Senate Considers Data Privacy Bill as HR Policy Explores Implications of Schrems II Decision

September 25, 2020

Senate Commerce Committee Chair Roger Wicker (R-MS) released a consumer data privacy bill that expands on previous legislation while excluding employee data, establishing preemption, and containing no private right of action.

In a hearing this week, Chair Wicker said his bill would “provide Americans with more choice and control over their data. It would require businesses to be more transparent and hold them to account for their data practices. It would strengthen the FTC’s ability to be an effective enforcer of new data privacy rules.  And it would establish a nationwide standard so that businesses know how to comply no matter where their customers live, and so that consumers know their data is safe wherever the company that holds their data is located.”

The legislation would establish uniform data protections enforced by the Federal Trade Commission and state attorneys general.  These two points—preemption and a lack of a private right of action—have proven to be sticking points between Republicans and Democrats, who broadly agree on most other aspects of what a comprehensive consumer privacy measure would entail. 

The activity is a reminder that in 2021 Congress will likely pick up where it left off last February in considering comprehensive consumer data privacy legislation.  Whether Wicker’s measure factors into deliberations will strongly depend on whether Republicans maintain control of the Senate in the November elections.  The bill is cosponsored by Sens. Deb Fischer (R-NE), John Thune (R-SD), and Marsha Blackburn (R-TN).

Meanwhile, Facebook says “it is not clear” how it will continue operating in the EU following the Court of Justice of the European Union’s invalidation of the EU-U.S. Privacy Shield in the Schrems II decision.  Already, complaints have been lodged in all 30 EU and EEA member states.

HR Policy’s Future Workplace Policy Council hosted a candid discussion with major HR vendors about what can be done now to protect data flows from the EU and avoid liability, and what the next steps may look like. 

The webinar featured IBM Chief Privacy Officer Christina Montgomery, Workday Chief Privacy Officer Barbara Cosgrove, Randstad Data Protection & Information Security Officer Wouter-Bas van der Vegt, and BEERG Executive Director Tom Hayes.  Harriet Pearson, HR Policy Privacy Counsel and Partner at Hogan Lovells, moderated.

You can find a recording of the discussion here