Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • House committee continues federal privacy legislation discussions

    Privacy, Cyber Risk & Data Security

    On April 27, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Addressing America’s Data Privacy Shortfalls: How a National Standard Fills Gaps to Protect Americans’ Personal Information” to continue discussions on the need for comprehensive federal privacy legislation. Subcommittee Chair Gus Bilirakis (R-FL) delivered opening remarks, commenting that the Committee has examined in depth how a federal privacy law is needed to protect Americans and balance the needs of business, government and civil society, what happens when malicious actors exploit access to data, where the FTC’s jurisdictional lines and authority lay and how that interplays with a comprehensive federal privacy law, and the role of data brokers and the lack of protections given to consumers to manage their data.

    During the hearing, subcommittee members commented that one of the big debates about the American Data Privacy and Protection Act (ADPPA) as it came out of committee last year was the degree to which it should preempt state laws. There was push back on the bill from former Speaker Nancy Pelosi who was against the proposed preemption measures, as well as from the California attorney general and the California Privacy Protection Agency who expressed similar concerns and asked Congress to “allow states to provide additional protections in response to changing technology and data privacy protection practices.” The ADPPA was advanced through the committee last July by a vote of 53-2 (covered by InfoBytes here) and was sent to the House floor during the last Congressional session but never came up for a full chamber vote. The bill has not been reintroduced yet.

    Subcommittee members said that while drafting a comprehensive national data privacy law is a priority, there are a lot of concerns over preemption of state laws. Certain Republican members also commented that it is very important for Congress to create a single national standard before the FTC proposes data privacy rules from its commercial surveillance rulemaking efforts. As previously covered by InfoBytes, FTC Chair Lina M. Khan and Commissioners Rebecca Slaughter and Alvaro Bedoya testified before the same committee in April, during which time they said they are currently reviewing comments on the proposed rulemaking but support federal privacy legislation.

    While the ADPPA has not yet been reintroduced, House Financial Services Committee Chairman Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165) earlier this year, which would, among other things, modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape and ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time.

    Privacy, Cyber Risk & Data Security Federal Issues Federal Legislation House Energy and Commerce Committee State Issues California Consumer Protection FTC

  • FTC testifies on privacy efforts

    Federal Issues

    On April 18, FTC Chair Lina M. Khan and Commissioners Rebecca Slaughter and Alvaro Bedoya testified before the House Energy and Commerce Subcommittee on Innovation, Data, and Commerce on the agency’s efforts to protect consumers from unfair or deceptive practices and unfair methods of competition. The hearing addressed the agency’s 2024 budget request, as well as topics focused on rulemaking authority, junk fees, robocalls, fraud, and privacy initiatives, among others. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) delivered opening remarks, during which she cited the resignation of both Republican commissioners and criticized the agency’s “abuses of power.”

    In a prepared statement, the commissioners provided an overview of the agency’s consumer protection work, including its initiatives to safeguard consumers’ privacy that take a multi-pronged approach focusing on health data, children and teens, and data security. The commissioners broadly discussed recent enforcement actions taken to protect sensitive health data and commented on FTC efforts to use the agency’s rulemaking authority to protect children in the marketplace (the FTC is currently reviewing the Children’s Online Privacy Protection Act Rule to determine any necessary changes and is exploring how commercial surveillance may be fueling manipulative advertising practices targeted towards children and teens). They also flagged a recent data security action as an example of how the agency “is pivoting toward requiring restrictions on what data firms can collect and retain.” According to the testimony, the FTC engaged in 35 investigations, cases, and enforcement projects with foreign consumer, privacy, and criminal enforcement agencies during the last fiscal year. The commissioners also said the agency is currently reviewing comments received on a 2022 advance notice of proposed rulemaking (covered by InfoBytes here), which sought feedback on the widespread collection of consumers’ personal information as well as concerns relating to consumer data security and commercial surveillance. While the commissioners reiterated the agency’s strong support for federal privacy legislation, Chair Rodgers said the FTC voted on partisan lines “to act unilaterally” on its own set of rules.

    Federal Issues Privacy, Cyber Risk & Data Security House Energy and Commerce Committee Consumer Protection FTC UDAP COPPA

  • House committees move forward on data privacy

    Privacy, Cyber Risk & Data Security

    On March 1, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy” to continue discussions on the need for comprehensive federal privacy legislation. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) delivered opening remarks, commenting that discussions during the hearing will build upon the bipartisan American Data Privacy and Protection Act (ADPPA), which advanced through the committee last July by a vote of 53-2. As previously covered by InfoBytes, the ADPPA (see H.R. 8152) was sent to the House floor during the last Congressional session, but never came up for a full chamber vote. The bill has not been reintroduced yet.

