Top Republican Open to Injunctive Relief on Privacy Violations
- Sen. Wicker entertains narrow injunctive relief for privacy violations
- Hearing on differing Republican, Democratic privacy bills on Wednesday
A top Republican senator is open to the possibility of a narrowly focused private right of action for consumers when companies violate their privacy, as lawmakers work to refine their negotiating points ahead of a hearing on privacy legislation this week.
Senate Commerce, Science, and Transportation Chairman Roger Wicker (R-Miss.) said he could consider a very narrow private right of action, such as injunctive relief, in legislation his panel is discussing, a change in his previous stance on the issue. He had opposed a federal privacy bill with any private right of action, which would allow consumers to sue companies if their private data is violated.
The concession comes as Wicker’s committee prepares for a hearing Wednesday to consider legislation related to consumer privacy. Wicker last week floated a discussion draft that didn’t include a private right of action.
Federal Privacy Law Would Override States Under Wicker’s Draft Plan
“It would have to be quite narrow, injunctive relief, or something like that,” Wicker said in an interview on Monday about his draft bill. Injunctive relief is a court order in a civil lawsuit for the defendant to stop a specified act or behavior.
“We do not need a whole raft of new lawsuits, not even the California legislature provided for that. If we want the law enforced, we can get the law enforced, without a bunch of damage suits,” he added.
The committee’s top Democrat, Sen. Maria Cantwell (Wash.), introduced legislation last week with three other Democrats that would allow consumers to sue over privacy and data breach violations. The issue has been the main sticking point in the negotiations between Cantwell and Wicker.
Democratic Privacy Bill Allows Lawsuits Over Data Violations
The pair are aiming to resolve differences on their bills before a California consumer privacy law goes into effect on Jan. 1. California’s law includes a narrowly focused private right of action for data breach violations, allowing consumers to seek statutory or actual damages, injunctive relief, or declaratory relief.
“It’s safe to say enforcement will be the sticking point and there will be lots of discussion around a Private Right of Action, federal pre-emption and FTC enforcement,” Cantwell said in an emailed statement on Monday.
Cantwell’s inclusion of a private right of action that would be even broader than California’s law is “an indication of where—in a perfect world—the Democrats would like to be,” Wicker said. “I really think we’re at a pivotal moment and we’ll soon hope to know whether Senator Cantwell is serious about negotiating to a final product,” he said.
Seeking a Bipartisan Bill
The chairman said he would still prefer to introduce a bipartisan bill with Cantwell, and is hopeful he can do so.
“I had hoped and I had thought our plan was that she and I would roll out something together, with three bracketed items left for discussion.” Those three remaining sticking points are: private right of action, preemption of state privacy laws, and duty of loyalty—that companies not engage in deceptive or harmful data practices.
Wicker’s discussion draft would allow enforcement by state attorneys general and the Federal Trade Commission, which could imposecivil penalties for first-time offenses, according to a chart comparing his draft to the California law. The draft would pre-empt other state privac laws, however, except those that require businesses to notify consumers in the event of a data breach. Wicker also said he wouldn’t support holding CEOs of companies personally liable for privacy violations.
Cantwell’s bill wouldn’t pre-empt most state laws and regulations unless they are in direct conflict with the federal law.
“We’ll soon know whether we’ll bridge these chasms, or whether it’s been a funeral exercise,” Wicker said.
Close on Consumer Protections
Both Wicker’s draft text and Cantwell’s bill would create consumer privacy protections and give consumers more control over their data, allowing them to access, correct, delete and transport personal data that is held by big technology companies.
“On the substance of the protections for Americans and for consumers—we are in practicality there,” Wicker said.
“On whether you’re going to have a bunch of lawsuits and plaintiffs’ attorneys clogging up the courts, that to me doesn’t make the consumer feel any better,” he said. “I do think for the economy as a whole, it would be best if every American knew what one standard they had to comply with and the best way to do that is one overall nation-wide standard.”
He said getting a bipartisan bill done before Jan. 1 “has been my goal all along.”
“Frankly, Senator Cantwell has pushed back on that on that time and again and we’ve accommodated her. I had certainly hoped to have our joint working draft out there well before Dec. 4. But the legislative process is cumbersome and frustrating,” he said.
Cantwell said that the Jan. 1 deadline “is something the majority and industry has wanted to pre-empt California.”
“Our goal has always been a strong federal bill, one that the House could also pass. There’s a good basis of agreement, we should keep working,” she said in the emailed statement.
Witnesses for Wednesday’s hearing include two former members of the FTC, Maureen Ohlhausen, who is a co-chair of the 21st Century Privacy Coalition, and Julie Brill, who is now corporate vice president and deputy general counsel at Microsoft. Michelle Richardson, director of privacy and data at the Center for Democracy and Technology, will also appear.
With assistance from Daniel R. Stoller
To contact the reporter on this story: Rebecca Kern in Washington at rkern@bgov.com
To contact the editors responsible for this story: Zachary Sherwood at zsherwood@bgov.com; Loren Duggan at lduggan@bgov.com