federal ban on targeted advertising for children, a provision included in the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) (see 2506250045).
Blackburn asked witnesses what consensus provisions Congress should borrow from state privacy laws. Business Software Alliance Managing Director Kate Goodloe said provisions include consumer rights to access, correct and delete data; the ability for consumers to opt out of data sales and targeted ads; and clear distinctions and obligations for data controllers, data processors and data sub-processors. A controller is often defined as the entity that collects the data first-hand, and the processor is defined as a third-party accessing the data second-hand.
Main Street Privacy Coalition General Counsel Paul Martino testified that while APRA included a private right of action, it didn’t spell out clear liability for data processors and sub-processors.
Electronic Privacy Information Center Executive Director Alan Butler highlighted surveillance pricing. These tools have become embedded in every app and website a consumer visits, he said: Without a federal standard, companies don’t have any incentive to innovate on privacy protection.
Consumers are “stuck” with whatever privacy policies the dominant players issue, said Digital Progress Institute President Joel Thayer.