Share this page!

The Nexus of Privacy Profile picture
Twitter logo
Jun 14 151 tweets 48 min read
Time for some hot #privacy action! The House Subcommittee on Consumer Protection and Commerce hearing on the American Data Privacy and Protection Act (#ADPPA) starts at 10:30 am Eastern!

Here's the livestream and list of witnesses:

energycommerce.house.gov/committee-acti…
This morning's post on The Nexus of Privacy has background.

privacy.thenexus.today/federal-privac…
#ADPPA has bi-partisan sponsorship - House Energy and Commerce Chair @FrankPallone and Ranking Member @cathymcmorris, Senate Commerce Committee Ranking Member @SenatorWicker.

Conspicuous by her absence: Senate Commerce Chair @SenatorCantwell, who's working on her own bill.
Responses to #ADPPA so far have been mixed -- which, to be fair, is likely to be true of any privacy bill.

Everybody agrees that it's great the Congress is working on privacy legislation, and that bipartisan sponsorship is encouraging.
One big area of debate is the private right of action. Privacy and consumer groups think it's too weak. @SenatorCantwell agrees. Business groups, however, think it's much too strong, and will surely cause the sky to fall.
Another contentious area: #ADPPA preempts most current state privacy laws (including California's #CRPA) and future consumer privacy laws -- but it also has a list of exceptions, including Illinois' #BIPA.
Privacy groups would prefer non-preemptive legislation. @SenBrianSchatz and @SenatorCantwell agree.

Businesses groups, however, think that even the limited preemption in #ADPPA is much too strong, and will surely cause the sky to fall.
Of course there are a lot of other issues to discuss as well -- #ADPPA's "loyalty duties" (which aren't the same as a "duty of loyalty"), exceptions for de-identified data and employee data, potential loopholes benefiting big tech companies like Facebook and Google ...
So it should be an interesting hearing!

Here's the link again: energycommerce.house.gov/committee-acti…
And we're off! @RepSchakowsky notes that it's a significant and long-awaited data. "It's a pivotal moment in our journey to assure privacy rights for all Americans", thanks @FrankPallone and @cathymcmorris as well as the staff.
@EnergyCommerce has a roundup of some of the reactions so far, emphasizing the positive of course.

@RepAnnaEshoo (who co-sposored the Online Privacy Act, which alas didn't get a hearing) "Federal privacy legislation cannot undermine California's privacy laws." Exhorts members to produce strong legislation, and hopes that this is the time for it!
@RepSchakowsky is looking forward to getting something passed as soon as possible. Because, y'know, it's only 64 pages of really complex legislation, no need to spend much time discussing it.
@RepGusBilirakis notes that what we have is a discussion draft. "We should make our time to make it better. To be clear, this is historic! This draft describes a delicate balance": protecting consumers and giving businesses what they need.
@RepGusBilirakis stresses the importance of protecting small and medium businesses. Says we need to get it done this year. Hopes to move the process forward with consensus from both sides of the aisle.
"Today's discussion draft threads the needle" on preemption, right to courts, the role of the FTC -- and also addresses meaningful policy issues. Returns again to small businesses, with limited resources. The draft excludes small businesses from some requirements.
Highlights protections for children: draft bans targeting advertising for children under 17, restricts algorithms for targeting children.
@FrankPallone: "there's near-universal agreement that a national privacy law is needed to protect people. There's simply no real choice when people must trade their personal data to access essential services."
The bill rejects the notice and consent framework, with a focus on data minimization. Highlights civil rights, and the requirement for algorithmic assessment requirements. Large data holders (big tech) have additional requirements. Data brokers are brought out of the shadows.
@cathymcmorris : "this is the closest we've come to establishing a national standard." Gives an overview of the process, starting with her four principles in 2019, engaging stakeholders, and the work by Senate and industry. "Our draft is the culmination of all this."
Emphasizes that this draft ends the patchwork of state laws, targets bad actors. "We must allow for safe data practices and new innovations that people like." Especially important to protect children and minors. "Big tech can't exploit our kids"
Echoes the point that a standard must be workable for small companies and startups. "We're leading the way to unleash the power of small businesses and entrepreneurs."
"A critical milestone, years in the making, our best opportunity yet. Let's build on these principles."
@EPICPrivacy is also live-tweeting the ADPPA hearing include

And @benrossen is live-tweeting as well. The more tweets the merrier!

