Skip to Content

Privacy & Data

Testimony for Hearing on GDPR & CCPA before Senate Judiciary Committee

For more information on our efforts to create comprehensive federal privacy legislation, check out our Federal Privacy Legislation campaignIf you are reading this and want to talk to our Privacy & Data team for more info, please contact Michelle Richardson at [email protected].


Statement of Michelle Richardson, Director, Privacy & Data, Center for Democracy & Technology before the United States Senate Committee on the Judiciary

GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation

On behalf of the Center for Democracy & Technology (CDT), thank you for the opportunity to testify about the importance of crafting a federal consumer privacy law that provides meaningful protections for Americans and clarity for entities of all sizes and sectors. CDT is a nonpartisan, nonprofit 501(c)(3) charitable organization dedicated to advancing the rights of the individual in the digital world. CDT is committed to protecting privacy as a fundamental human and civil right and as a necessity for securing other rights such as access to justice, equal protection, and freedom of expression. CDT has offices in Washington, D.C., and Brussels, and has a diverse funding portfolio from foundation grants, corporate donations, and individual donations.

The United States should be leading the way in protecting digital civil rights. This hearing is an opportunity to learn how Congress can improve upon the privacy frameworks offered in the European Union via the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to craft a comprehensive privacy law that works for the U.S. Our digital future should be one in which technology supports human rights and human dignity. This future cannot be realized if people are forced to choose between protecting their personal information and using the technologies and services that enhance our lives. This future depends on clear and meaningful rules governing data processing; rules that do not simply provide people with notices and check boxes but actually protect them from privacy and security abuses and data-driven discrimination; protections that cannot be signed away.

Congress should resist the narratives that innovative technologies and strong privacy protections are fundamentally at odds, and that a privacy law would necessarily cement the market dominance of a few large companies. Clear and focused privacy rules can help companies of all sizes gain certainty with respect to appropriate and inappropriate uses of data. Clear rules will also empower engineers and product managers to design for privacy on the front end, rather than having to wait for a public privacy scandal to force the rollback of a product or data practice.

We understand that drafting comprehensive privacy legislation is a complex endeavor. Over the past year we have worked with partners in civil society, academia, and various industry sectors to produce draft legislation that is both meaningful and workable. This testimony will discuss the components of our draft and why they should be incorporated into a federal privacy law.

Privacy legislation must (1) provide individual rights to access, correct, delete, and port personal information; (2) require reasonable data security and corporate responsibility; (3) prohibit unfair data practices, particularly the repurposing or secondary use of sensitive data, with carefully scoped exceptions; (4) prevent data-driven discrimination and civil rights abuses; and (5) provide robust and rigorous enforcement, including additional personnel and original fining authority for the Federal Trade Commission (FTC).  The future of this country’s technology leadership depends on this Congress passing clear, comprehensive rules of the road that facilitate trust between consumers and the organizations that collect and use their data.

Full testimony available in the attached PDF.