Welcome back to Holland & Knight's monthly data privacy and security news update that includes the latest in policy, regulatory updates and other significant developments. If you see anything in this report that you would like additional information on, please reach out to the authors or members of Holland & Knight's Data Strategy, Security & Privacy Team.

LEGISLATIVE UPDATES

General Congressional Update

On Feb. 7, 2023, President Joe Biden delivered his second State of the Union address. The president called on Congress to adopt "a clear privacy framework that sets one standard for the country." He also highlighted the need to protect children online. These items, coupled with his opinion piece published in The Wall Street Journal in January 2023, are evidence of the Biden Administration's growing commitment to adopting new data privacy regulations and are intended to spur congressional action.

Data Privacy and Security Bills

Last month's Data Privacy and Security Report included updates on comprehensive legislation, including the American Data Privacy and Protection Act (ADPPA), the Kids Online Safety Act (KOSA) and the Children and Teens' Online Privacy Protection Act (COPPA 2.0). In the past month, additional privacy, data security and consumer protection bills of note have been introduced or reintroduced as described in the following sections.

House Financial Services Committee Advances Consumer Financial Data Privacy Legislation

On Feb. 24, 2023, Rep. Patrick McHenry (R-N.C.), Chairman of the House Committee on Financial Services, introduced the Data Privacy Act of 2023, which amends the Gramm-Leach-Bliley Act (GLBA) to modernize financial data privacy laws and give consumers more control over their personal information. The bill would preempt state privacy rules and establish provisions that would require companies to provide more disclosures to consumers and give individuals the ability to request that their records be deleted.

Rep. Maxine Waters (D-Calif.), Ranking Member of the Financial Services Committee, has signaled she will oppose the bill, particularly because provisions would change regulations already in place in California, which recently overhauled its privacy policies. The Financial Services Committee advanced the bill along party lines by a vote of 26-21 at a markup on Feb. 28, 2023. However, the legislation will face challenges before being considered by the full House floor based on Democratic opposition and jurisdictional complications with the House Committees on Energy and Commerce, the Judiciary and Homeland Security, each claiming jurisdiction over consumer privacy issues.

Senate Judiciary Committee Holds Children Privacy Hearing

On Feb. 14, 2023, the Senate Committee on the Judiciary held the hearing, "Protecting Our Children Online." Sen. Richard Blumenthal (D-Conn.) called on Congress to take action to protect kids by passing theKOSA, which he and Sen. Marsha Blackburn (R-Tenn.) plan to reintroduce soon. The bill would require social media companies to give kids and parents tools to prevent the impacts of social media by requiring that social media platforms provide minors with options to protect their information, disable addictive product features and opt out of algorithmic recommendations. Platforms would be required to enable the strongest settings by default. The hearing comes a day after the release of the Centers for Disease Control and Prevention (CDC) report showing that in 2021, nearly three in five teenage girls felt persistent sadness, nearly one in three girls seriously considered attempting suicide, and 16 percent of high school students were electronically bullied, including on social media. Senate Majority Leader Chuck Schumer (D-N.Y.) intends to advance children's privacy bills this year. He plans to work with his colleagues to reintroduce kids' privacy bills, hold markups in March and hold a floor vote in June.

Durbin, Blumenthal, Hirono Introduce Bill to Protect Children's Online Privac

On Feb. 13, 2023, Senate Judiciary Committee Chair Dick Durbin (D-Ill.) and Sens. Blumenthal and Mazie Hirono (D-Hawaii) reintroduced the Clean Slate for Kids Online Act. The bill would amend COPPA by giving every American a broad right to have website operators delete information that was collected on them while they were under 13 years old, even if a parent consented at the time to the data collection. This would cover information that websites obtained about kids from data brokers and other indirect sources.

House Energy and Commerce Committee Holds Hearing on Enhancing Privacy Protections

Bipartisan leadership of the House Energy and Commerce Committee – including Chair Cathy McMorris Rodgers (R-Wash.) and Ranking Member Frank Pallone (D-N.J.) – joined Innovation, Data, and Commerce Subcommittee Chair Gus Bilirakis (R-Fla.) and Subcommittee Ranking Member Jan Schakowsky (D-Ill.) in announcing the Innovation, Data, and Commerce Subcommittee hearing, "Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy," on March 1, 2023. The hearing focused on how a comprehensive national privacy standard, and in particular the ADPPA, will ensure America's technological leadership and protect people's information, especially children's, from misuse. Witnesses and members called for transparency as to 1) how data is collected and transferred, 2) baseline protections on data minimization, 3) a leveled playing field for small businesses and 4) stronger enforcement authority. Ultimately, all members of the subcommittee echoed their continued support for ensuring legislation on a national standard for data privacy is successful this Congress. The ADPPA passed out of the committee last Congress by a 53-2 vote, but then-House Speaker Nancy Pelosi (D-Calif.) never called the bill up for a vote. This hearing was meant to kickstart the legislative process for the bill this Congress.