First witness: @BMLeeJR of @futureofprivacy. Makes four key points:
1) urgently needed
2) #ADPPA is stronger than the very weak laws recently enacted in multiple states
3) #ADPPA compares favorably with #GDPR
4) work still needs to be done
"There's a clear trend: states are making privacy rules whether Congress moves forward or not."

Unlike state laws, ADPPA includes civil rights protections, has protections for minors, requires privacy by design, private right of action
Also lists some ways ADPPA is stronger than GDPR.

Suggests adding additional funding for FTC, more space for iterative improvement, additional clarity of definition.
John Miller of @ITI_TechTweets: the draft could be an inflection point comparable to GDPR for its wide-ranging and potentially disruptive effect. "Deserves to be thoughtfully considered by all stakeholders as the most credible bipartisan and bicameral effort." But ...
1) The definition of sensitive data (which requires opt-in consent) is too broad. Argues that it shouldn't include telephone numbers and emails.
2) Doesn't clearly differentiate between controllers and processors (unlike GDPR and state laws).

3) Definition of targeted advertising would cause problems for business models, should be brought in sync with written weak state privacy laws.
Written testimony also has other suggestions, including changes to the algorithmic sections.

"It is reasonable to ask whether including the private right of action is necessary." While they appreciate the efforts to narrow it, they wish it would go away.
Also questions about pre-emption, with the lengthy list of exceptions. "We all agree we need to get privacy legislation done, also need to get it right."
Next, @CaitrionaFitz of @EPICprivacy. Talks about how big tech companies have blocked federal privacy law, and been allowed to deploy surveillance systems. "We are sorted into winners and losers.... We don't need any more evidence that self-regulation doesn't work."
Cites @themarkup's outstanding reporting of privacy abuses. "Nearly every week there's a new story about location data being packaged and sold." Highlights the role of data brokers buying and combining data to create profiles, which are then fed into discriminatory algorithms
"The system is broken. Technology companies have too much power, individuals too little. It does not have to be this way."

#ADPPA's focus on data minimization changes that.
There's work that needs to be done on the bill, but we need Congress to pass legislation this session. "Do not let this moment pass. The time is now."
Doug Kantor of @NACSonline, also representing @MainStPrivacy, speaking for brick and mortar stores. Stresses importance of clarifying relationships between covered businesses (such as retail) and service providers (tech).
Suggests that Sections 203 and 204 (consumer rights) let service providers (big tech) off the hook and puts responsibilities on customer-facing business.

Also worry about financial services companies -- which are outside the jurisdiction of this committee.
"To make sure people are protected, financial services companies need to be covered by the bill. Otherwise, we can't do our job fully."

Also thinks there's more to do with pre-emption.

And concerned with private rights of action.
Section of the bill that attempts to protect (very popular) customer loyalty programs, concerned that the private right of action could put these and other discounts at risk. Look forward to working with the committee.
@CommonSense's @jojasminc strongly urges the committee to pass strong data privacy bill _this year_ that includes strong protections for minors.

