October 29, 2019


LETTER: Ahead of Hearing, TechNet Urges Senate Commerce Committee to Act on Privacy

October 29, 2019

The Honorable Roger Wicker
Senate Committee on Commerce, Science, and Transportation
555 Dirksen Senate Office Building
Washington, D.C. 20510

The Honorable Maria Cantwell
Ranking Member
Senate Committee on Commerce, Science, and Transportation
511 Hart Senate Office Building
Washington, D.C. 20510

Dear Chairman Wicker, Ranking Member Cantwell, and Distinguished Members of the Senate Committee on Commerce, Science, and Transportation:

We are encouraged that the committee will hold a hearing on federal privacy legislation in November.

Throughout 2019, the urgent need for Congress to pass federal privacy legislation has only strengthened because:

  • The California Consumer Privacy Act (CCPA) will take effect on January 1, which is just two short months away;
  • An even more restrictive privacy amendment to California’s constitution has been proposed for the November 2020 ballot;
  • The California Attorney General’s rules of enforcement have not been finalized;
  • The chances of having an unworkable patchwork of state laws keeps growing as 25 states attempted to pass their own privacy laws this year, and many of them will try again in 2020; and
  • European regulators are expected to issue their first fines under the General Data Protection Regulation (GDPR) later this year.

New studies published this year have begun to show the harmful economic impact of both California’s privacy law and GDPR, making clear why these policies as they stand today should not serve as models for the entire U.S. and why Congress should forge a different path forward.

According to a study prepared for California’s Attorney General titled, “Standardized Regulatory Impact Assessment: California Consumer Privacy Act of 2018 Regulations:”

  • “The total cost of initial compliance with the CCPA, which constitutes the vast majority of compliance efforts, is approximately $55 billion.  This is equivalent to approximately 1.8% of California Gross State Product in 2018.”
  • “Our preliminary estimate of direct compliance costs is estimated to be $467-$16,454 million over the next decade (2020-30), depending on the number of California businesses coming into compliance.
  • “Small firms are likely to face a disproportionately higher share of compliance costs relative to larger enterprises.  Conventional wisdom may suggest that stronger privacy regulations will adversely impact large technology firms that derive the majority of their revenue from personal data, however evidence from the EU suggests the opposite may be true.  Over a year after the introduction of the GDPR, concerns regarding its impact on larger firms appear to have been overstated, while many smaller firms have struggled to meet compliance costs.”
  • “For firms that operate within the state of California, the regulation will provide a competitive disadvantage relative to firms that operate only outside of the state.  This is purely a reflection of compliance costs as firms that are subject to the regulation will face higher costs than those that are not.  The most affected firms are those that have over $25 million in revenue that have competitors of a similar size operating only outside of California.”

In the one-and-a-half years since GDPR took effect, we know the following:

  • GDPR has had a chilling effect on innovation related to artificial intelligence (AI).  One report says GDPR “inhibits the development and use of AI in Europe,” which puts companies in the EU “at a competitive disadvantage against their global competitors.”
  • Since GDPR took effect, academic research estimates that startup investments in European companies have dropped 40 percent.
  • New businesses in the U.S. already spend an average of $83,000 navigating regulations in their first year of operation, but that pales in comparison to the $3 million the average firm of 500 employees must spend to ensure they are compliant with GDPR.

Congress should pass federal privacy legislation that promotes interoperability with existing frameworks, while avoiding the costly mistakes of California and Europe.  In doing so, we can ensure that consumers’ privacy and security are protected while enabling U.S. businesses to continue innovating and providing consumers with the experiences they have come to rely upon.

As the committee prepares for its November hearing on federal privacy legislation, please do not hesitate to reach out if TechNet can be a resource.  TechNet’s federal privacy principles (attached separately to this email and readable online here) continue to provide Congress with a viable path forward to set uniform standards that keep consumers first, enhance compliance by businesses, promote even-handed enforcement, and foster innovation, particularly by small businesses and startups.  We look forward to working with you to ensure that America remains a launchpad for cutting-edge innovation.


Linda Moore
TechNet President and CEO

805 15th Street,  NW Suite 708 Washington, DC 20005
(202) 650-5100
Privacy Policy