Congress debates privacy, data access, cybersecurity

April 29, 2019
Recently the U.S. House Energy and Commerce Committee’s Subcommittee on Consumer Protection and Commerce held its first hearing on privacy, “Protecting Consumer Privacy in the Era of Big Data.”

The 115th Congress saw limited success in resolving many questions regarding vehicle data access and cybersecurity.  One significant missed opportunity was the failure to pass the U.S. Senate AV START Act, which included the Inhofe Amendment, language establishing a stakeholder advisory committee at the National Highway Traffic Safety Administration (NHTSA) to exchange views on vehicle data access and cybersecurity. Several U.S. House and Senate bills were introduced by both parties, directly targeting these issues, but none of them were sent to the President before Congress adjourned for the year.

Recently the U.S. House Energy and Commerce Committee’s Subcommittee on Consumer Protection and Commerce held its first hearing on privacy, “Protecting Consumer Privacy in the Era of Big Data.” For the Subcommittee to begin so early in the new Congress with the issue of privacy and data access, demonstrates the importance of these issues for the 116th Congress.  The Senate is still discussing whether to reintroduce legislation similar to last session’s AV START Act but clearly the House will begin with a broader conversation on data access and privacy than we saw in the 115th Congress.

Important for this discussion is the bipartisan interest in protecting consumers’ privacy. As the Automotive Service Association and other stakeholder organizations work to assure vehicle repair shops have access to the necessary data and tools to repair newer vehicles, policymakers in this first Subcommittee hearing on topic have reminded us that the consumer privacy issue is of greatest concern. House Energy and Commerce Chairman Frank Pallone, Jr. (D-NJ) and Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-IL) wrote to the Federal Trade Commission (FTC) following the hearing outlining concerns about protecting consumer privacy rights.

The Committee released the FTC letter and noted key provisions: “We are writing today to better understand the resources that FTC needs to fulfill its important consumer protection mission and meet the challenges posed by rapid changes in technology,” Pallone and Schakowsky wrote. 

“A series of recent high-profile privacy incidents have caused significant concern to consumers and this Committee,” Pallone and Schakowsky continued.  “For every high-profile case, there are many more that do not get attention in the press and therefore may not be prioritized by the FTC.  Nevertheless, consumers may face significant harm from these less well-known privacy and data security incidents.” 

Pallone and Schakowsky requested responses from the FTC to a series of questions including:

  • What resources would the FTC require to dramatically boost its enforcement activity with respect to privacy and data security? How would the FTC deploy new resources if it were to receive an additional $50 million for consumer protection and privacy? How about an additional $75 million? How about an additional $100 million? 
  • If Congress were to direct the FTC to hire technologists to aid in case development, enforcement, rulemaking and/or policy recommendations, what resources would the FTC need to fulfill its consumer protection mission, and how would the agency deploy those new resources? 
  • If the FTC received notice-and-comment rulemaking authority with respect to privacy and data security, would the FTC require additional resources to develop and update new rules without detracting from the agency’s enforcement activity? 
  • What would the FTC be able to accomplish with 100 new attorneys focused on privacy and data security that it cannot do with current resources?

The U.S. Senate Small Business Committee has been focused on the cybersecurity threats to small businesses which is certainly a consideration for policymakers as they strive to protect businesses and consumers’ privacy.

It is anticipated that numerous data access and cyber security bills will be introduced in the coming months impacting automotive repairers. This is already occurring at the state level including the California Consumer Privacy Act. NHTSA and the FTC have shown little interest in moving forward on these issues without congressional action. NHTSA has released several guidance documents relative to new vehicle technologies and the responsibilities of state and federal governments. Without congressional action, we will likely see the proliferation of state activity on these most important issues.

Voice Your Opinion!

To join the conversation, and become an exclusive member of Vehicle Service Pros, create an account today!