Tech firms should be constrained in their Wild West data collection practices, providing clear and conspicuous notices.
Companies should also know they'll be held accountable. The draft lays the groundwork for achieving these goals. Stresses civil rights protections, minimizing collection of data. "We understand this draft is a compromise, as it must be." Still, please consider improvements
Notes that youth are pressured to share sensitive data. Draft prohibits terms from transferring and processing sensitive data without opt-in, requires tech firms to minimize data, raises the age of covered children to under 17, bans behavioral advertising to minors.
Changes needed:
1) Cover all minors
2) Increase FTCs remit funding
3) Change knowledge standard by closing loophole that allows firms to evade complying
Now, @M_Ohlhausen of 21st Century Privacy Coalition. "This discussion draft shows there is potential for a bipartisan path forward." Incorporates foundational elements:
1) stronger and more comprehensive than existing weak state laws
2) designates FTC as principle agency
3) provides a national framework that preempts state laws.
4) at least partially recognizes that legacy privacy requirements in communications act must be preempted.
However, draft needs to be improved. Concerns:
1) Although draft would prevent FCC broadband and video authority, doesn't cover voice services
2) Video/voice protections are stronger than the FCC requirements that it replaces, as well as stronger than weak privacy laws.
3) Should better replace a risk-based approach
4) Exceptions may limit preemption of state laws. "Permitting states to enact additional privacy laws even after this passes would be problematic"
@GDufault of @actonline: "This draft takes us one step closer ..." Bill must enhance consumer trust, while also providing businesses what they need. "This bill provides the direction we need." Suggests that antitrust bills currently pending could undo existing protections.
But ... PRA in the draft is "powerful", so it's appropriate that there are safeguards -- including a 45-day right to cure. Please keep these!

And, the exceptions to preemption make the courts job more complicated. Would like to clarify language.
Compliance requirements: these are good!

Support sensitive limits on collection and processing, thinks negotiators have struck a reasonable compromise.
This draft will be complex for our members -- but 50 different state laws would be worse. So needs to be clear. And above all, must build consumers' trust. Seize the moment!
David Brody of @LawyersComm ... like everybody else, stresses bicameral, bipartisan nature of the draft.

"If a business posts a sign saying 'whites only', it shouldn't matter if it's written in ink or pixels.... Privacy rights are civil rights."
"Every individual deserves freedom online -- both freedom to, and freedom from." Freedom to define yourself, start a business -- but also freedom from discrimination. Comprehensive privacy legislation can significantly enhance these freedom.
Bill would prohibit discriminatory uses of data, and require companies to test their algorithms for data. "The data fed into an algorithm are intertwined with generations of discrimination... The provisions in this bill would provide the responsible use of algorithms."
Bill requires companies to only collect the data that they need, which reduces the amount of data floating around. Agrees with Mr. Kantor that financial services should be included.
But also areas needing improvement.

Private right of action needs to be strengthened -- it has procedural hurdles.

FCC displacement should be limited to privacy, not other areas.
"It's time to build on our civil rights infrastructure to ensure everybody has equal access to the Internet. Let's work together and get things done."
Moving on to member questions. @RepSchakowsky with a question for @BMLeeJR of @futureofprivacy: how does this help on Day 1?

1) Mandating security
2) Corporate accountability
3) Civil rights
4) Mandating privacy by design
Notes that none of these are in any state bills.

More details on protecting marginalized people:
1) algorithmic assessment requirements
2) data minimization reduces identity theft, which disproportionately affects marginalized people
3) regulating AI bias
Asks Mr. Brody to explain enforcement mechanisms. A "three-legged stool":
1) empowers FTC: new privacy bureau, new kids division
2) state AGs can enforce the law, very important
3) private right of action, especially important for individuals
FTC and state AGs won't have resources and ability to deal with every harm. Especially important for civil rights perspective -- virtually every major civil rights law has a strong private right of action.
@RepGusBilirakis drills into a challenge of online protection: how do you determine whether somebody's a child or an adult? Concerned about what info we need to know to guess a user's age. Asks @GDufault about an "actual knowledge" standard as opposed to "constructive knowledge"
@GDufault thinks actual knowledge is a workable compromise. Under COPPA, there are various ways, but that kind of evidence can be difficult to collect in ways that don't cause a lot of friction. Constructive knowledge could make things worse.
[This by the way is the loophole that @jojasminc was referring to.]

