Sen. Marco Rubio Introduces Federal Privacy Legislation to Supersede State Laws

It could be the first of several privacy bills this session

U.S. Sen. Marco Rubio, R-Florida, is among the growing number of lawmakers interested in legislation related to online data privacy. Getty Images
Headshot of Marty Swant

On Wednesday, U.S. Sen. Marco Rubio (R-Fla.) introduced legislation that could give the Federal Trade Commission authority to update the nation’s privacy laws for the internet era.

The American Data Dissemination Act, as it’s called, would task the FTC to update the nation’s 1970s privacy laws. However, unlike online privacy bills introduced last year, Rubio’s doesn’t create a clear framework right away. Rather, it would task the FTC with developing a list of rules and regulations related to data privacy. Then, after 180 days, the FTC would submit suggestions to Congress for approval. If lawmakers don’t pass legislation within two years, the FTC could approve and enforce their own rules without final Congressional approval.

The bill could jumpstart the conversation around the issue of online data privacy. After a series of data privacy scandals in 2018, lawmakers have become increasingly vocal about their concerns ranging from how Facebook and Google collect and use data for advertising to how companies protect sensitive information from being stolen. Just last week, several lawmakers called on the FTC to consider investigating telecom giants after a report discovered companies including AT&T and T-Mobile had been selling user location data. (Most quickly announced they would stop the practice by March.)

Rubio said Congress needs to create legislation that creates “a transparent, digital environment that maximizes consumer welfare over corporate welfare.”

“There has been a growing consensus that Congress must take action to address consumer data privacy,” he said in a statement. “However, I believe that any efforts to address consumer privacy must also balance the need to protect the innovative capabilities of the digital economy that have enabled new entrants and small businesses to succeed in the marketplace.”

Rubio likely won’t be the only lawmaker introducing their version of a privacy bill this session. In addition to holding Congressional hearings for executives from Facebook, Google and Twitter to talk about their companies’ data practices, several members of Congress submitted their own version of federal data privacy legislation. Last year, lawmakers including Democratic U.S. Senators Ron Wyden (D-Ore.), Mark Warner (D-Va.) and Amy Klobuchar (D-Minn.) all sponsored various bills related to online privacy. Several of those lawmakers could reintroduce legislation again this year.

While comments from Facebook CEO Mark Zuckerberg and others drew concern, the bills failed to get traction—at least so far. But online privacy isn’t just a one-party issue. Along with Rubio, other Republican lawmakers have also voiced their support for some sort of action, including Senators John Thune, (R-S.D.) and Roger Wicker, (R-Miss.), have also said it’s time for Congress to consider legislation.

Omer Tene, chief knowledge officer of the International Association of Privacy Professionals, said it’s “refreshing and good” for Senate leaders such as Rubio to be involved with privacy legislation.

“I fully expect this to have much more energy from both sides of the aisles than just Sen. Rubio,” he said.

Last year, California led the way with pushing privacy at the state level by passing a sweeping online privacy bill in order to pre-empt an even stronger proposal from being voted on as a ballot measure last November. However, while the law is scheduled to go into effect next year, the American Data Dissemination Act would supersede it and any other state’s bill. While some say having state-by-state privacy bills would make compliance too confusing and burdensome on brands and advertisers, a vague federal bill could allow for a watered-down version that doesn’t end up protecting users as strongly as privacy advocates would like.

While Congressional hearings have helped to raise the profile of internet companies’ data practices, a recent study suggests that most U.S. consumers still don’t realize how much their data is being collected and used to show them ads on social media platforms and websites. According to the Pew Research Center, 74 percent of the nearly 1,000 U.S. adults surveyed last fall said they didn’t realize Facebook maintained a list of their interests and traits for use in data-driven advertising. Meanwhile, 51 percent of respondents said they weren’t comfortable with Facebook compiling the information, and 27 percent said the profiles created about them “do not very or at all accurately represent them”—perhaps raising the question of whether ad-targeting is even always accurate in the first place.

The issue isn’t going away any time soon. Today, Time magazine published a letter by Apple CEO Tim Cook, pressing the need for federal online privacy rules. Along with calling for data collection to be minimized, accessed and corrected or deleted by whoever it belongs to, Cook said the FTC should create a “data-broker clearinghouse” that would require all data brokers to register so that consumers could track what information of theirs is collected and sold.

“In 2019, it’s time to stand up for the right to privacy—yours, mine, all of ours,” he wrote. “Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives.”

Some privacy advocates don’t trust the FTC to do its job. A coalition of organizations released a list of proposals ranging from federal legislation to a “data protection agency” that would run independently of the FTC.

“The United States confronts a crisis,” wrote the coalition, which includes the Electronic Information Center, Color of Change, and Public Citizen. “Digital giants invade our private lives, spy on our families and gather our most intimate facts for profit. Bad actors, foreign and domestic, target the personal data gathered by U.S. firms, including our bank details, email messages and Social Security Numbers.”

@martyswant Marty Swant is a former technology staff writer for Adweek.