Today, Cathy McMorris Rodgers, Republican Leader of the Energy and Commerce Subcommittee on Consumer Protection and Commerce, addressed the Digital Advertising Alliance’s Annual Summit. While sharing her four principles for data privacy legislation, Cathy urged Congress to move forward with a single national standard for data privacy that protects consumers and promotes innovation. Read her full remarks below. Read more about her four principles in the Seattle Times.

Key quote: “We need to move forward with a national standard on data privacy. The alternative– a patchwork of state laws– isn’t workable. In a patchwork, your privacy as a consumer wouldn’t be protected and your ability to do business would be impossible.

“On an even bigger level, the United States is the global leader in innovation, and we need to keep it that way. We shouldn’t let Europe dictate privacy regulation for the rest of the world.

“We must lead the world in establishing a regulatory framework that balances data privacy with the ability for our startups and small businesses to continue to innovate.”

Cathy’s remarks, as prepared for delivery:

A SINGLE NATIONAL STANDARD

Good morning. Thank you for inviting me to be with you, and thank you all for being here in DC to engage on the most important topics driving the 21st century economy.

I’m the Republican leader on the Energy and Commerce Subcommittee on Consumer Protection and Commerce. Now that’s a mouthful, but it has jurisdiction over nearly everything from self-driving cars, to the internet of things, to all the new technologies that are transforming our lives, and of course, privacy.

On privacy, we need to be forward-thinking and advance a solution that protects consumers and promotes innovation. That’s why, I’m leading on four principles for privacy legislation.

First, we need one national standard. I know this is a priority for the Digital Advertising Alliance, and I agree.

In a recent survey, 75 percent of respondents said privacy protections should be the same everywhere they go. That’s because the Internet knows no borders.

Online, a small business and advertiser in Spokane can just as easily reach customers in Illinois and New Jersey.  A patchwork of laws would create many burdens for you and your businesses. For example, what would it mean for someone in Washington state who buys something online from a small business in Oregon to ship to their family in Idaho?

This is a regulatory minefield that will force businesses to raise prices on their customers. Setting one national standard is common sense. It’s the right approach to give you certainty.

PROMOTING TRANSPARENCY

Second, the national standard needs to promote transparency and only target data practices that have caused harm. In its best uses, data has made it possible for grocery aisles to be organized based on how people shop.

By exchanging our data with Google, we receive free email and photo storage. Ridesharing services can analyze traffic patterns and real-time data on accidents to get you home safer and faster.

Heavy-handed regulations for all data will hold back innovation that saves us time, makes our roads safer and improves customer experiences. So, transparency is critical. There shouldn’t be any surprises so people can trust how their data is used and collected.

When unfair or deceptive practices are identified there should be enforcement, and there should be consequences strong enough to improve behavior.

DATA SECURITY

Third, we also need to improve data security practices. Perfect security doesn’t exist online, and companies are bombarded by hackers every second of every day. Criminals are even distributing malware through online advertising. Something I know this organization is working to combat.

Certain data is more valuable on the black market, which is why social security numbers, credit card data, and login credentials are always major targets for criminals.

Our goal must be to improve people’s awareness for one, how their information is being collected and used. Two, how companies are protecting it. And three, how people can protect it themselves.

Our focus should be on incentivizing innovative security solutions and certainty for companies who take reasonable steps to protect data. Otherwise, we risk proscriptive regulations that cannot be updated to keep up with the bad actors’ newest tactics.

SMALL BUSINESSES & STARTUPS

Finally, a national standard must be workable for small businesses and startups.

I’m concerned about what we are seeing under GDPR. Established bigger companies can navigate a complex and burdensome privacy regime. But millions of dollars in compliance costs aren’t doable for startups, small businesses, and advertisers. We have already seen this in Europe, where GDPR has actually helped increase the market shares of the largest tech companies, while forcing smaller companies offline with millions of dollars in compliance costs.

This has been especially costly to smaller ad-tech firms. These startups and small businesses could be innovating the next major breakthrough in self-driving technology, health care, customer service, and more. To keep America as the world’s leading innovator, we cannot afford to hold them back.

AD SUPPORTED INTERNET ECONOMY

The innovative services and content that have made the Internet so great have largely been supported by advertising based revenue.

This model has created enormous benefits for consumers and businesses alike. By utilizing ad-based revenue that your companies support, Internet users have access to free, enterprise level services and incredible content, regardless of their economic status. Everyone should have access to a range of free and subscription services online – banning ad-supported content or journalism hurts low-income families.

In order to preserve this incredible level of access to Internet services, we need to ensure that anything we do in Washington does not disrupt this ad based model.

GLOBAL COMPETITIVENESS

In short, like all of you, I believe we need to move forward with a national standard on data privacy. The alternative– a patchwork of state laws– isn’t workable. In a patchwork, your privacy as a consumer wouldn’t be protected and your ability to do business would be impossible.

On an even bigger level, the United States is the global leader in innovation, and we need to keep it that way. We shouldn’t let Europe dictate privacy regulation for the rest of the world.

We must lead the world in establishing a regulatory framework that balances data privacy with the ability for our startups and small businesses to continue to innovate.