@GDufault suggests that parental controls and other new technologies make thinks easier, laws need to keep up.
Question for Doug Kantor: do protections need to be stronger for larger data holders?

"As long as you do it right, no." Agrees with @GDufault that actual knowledge is a good standard.
Question for @M_Ohlhausen about FTC office for business education. She thinks it's an excellent investment.
@FrankPallone: stresses again that it goes farther than notice and consent regimes. Asks @CaitrionaFitz about the importance of data minimization.

"It takes the onus off individuals, so collection and use are better aligned."
"Notice and choice doesn't protect privacy, it just provides a long list of ways they abuse our privacy."

#ADPPA's focus on data minimization sets it apart from (weak) laws passed in the states
How would civil rights protections in the bill help protect Americans?

David Brody:
1) anti-discrimination protections
2) robust algorithmic bias assessment requirements, including evaluating design of algorithms before they're deployed
@FrankPallone notes that Biden talked about protecting children and teens in his SOTU address. How does the bill do this?

@jojasminc: Section 204 includes minors as sensitive data -- without the actual knowledge standard.
Section 205 bans targeted advertising to minors. But, this section is limited to actual knowledge. Knows how tough this is, don't want people to get additional information, but they should use the information they're using for targeting to determine age as well.
@cathymcmorris asks @M_Ohlhausen about the split regulation with FCC over voice and video. She says protections should be transferred to FTC because that's clearer for consumers.
If a service provider is tracking, Mr. Kantor is concerned that a retailer could be liable. @M_Ohlhausen: nobody should be responsible for others' violations, it should be the service provider's responsibility.
How does regulation compare to GDPR supporting small businesses?

@GDufault: GDPR bans processing unless there's a lawful reason. Small startups need to be nimble, so need to be able to process data even if it might be illegal.
Also, draft provides for compliance programs. It doesn't completely exempt small companies, which is good, and compliance program provides resources that allows them to comply.
@RepBobbyRush talking about data brokers. He's connecting remotely and the sound quality's not great so not sure of the details, but he's very pleased to see that they're covered.
@CaitrionaFitz agrees data brokers are bad. EPIC supports substantive restrictions in the bill, and creating the registry is an important step.
On the civil rights front, David Brody discusses how past redlining feeds into the data that makes decision today. "Algorithms aren't magic. They're trained on data, and if that data includes bias they algorithms will be biased."
@boblatta also focuses on limited preemption of FCC, cites specific section of the act. Is it used for any other purposes today? @M_Ohlhausen isn't sure, will get back to him.

@M_Ohlhausen also explains FTC rule making and guidance, notes that violating guidance isn't a fine
Question for Mr. Miller about narrowing sensitive data to exclude browsing activity. "That section can be read extremely broadly. It's possible they were intending to get at search histories, but the way it functions it would also prevent a lot of very ordinary activities"
Seems to be suggesting that IP addresses (which allow unique identification of people) shouldn't be considered sensitive.

What would happen? Could make it difficult to do search -- might have to give consent each time. And the sky might fall!
Also impacts on security. Analytics processing data related to online activity are useful for security, bill seems to prohibit that.
@USRepKCastor highlights importance of protecting children, very excited that important protections from KIDS Act are incorporated, agrees that it's a starting point.

Asks @jojasminc for list of sections that should be strengthened.
@jojasminc starts with the positive: Section 204 can ban companies from collecting, processing, or transferring data on people under 17 unless parent provides consent. "That's fantastic!"