    A subcommittee memo highlighted that absent a comprehensive federal standard, “there are insufficient limits to what types of data companies may collect, process, and transfer.” The subcommittee flagged the data broker industry as an example of where there are limited restrictions or oversight to prevent the creation of consumer profiles that link sensitive data to individuals. Other areas of importance noted by the subcommittee relate to data security protections, data minimization requirements, digital advertising, and privacy enhancing technologies. The subcommittee heard from witnesses who agreed that a comprehensive privacy framework would benefit consumers.

    One of the witnesses commented in prepared remarks that preemption is key, calling the current patchwork of state laws confusing and costly to businesses and consumers. “Consumers need a strong and consistent law to protect them across jurisdictions and market sectors, and to clarify what privacy rights they should expect and demand as they navigate the marketplace,” the witness said. The witness also stated that the FTC is currently relying on outdated law, noting that while Section 5 of the FTC Act is frequently used, “virtually all of the FTC’s privacy and data security cases are settlements. That means that many of the legal theories advanced, as well as the remedies obtained, have never been tested in court.”

    In advance of the hearing, the California governor, the California attorney general, and the California Privacy Protection Agency sent a joint letter opposing preemption language contained in H.R. 8152. “[B]y prohibiting states from adopting, maintaining, enforcing, or continuing in effect any law covered by the legislation, [the ADPPA] would eliminate existing protections for residents in California and sister states,” the letter warned. The letter asked Congress “to set the floor and not the ceiling in any federal privacy law” and “allow states to provide additional protections in response to changing technology and data privacy protection practices.”

    Separately, at the end of February, Chairman of the House Financial Services Committee, Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165). The bill moved out of committee by a 26-21 vote, and now goes to the full House for consideration. Among other things, the bill would modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape. The bill would also ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time. Additional provisions are intended to protect against the misuse or overuse of consumers’ personal data and impose disclosure requirements relating to data collection methods, how data is used and who it is shared with, data retention policies, and informed choice. The bill is designed to provide consistency across the country to reduce compliance burdens, McHenry said.

    Privacy, Cyber Risk & Data Security Federal Issues Federal Legislation House Energy and Commerce Committee House Financial Services Committee Gramm-Leach-Bliley State Issues CPPA Consumer Protection

  • Special Alert: Congress releases draft privacy bill

    Federal Issues

    A comprehensive federal privacy law drew one step closer to reality earlier this month when a bipartisan group of representatives and senators released a draft of the proposed American Data Privacy and Protection Act.

    Passage of the ADPPA, which combines elements of prior proposals in an effort to reach a legislative compromise, is still far from assured. But it represents a meaningful starting point for further discussions, and is already shaping the long-running debate on national privacy standards. This alert looks closely at the proposed statutory text that seeks to define the breadth and scope of a federal privacy regime that policymakers have contemplated for years.

    Greater clarity about bill text and its overall prospects for passage are likely to emerge at the House Energy and Commerce Committee’s hearing scheduled for tomorrow at 10:30 a.m. ET.

    Federal Issues Federal Legislation Privacy/Cyber Risk & Data Security Special Alerts House Energy and Commerce Committee FTC Consumer Protection American Data Privacy and Protection Act

  • House Energy and Commerce Subcommittee Examines Consumer Data Security

    Federal Issues

    On November 1, the House Subcommittee on Digital Commerce and Consumer Protection (Subcommittee) held a hearing entitled “Securing Consumers’ Credit Data in the Age of Digital Commerce” to examine: (i) the legal and regulatory framework for consumer reporting agencies, including the Gramm-Leach-Bliley Act and Fair Credit Reporting Act; (ii) current cybersecurity standards, best practices, threats, and vulnerabilities; and (iii) how data breaches relate to incidences of identity theft and fraud. In introductory remarks, Subcommittee Chairman, Bob Latta (R-Ohio), acknowledged the need to understand ways to protect against data breaches and secure consumer data. This sentiment was echoed by Full Committee Chairman, Greg Walden (R-Or.), who noted in his opening statement that recent data breaches “demonstrate the challenges of protecting consumer information in the digital age.” The full list of witnesses, testimony, and committee background memo is available here.

