On November 27, 2018, the Senate Commerce, Science, and Transportation Committee’s Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security held an oversight hearing of the U.S. Federal Trade Commission.  The hearing marked the first appearance before the Senate of the full slate of current FTC commissioners: Republicans Chairman Joe Simons, Noah Phillips, and Christine Wilson, and Democrats Rohit Chopra and Rebecca Slaughter.  In addition to confirming that the FTC will continue to prioritize data security and privacy enforcement under its consumer protection mandate, the commissioners were unanimous in their support for comprehensive federal data privacy legislation to be enforced by the FTC.  Each, however, offered slightly different views as to the right approach for potential legislation and future enforcement.

Chairman Simons highlighted three features that the FTC would like to see in a federal privacy bill: (1) authority to impose civil penalties, (2) jurisdiction over non-profit organizations and common carriers, and (3) rulemaking authority under the Administrative Procedure Act.  He repeatedly emphasized the importance of authority for civil penalties, a point that Commissioner Slaughter also strongly endorsed to promote effective deterrence.  Commissioner Phillips concurred in the need for civil penalty authority, but expressed concern about the potential chilling effect of penalties.  Phillips urged the Senate to think carefully about defining the “nebulous” harms related to consumer privacy and developing targeted penalties with a direct connection to those harms.

Raising the intersection of privacy and competition, Senator Jerry Moran, chair of the Subcommittee, asked about the potential effect of forgoing a comprehensive federal law and allowing a state-by-state approach.  Moran noted that California’s passage of its Consumer Privacy Act in June 2018 may inspire other states to pass their own statutes.  Chairman Simons cautiously agreed that a federal data privacy law that preempted state laws could prevent market confusion caused by inconsistent state laws.  Commissioner Phillips and Commissioner Wilson strongly agreed that federal preemption is appropriate to encourage competition since conflicting state laws could harm smaller competitors.  While large companies can absorb the significant costs of complying with multiple rules, Phillips noted, small businesses benefit from facing one clear rule.  Wilson added that a “patchwork” of state laws could deter new entry into the market, and specifically requested that any new legislation include a national data breach notification requirement.

Commissioner Chopra and Commissioner Slaughter, on the other hand, expressed doubt about broad federal preemption of state privacy statutes.  Chopra noted that federal preemption in regulating mortgages was “catastrophic” and advocated a more balanced approach that would permit states to impose higher standards than a federal privacy law.  While Slaughter expressed agreement with her colleagues about the costs of inconsistent state laws, Slaughter advised that the Senate should be wary of a weak federal law preempting stronger state law.

When asked how antitrust law should approach the “massive accumulation of power” in Google and Facebook, Chairman Simons echoed public comments by his fellow antitrust enforcer Assistant Attorney General Makan Delrahim in noting that “big is not necessarily bad.”  Commissioner Chopra, however, expressed concern about barriers to entry in the tech industry.  He explained that startups face difficulty obtaining funding unless investors foresee that the startup is likely to be acquired by a large incumbent company.  Accordingly, in his view, the FTC should consider how to use its privacy and antitrust authority to ensure that capital flows to those seeking to create new ideas and new rivalries.