Suggests it should be anybody under 18. That's easier. "Let's make it all minors."
It's really easy right now to get confused about whether somebody's 14 or 17. "My daughter has a mature voice, she can often pass for me." Creates burdens for small companies to have all these age definitions in the bill.
@USRepKCastor stresses that "actual knowledge" has been a huge loophole under COPPA. It's appropriate that it's addressed in part in ADPPA, but there's room for improvement. Asks for examples of how big tech companies use this to claim ignorance.
@jojasminc: FTC has limited resources, so youth division needs to be funding and staffing. It's really complex, especially since we're about to enter the metaverse.

@USRepKCastor agrees about the importance of VR.
@RepGuthrie asks @GDufault about a limited PRA vs. a more expansive PRA from small companies protected.

@GDufault stresses need to avoid "sue and settle" model, which frequently target small businesses -- who don't have resources, so settle even if it's an inadvertent violation
Doug Kantor: concerned that this is a complex bill, will be difficult to comply, so need safeguards. PRA provides for compensatory damages, which includes not just actual damages but mental anguish, inconvenience, etc. "There's a lot of things lawyers can jam into that"
Ask John Miller for more detail on concerns about targeted advertising provisions. "As written, appears to restrict targeted advertising even for companies who are interacting with their own customers, seems to require consent each time."
Prefers "different balance" of privacy laws in VA, UT, CT which include much bigger loopholes allowing customers to do whatever they want on their own sites without consent.
@RepLoriTrahan echoes call for protecting children. Notes that 98% of ed tech tools send data to advertising companies, highlights problems of facial recognition and emotional recognition.
@CaitrionaFitz notes that FERPA doesn't cover this, only educational records
Highlights importance of FTC oversight and algorithmic impact assessments, although notes they could be strengthened.

Hopes that concentrating experts in new Youth Division at FTC can provide guidance.
@jojasminc speaks to concern that language may cause problems non-delegation doctrine. So, needs to provide additional resources to the Youth Division. "Otherwise, it's just one more thing that goes onto some enforcement attorney's list of things to do."
@DrNealDunnFL2 focuses on foreign adversaries -- China, Russia, Iran -- who are targeting Americans' data. "Even data we don't think is sensitive is sensitive in the aggregate." No restrictions on sharing data with Chinese companies. How important is transparency?
John Miller: it's a very important national security issue. The principle of transparency is one I agree with. Haven't heard too much feedback from our members on this particular provision, seems reasonable.
What about small, family-owned businesses? How important is it that data privacy laws are clear and consistent in all 50 states?

Doug Kantor: Very. Levels playing fields with big tech service providers.
@DrNealDunnFL2 zeroes in on the financial data exclusion. "A small convenience store could easily get 100,000 customers, so fall under large data holders. Could have member that fall both under small data exception and are large data holders."
@RepMcNerney asks about security. Can FTC define encryption standards?

@M_Ohlhausen notes FTC has not traditionally been a technical agency, would have to draw on outside expertise.
Section 203 gives FTC authority to establish standards. Would it be helpful to have data deletion standards?

@CaitrionaFitz: bill has pretty good standards, technology changes so need to address that
Do the Algorithmic Assesment provisions in this bill provide enough protection?

@BMLeeJR this they do, notes that there's broad overlap with EU AI Act. EU AI Act's pre-deployment coverage complements ADPPA's post-deployment
Question for Doug Kantor about security requirements based on size. He notes that can be complex for small companies, but requirement may be too weak for large companies.
@RepDLesko focusing on section 205b, restrictions on transfer of minors information. May need clarification. Can the minor give consent?

@jojasminc thinks it's okay agrees clarification may be useful
Question on large data holders and algorithmic impact statements (207 C). Should political viewpoints be added?

@BMLeeJR says there may be first amendment concerns with that, but he's not an expert. Will get back to them.
@M_Ohlhausen also notes that it's outside the FTC's expertise. Notes that the coalition's concerned that the definition of the algorithm is very broad.
@RepYvetteClarke stresses the importance of privacy legislation, especially from perspective of communities of colors -- and is very pleased to large sections of her Algorithmic Accountability Act are incorporated. Highlights annual algorithmic impact statements.
@CaitrionaFitz explains why it's important: outputs of algorithms can change over time as more data is accumulated, so need to re-evaluate regularly.

