The Equifax and Facebook-Cambridge Analytica scandals, coupled with the proliferation of state privacy and security laws such as the California Consumer Privacy Act (CCPA)—as well as proposed laws in Washington and Massachusetts—have increased demand for a comprehensive national privacy law.  Last week, the Senate announced plans to hold hearings to discuss a proposed privacy law.  The Government Accountability Office (GAO) has just released its report recommending that Congress develop comprehensive privacy legislation to enhance consumer protections. 

The GAO, a non-partisan government watchdog, commenced its investigation into the current state of privacy law at the request of House Energy and Commerce Committee Chairman Frank Pallone, Jr.  In discussing his request, Chairman Pallone noted that the Equifax breach putting more than 143 million consumers at risk and the Facebook Cambridge Analytic scandal have demonstrated that  consumers’ privacy is  “violated online and offline in alarming and dangerous ways.”

As part of its investigation into federal oversight of Internet privacy, GAO interviewed industry stakeholders, such as current and former Federal Communications Commission (FCC) and Federal Trade Commission (FTC) employees, consumer advocates, academics, and industry professionals, in addition to evaluating FCC and FTC Internet privacy enforcement actions.

While all industry stakeholders believe that comprehensive privacy legislation would enhance privacy oversight, industry professionals believe GAO’s approach would stifle business innovation and become quickly obsolete due to the pace of technological advancement. Consumer advocacy stakeholders disagree and argue this type of comprehensive privacy legislation would promote clarity and deter harmful privacy practices.

Even with mixed opinions from industry stakeholders, GAO ultimately recommends that Congress develop comprehensive legislation on Internet privacy to enhance consumer protections and provide flexibility to address a rapidly evolving Internet. In developing such comprehensive legislation, GAO notes that Congress must focus on (1) enacting legislation to establish privacy requirements for all sectors; (2) identifying agencies that should have the power to oversee privacy, including appropriate rulemaking authority; and (3) increasing the effectiveness of the overseeing agency by providing authority to impose civil penalties. To GAO, and national legislation supporters everywhere, this comprehensive legislation will enhance the federal government’s ability to protect consumer privacy, provide more certainty in the marketplace, and provide more confidence to consumers.

On February 26, the House Consumer Protection and Commerce Subcommittee will meet to discuss the GAO report. This hearing will take place just one day before the Senate Commerce Committee is set to hold a hearing entitled “Policy Principles for a Federal Data Privacy Framework in the United States” to discuss establishing federal privacy regulations.  Numerous hurdles exist in crafting a federal privacy law that is acceptable to consumer advocates and the business community, including state pre-emption, statutory fines, and increased powers for the FTC.  Still, the upcoming House hearings, coupled with the Senate’s hearings, suggest the Congress may finally be one step closer to comprehensive privacy reform.