Meanwhile, with more than 20 state legislatures considering privacy legislation, new state privacy laws are likely to pass this year. These proposals would build on the existing patchwork of state privacy bills in California, Connecticut, Colorado, Virginia and Utah. For further analysis on any state privacy law or bill, please contact Ashley Shively or Marissa Serafino.

Support for Banning TikTok Grows

Bicameral legislation, the No TikTok on United States Devices Act, was introduced by Rep. Ken Buck (R-Colo.) and Sen. Josh Hawley (R-Mo.). The bill would direct the president to use the International Emergency Economic Powers Act (IEEPA) within 30 days to block and prohibit transactions with TikTok's parent company ByteDance, with stiff penalties for entities that attempt to evade these sanctions. Bipartisan support for banning the social media app is growing. Notably, Sen. Blumenthal, along with Sen. Jerry Moran (R-Kan.), sent a letter to U.S. Department of the Treasury Secretary Janet Yellen, who also acts as chair of the Committee on Foreign Investment in the United States (CFIUS), urging the Treasury Department to impose "strict structural restrictions" on the Chinese-owned video sharing app. House Energy & Commerce Committee Chair McMorris Rodgers has announced that TikTok CEO Shou Zi Chew will testify before the Energy & Commerce Committee on March 23, 2023.

CBP One Application Raising Concerns

Sen. Ed Markey (D-Mass.) sent a letter to the U.S. Department of Homeland Security (DHS) urging it to cease using its CBP One app due to privacy concerns for asylum seekers. DHS has required migrants seeking asylum at the southern border to use the app and submit sensitive information, including biometric data and precise location data, raising serious privacy concerns. The letter also raises concerns that the CBP One app promotes inaccurate information for asylum seekers in the U.S.

Antitrust and Data Privacy Proponent Resigning

Rep. David Cicilline (D-R.I.), the incumbent Ranking Member on the House Judiciary Committee's Subcommittee on Administrative State, Regulatory Reform, and Antitrust, announced that he will resign from Congress at the end of May to serve as president and CEO of the Rhode Island Foundation. Rep. Cicilline is a leader on antitrust policy issues, particularly related to antitrust in technology, which could impact the likelihood of the House advancing antitrust legislation aimed at tech platforms. Rep. Cicilline has introduced the Consumer Privacy Protection Act in previous sessions of Congress and has led several privacy inquiries aimed at tech companies.

EXECUTIVE AND DEPARTMENTAL UPDATES

FTC Commissioner Christine Wilson Resigning; Commissioner Slaughter Renominated

On Feb. 14, 2023, Federal Trade Commission (FTC) Commissioner Christine Wilson announced that she would resign her post in an op-ed published in The Wall Street Journal. In the op-ed, Commissioner Wilson explained her decision to resign because of what she calls FTC Chair Lina Khan's "attempts to remake federal antitrust law...and her disregard for the rule of law and due process." Further, Commissioner Wilson said that "I have failed repeatedly to persuade Ms. Khan and her enablers to do the right thing, and I refuse to give their endeavor any further hint of legitimacy by remaining." Wilson is the only Republican FTC commissioner and will require the president to nominate two Republicans to fill the current vacancies.

Separately, on Feb. 13, 2023, President Biden renominated FTC Commissioner Rebecca Kelly Slaughter to serve a new term. If confirmed by the Senate, Commissioner Slaughter would serve a seven-year term that is retroactive starting from September 2022.

FTC Launches New Office of Technology

On Feb. 17, 2023, the FTC launched a new Office of Technology to strengthen the "FTC's ability to keep pace with technological challenges in the digital marketplace by supporting the agency's law enforcement and policy work." The office will be headed by Chief Technology Officer Stephanie Nguyen. The new office will strengthen and support law enforcement investigations and actions, advise and engage with staff and the Commission on policy and research initiatives, and highlight market trends and emerging technologies that impact the FTC's work.

OSTP Seeking Information on Criminal Justice Statistics

The White House's Office of Science and Technology Policy (OSTP) published a notice of request for information (RFI) in the Federal Register on data collection regarding law enforcement activities. The RFI follows an Executive Order on Advancing Effective, Accountable Policing and Criminal Justice Practices to Enhance Public Trust and Public Safety, which calls for issuing a report to the president on the current data collection, use and data transparency practices with respect to law enforcement activities. This includes data related to calls for services, searches, stops, frisks, seizures, arrests, complaints, law enforcement demographics and civil asset forfeiture.

JUDICIARY UPDATES

Supreme Court Hears Big Tech Liability Shield Case

In a case that could have wide ramifications for the internet, the U.S. Supreme Court heard oral arguments in Gonzalez v. Google on Feb. 21, 2023. In this case, a man's family, who was killed in an ISIS attack in Paris, is arguing that YouTube's algorithm for recommendations of videos to promote ISIS recruitment videos is not protected by the internet's liability shield, Section 230 of the Communications Decency Act. Whether internet platforms can be liable for the content they hold could impact fundamental internet policy and business models.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.