@BMLeeJR discusses why algorithmic design principles (up-front evaluation) are so important.
@BMLeeJR stresses that historical data has bias, so need to examine how that's handled.

There are pros and cons to requiring external auditors, but there needs to be a way to check that businesses are complying -- and indpendent auditors are a good mechanism for that.
@RepGregPence highlights the consumer focus. "It's striking how little consumers know about how their data is collected and shared." Analogizes it to Truth and Lending act. Highlights the importance of "clear conspicuous notice" and express consent requirements.
@RepGregPence suggests consumers should be compensated for the data they bring. Is that possible?

@CaitrionaFitz: it's complicated ... it might set up a system where folks with means can say they can do without it and the burden falls on poorer people.
Doug Kantor: there are times where there's compensation to businesses for the data they provide.

@RepGregPence: then why don't I as a consumer get that option?
@RepDarrenSoto is excited about the bipartisan nature of the bill. Highlights what the bill calls a "duty of loyalty" (limitations that data can only be used for the purpose it's collected for), and the protections for sensitive data.
Note that while the limitations are very valuable, they're not what "duty of loyalty" usually refers to. @mugefz discusses of this in iapp.org/news/a/distill…
Asks if there are any missing rights?

@M_Ohlhausen says it's extremely comprehensive, nothing comes to mind.

@jojasminc notes there are exceptions to third-party advertising to children that need to be clarified.
@RepFredUpton notes that Doug Kantor "didn't seem like he's quite there with this bill", and asks for more on pre-emption and other changes.

Kantor is concerned that the language in the bill won't preempt future privacy legislation, because there are so many exceptions
Also, the private right of action has problems -- in particular as it relates to pricing and loyalty programs. Raises the specter of broad price regulation. Mr. Brody pointed to the possibility of redlining, if pricing software isn't allowed to do that then the sky might fall!
The bill changes how data can be collected and used. What changes to small businesses need to make?

@GDufault points to Section 304, allowing FTC to authorize compliance programs. These cover questions like how do I source data in ways that are responsible?
@RepKathleenRice asks David Brody about cases where state AGs have sought penalties under existing privacy laws. What challenges do they face without a federal privacy law?

Brody notes @NewYorkStateAG has brought actions against dating apps, and that's just one examples
[@AGOWA has also brought several successful suits.]

Brody: Lack of transparency is a real challenge for AGs though, and the provisions of this bill that require transparency should help them a lot.
Under this bill, state AGs have full enforcement authorities -- injunctive relief, civil penalties, compensatory damages.
Question for Doug Kantor about small business perspective. He stresses again that it's very important that businesses aren't liable for service providers acts of omission of commission. A federal standard helps a lot! More work to do, but it's a really good starting point
@RepLarryBuchson asks about whether Privacy By Design (as required in Europe) have been well-received. Are they working for consumers?

@LourdesTurrecha has some good points about ADPPA's PbD section at
John Miller says Privacy by Design has been generally well received, but it's complex -- the devil is in the details.
Question for @GDufault about Youth Privacy Division at FTC. Good idea? Yes!

Other issues? @GDufault goes back to actual vs. constructive knowledge. Even enforcing the actual knowledge standard is very challenging, work to do before broadening it.
@RepRobinKelly focuses on short form privacy notices. @BMLeeJR talks about how long form notices are too hard to read, requiring the short form is a big improvement.

David Brody highlights the importance of making privacy policies available in other languages is critical.
Notes that this is also an area where the new Office of Business Mentorship at FTC can help -- not just helping small businesses understand and comply, but also making rule making and other material available in other languages for small business where that would be useful.
@CaitrionaFitz talks about the importance of prohibiting dark patterns -- "it makes rights meaningful".