    Federal Issues Privacy/Cyber Risk & Data Security House Energy and Commerce Committee Data Breach

  • House Subcommittee on Digital Commerce and Consumer Protection Holds Hearing to Discuss Consumer Fintech Needs

    Federal Issues

    On June 8, the House Energy and Commerce Committee’s Subcommittee on Digital Commerce and Consumer Protection held a hearing to discuss financial products and services offered by the fintech industry to meet consumer needs. (See previous InfoBytes coverage here.) Committee Chairman Rep. Bob Latta (R-Ohio) opened the hearing asserting, “There are serious opportunities for companies to reach consumers with new products to help them create a rainy-day fund for the first time, pay their mortgage securely, rebuild their credit, budget and manage multiple income streams, and invest their earnings . . . Cybersecurity [specifically] is an ongoing challenge, and one the Energy and Commerce Committee is tackling head on.” The June 8 hearing included testimony and recommendations from the following witnesses:

    • Ms. Jeanne Hogarth, Vice President at Center for Financial Services Innovation (CFSI) (statement). Hogarth stated that nearly three out of five American face financial health struggles and spoke about challenges fintech entrepreneurs may face when trying to help consumers, such as (i) “facilitat[ing] interstate and regulatory comity that enables consumers to access and use fintech products and service that promote financial health”; (ii) “support[ing] consumers’ access to their own data”; and (iii) “creat[ing] opportunities for pilot testing of both financial products and services and financial services regulations.” Hogath also detailed CFSI’s Financial Solutions Lab, which identifies financial health challenges faced by consumers and encourages companies to develop ways to address these issues.
    • Mr. Javier Saade, Managing Director at Fenway Summer Ventures (statement). Saade—whose venture capital firm backs emerging fintech companies—stressed the importance of understanding and mitigating associated risks as financial innovation continues to expand. Growth is supported and encouraged, he noted, provided entrepreneurs understand that the “’fail fast and often’ approach, typical of tech-driven startups in other sectors, may not be well suited for the financial services industry.” Furthermore, Saade stated that because “nearly 30 million U.S. households either have no access to financial products or obtain products outside of the banking system . . . even modest strides in achieving economic inclusion present the single largest addressable opportunity in fintech.”
    • Ms. Christina Tetreault, Staff Attorney at Consumer Union (statement). Tetreault, speaking on behalf of Consumer Union (the policy division of Consumer Reports), stated that while financial technology such as virtual currencies, digital cash, and distributed ledgers have the “potential to increase consumer access to safe financial products and return a measure of control to consumers,” safeguards devised between lawmakers and providers must be implemented with appropriate federal and state financial regulator oversight.
    • Mr. Peter Van Valkenburgh, Research Director at Coin Center (statement). Coin Center is a non-profit organization, which focuses on “public policy ramifications of digital currencies and open blockchain networks.” Van Valkenburgh emphasized the need for Congress to (i) create a nationwide federal money transmission license as an alternative to “state by state licensing,” which, in his opinion, emphasizes the needs of individual states rather than addressing the health and risk profile as a whole; and (ii) create a federal safe harbor to “protect Americans developing open blockchain infrastructure.” Van Valkenburgh also encouraged the Office of the Comptroller of the Currency to establish federal “fintech charters” to promote a unified approach to regulating blockchain companies.

    Federal Issues Digital Assets Fintech OCC House Energy and Commerce Committee Blockchain Digital Commerce Privacy/Cyber Risk & Data Security Virtual Currency Distributed Ledger

  • House Energy and Commerce Committee to Hold Hearing June 8 on Fintech Options for Consumers

    Fintech

    On June 8, the House Energy and Commerce Committee’s Digital Commerce and Consumer Protection Subcommittee will hold a hearing as part of its “Disrupter Series.” In a press release issued June 1, the hearing, Improving Consumer’s Financial Options with FinTech, will discuss consumer needs and whether the fintech industry is offering financial products and services that meet these needs. “The FinTech industry has allowed the average American to have more control over their financial well-being while simultaneously promoting greater financial literacy. Next week’s hearing is an important opportunity for us to hear from companies on barriers they face in the market and learn how Congress can continue investing in its potential,” stated Committee Chairman, Rep. Bob Latta (R-Ohio). The hearing will begin at 10 a.m. in Room 2123 of the Rayburn House Office Building. Witnesses have not yet been announced.

    Fintech House Energy and Commerce Committee Congress

Upcoming Events