December 06, 2019
Senate Commerce Committee Chairman Roger Wicker (R-MS) and Ranking Member Maria Cantwell (D-WA) released separate consumer data privacy measures that both seek to exclude HR data from their provisions along lines recommended by the HR Policy Association.
In a hearing this week, the Commerce Committee discussed the two measures, with both Republicans and Democrats expressing agreement about the urgent need for a sweeping consumer data privacy law that provides many of the same rights as the California Consumer Privacy Act.
The elephants in the room: While consensus is emerging in many other areas, Democrats and Republicans have been split on the issues of preemption and a private right of action. Accordingly, Sen. Cantwell’s Consumer Online Privacy Rights Act (COPRA) includes a strong private right of action and does not preempt state laws. Meanwhile, Sen. Wicker’s draft bill, the U.S. Consumer Data Privacy Act (USCDPA), preempts state laws and does not appear to include a private right of action.
Glimmers of compromise? “[People] want a law,” said Sen. Richard Blumenthal (D-CN), who is expected to introduce his own measure. “And you will see state laws all around the country—hopefully they won’t create too much inconsistency, but that’s where we’re going if we fail to act.” Meanwhile, several Republicans suggested openness to a limited private right of action.
Sen. Cantwell's COPRA attempts to exempt HR data by removing “employee data” from its definition of “covered data.”
However: There are several significant issues with the bill from an HR perspective.
Sen. Wicker’s USCDPA also contains language excluding HR data, while being generally similar to Sen. Cantwell’s effort in a number of other areas.
The potential downside of excluding HR data: Notably, by exempting HR data, a federal bill likely would not preempt state efforts to regulate HR data.
What happens next: While the Wicker and Cantwell measures will receive consideration in the Commerce Committee because of their leadership positions there, numerous other bills have already been introduced, with more yet to come. Despite this activity, there is no space for action on any comprehensive consumer data privacy measure before the end of the year. And with elections just around the corner, the prospects of a federal bill gaining momentum in 2020 seem similarly slim. However, as Sen. Blumenthal noted, states will continue to legislate, placing more pressure on Congress to act in 2021. With a provision excluding HR data from California’s data privacy law expiring on January 1, 2021, expect the policy conversation there, and perhaps nationally, to become more focused on HR data practices. HR Policy will continue to be engaged on this issue by leading a coalition of member companies and business groups to aid lawmakers in recognizing the unintended consequences of such measures.