WASHINGTON, D.C. – Eastern Washington Congresswoman Cathy McMorris Rodgers, lead Republican on the Energy and Commerce Subcommittee on Consumer Protection and Commerce, delivered remarks this morning highlighting four main principles for federal privacy legislation at a hearing titled, “Protecting Consumer Privacy in the Era of Big Data.

McMorris Rodgers Remarks as Delivered

Thank you Madam Chair, I would like to thank you for organizing this first hearing of the Congress on privacy and security. It really builds on important work that was done in the past by Chairman Walden and Latta in the last Congress, and then Chairman Upton and Burgess in the 114th Congress.

I’m hopeful that we can find a bipartisan path to move forward on a single American approach to privacy. One that is going to protect consumers and individual privacy, one that ensures that consumers continue to benefit from the amazing technology and innovation that has happened in recent years.

This morning, I’d like to lay out four principles as we approach this effort, one that supports free markets, consumer choice, innovation and small businesses—the backbone of our economy. We often celebrate small businesses in America.

Principle #1: One National Standard

The Constitution was crafted around the concept that one national marketplace would make America stronger in certain areas. It also recognizes the importance of intellectual property rights, free expression, and the rights of “We, the People” to be protected from the power of government.

The Internet knows no borders. It has revolutionized our nation’s economy by seamlessly connecting businesses and people across the country. Online, a small business in Spokane, Washington, can just as easily reach customers in Illinois and New Jersey as in Eastern Washington.

Distance is no longer a barrier. The Internet economy is interstate commerce and subject to federal jurisdiction. There is a strong groundswell of support for a federal privacy law that sets a national standard. Many recognize the burdens multiple state laws would create.

What would it mean for someone in Washington state who buys something online from a small business in Oregon to ship to their family in Idaho? This is a regulatory minefield that will force businesses to raise prices on their customers. Setting one national standard makes common sense, and it’s the right approach to give people certainty.

Principle #2: Transparency and Accountability

Companies must also be more transparent when explaining their practices. For example, we learned last week that Google included a microphone in their Nest device but failed to disclose it and Facebook is collecting very personal health information from apps — the Chair mentioned that.

Transparency is critical. When unfair or deceptive practices are identified there should be enforcement and there should be consequences strong enough to improve behavior.

Principle #3: Improving Data Security

Another area important to this debate is data security. Perfect security doesn’t exist online, and companies are bombarded by hackers every second of every day.

Certain data is more valuable on the black market, which is why social security numbers, credit card data, and login credentials are always major targets for criminals.

One goal must be to improve people’s awareness for one, how their information is being collected and used, and Two, how companies are protecting it, and how people can protect it themselves.

Our focus should be on incentivizing innovative security solutions and certainty for companies who take reasonable steps to protect data. Otherwise, we risk proscriptive regulations that cannot be updated to keep up with the bad actors’ newest tactics.

Principle #4: Small Businesses

We must not lose sight of small and medium-sized businesses and how heavy-handed laws and regulations can hurt them. Established bigger companies can navigate a complex and burdensome privacy regime.

But millions of dollars in compliance costs aren’t doable for startups and small businesses. We have already seen this in Europe, where GDPR has actually helped increase the market shares of the largest tech companies while forcing smaller companies offline with millions of dollars in compliance costs.

These startups and small businesses could be innovating the next major breakthrough in self-driving technology, health care, customer service, and so many other areas.

To keep America as the world’s leading innovator, we cannot afford to hold them back. Heavy-handed and overly cautious regulations for all data will stop innovation that makes our roads safer, health care more accessible, and customer service experiences better.

I’m glad our teams were able to work together on today’s hearing. This is a good step forward in finding a bipartisan solution for these critical issues.

As we move forward, I’m sure there’s going to be more hearings in the future to allow more small business owners, startups, and entrepreneurs to join the conversation.

I believe we have a unique opportunity here for a bipartisan solution that sets clear rules for the road on data privacy in America.

In its best use, data has made it possible for grocery store aisles to be organized based on how people shop. We need to explore data privacy and security with forward-thinking solutions, and I look forward to hearing from the witnesses and being a part of this discussion today.

# # #