@RepRobinKelly highlights opportunities of synergy with EU on regulating AI.
Rep. Armstrong talks about the challenges of getting privacy legislation. Today, we have a compromise on preemption and private right of action. Compromise is key! But let's talk about preemption.
Section 404b details the statues that aren't preempted. Without further clarity, worried this will devolve into a lot of reaction.

@blakereid has a quick rundown of concerns at
Rep. Armstrong asks about how preemption will work if language in preempted laws are amended. What if there are minor changes to BIPA? Or, many say that CA's law needs to be exempted from preemption as well. What if it changes?
John Miller agrees it's a good point. One concern is that the bill may freeze these same laws in place.

Rep. Armstrong thinks we need to have these discussions, need to be clear.
@RepFletcher focuses on heightened protections for sensitive data. Concerned that a lot is available for sale, thinks there's a lot of work to do. Ask health data -- its importance and why it's not protected by HIPAA
@CaitrionaFitz: people feel like health data is sensitive, think it's covered by HIPAA -- but it's not! HIPAA only covers interactions with doctors, insurance companies ... not other sharing of health data.
And geolocation data? Could reveal location such as going to specific clinics, etc. It's also considered sensitive data.

@CaitrionaFitz: today, for $2000 you can get two years of geolocation data. They say it's anonymized -- but that's a lie. It can be re-identified.
@CaitrionaFitz cites example of geolocation data outing a catholic priest. @swodinsky discusses this at gizmodo.com/a-priest-was-o…
@RepWalberg (who introduced the Protect Kids act with @RepBobbyRush) asks how ADPPA increases protections for children.

@M_Ohlhausen notes that COPPA is now over 20 years old. It needs to catch up to new technologies, new risks.
@RepWalberg asks about COPPA's actual knowledge standard.

@M_Ohlhausen: there are sites that attract a broad audience, including children. COPPA didn't want to create obligations in that case, so FTC has focused on things that are particularly targeted at children.
@M_Ohlhausen notes that COPA was struck down on first amendment grounds as being over-inclusive, that may have been a consideration.
@GDufault brings up concern that a constructive knowledge standard might have to collect more data to determine this. Might also sweep in other services, even those they don't intend to.
What benefits does Sec. 205's prohibition on targeted advertising to minors have for mental health?

@CaitrionaFitz: extremely important, minors often can't distinguish targeted advertising from non-commercial info.
@RepCardenas highlights that apps collect a lot more data than they need -- e.g. FB messenger collects health data. Why? How does this bill help?

David Brody: because they can. The bill limits collection to what's reasonably necessary.
This is incredibly important because it limits the amount of data that's floating around. The data minimization requirements in this bill are extremely strong.
@RepCardenas : how does this bill help protect teens, who are uniquely vulnerable?

@jojasminc: the human brain keeps developing until mid-20s. So my child, in high school, is vulnerable to images and content that can impact her sense of self.
Section 205's ban on third-party targeted advertising to teens. Section 217's got some exceptions. It's fine to allow first-party advertising, but there's a loophole allowing third-party advertising. Need to close that loophole.
And I think that's it! @RepSchakowsky thanks the witnesses, such a robust and useful conversation -- every one of you made such robust and useful contributions.

I agree! Excellent work by all the witnesses!
Members have ten days to submit additional questions for the record, and so asks witnesses to respond promptly. Notes that there probably will be more questions because there were so many issues brought up.
"This is why we're here. To get together in a bipartisan way, to address issues that consumers, businesses, Americans really care about." Such an important step to introduce bipartisan, bicameral legislation. Can make it better. Thanks to all!
@RepGusBilirakis "This is how we legislate. Let's improve this bill and move if forward. We're going to make the bill even better."

The committee is now adjourned!
@threadreaderapp, please unroll

(and let's hope the thread isn't too long to handle 🤣)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with The Nexus of Privacy

The Nexus of Privacy Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(