Senate Subcommittee Tries to Revive Push For a Federal Privacy Law

The witnesses included Kat Goodloe, managing director of the Business Software Alliance (BSA); Paul Martino, general counsel at the Main Street Privacy Coalition; Joel Thayer, president of the Digital Progress Institute; Alan Butler, president of the Electronic Privacy Information Center (EPIC); and Berkley Center for Consumer Law fellow Samuel Levine.

No privacy-focused legislation is currently pending in the Senate, but Blackburn the hearing was the first in what will be a series focused on the “digital you” and individuals’ privacy.

The last privacy-focused Senate hearing was held in July 2024, as Congress was debating the American Privacy Rights Act. That bill stalled in both houses, however, and has not been reintroduced in the current session. Since then, the Senate has focused its digital policy efforts primarily on children’s online safety measures, such as the Children & Teens’ Online Privacy Protection Act, which the committee approved in June but is yet to come to a vote in the full Senate.

Members of the Senate Commerce Committee, from both sides of the aisle, floated various proposals for comprehensive privacy legislation during the current congressional session, but have not yet introduced actual bills.

Related: Senators Urge Court to Scrutinize DOJ Settlement in HPE-Juniper Deal

As with a number of other digital-related topics, the lack of a federal standard has led states to step into the breach. At least 20 states have enacted privacy-related measures, producing a patchwork of regulations and creating compliance challenges for businesses.

“Many of the businesses that today complain about the burden of complying with the patchwork of state laws — I have the advantage of having been there then — when the companies were lobbying against a federal privacy law. subcommittee ranking member Amy Klobuchar (D-MN) said. “Now they’re back complaining about the patchwork of laws and I would like to change that, but I do think it’s important to know that’s why we’re in the position that we are and to understand why some of these states are looking at this going, ‘Wait a minute.’”

The BSA’s Goodloe said one thing the states have gotten right in the laws they have passed is distinguishing among different types of businesses that handle personal data in different ways.

“Twenty states, both red and blue, have adopted comprehensive consumer privacy laws and those laws are remarkably consistent,” she said. “All 20 reflect a fundamental distinction between two types of companies that handle consumers’ data and assign strong but different obligations to each.” A federal law should follow that blueprint, she said.

Many of those state laws have been ineffective in preventing abuse, however, EPIC’s Butler claimed. “The tech industry has invested heavily in state lobbying to water down the substantive protections, narrow their scope, and add exceptions that swallow the rules,” he said. Any federal legislation should include clear data minimization rules that limit what information businesses can collect, rather than letting companies dictate privacy terms, he said.

The Senate shortly is expected to leave town for its August recess, followed by what could be a protracted battle over the federal budget and a possible government shutdown, likely pushing any follow-up action on Wednesday’s hearing into 2026.