A monthly roundup of federal data privacy and security policy and regulatory news

Welcome back to Holland & Knight's monthly data privacy and security news update that includes the latest in policy, regulatory updates and other significant developments. If you see anything in this report that you would like additional information on, please reach out to authors or members of Holland & Knight's Data Strategy, Security & Privacy Team

LEGISLATIVE UPDATES

End-of-Year Sprint

With an appropriations fight punted to the new year, lawmakers will likely spend the remainder of 2023 devoting attention to passing the National Defense Authorization Act (NDAA) and considering a potential supplemental appropriations bill to provide national security aid for Israel, Ukraine, Taiwan and the U.S. border. 

Kids' Privacy Bills Stalled in Senate

Early November, Senate Committee on Commerce Chair Maria Cantwell (D-Wash.) announced plans to "hotline" privacy legislation in the Senate. Hotlining refers to a procedure in which a senator may expedite passage of a bill through unanimous consent. Any senator with concerns must object to the hotline and identify their concerns by providing an opportunity to resolve such concerns for the bill to move forward. She planned to hotline the following bills: 

  • Children and Teens Online Privacy Protection Act 2.0 (COPPA 2.0): Sponsored by Sens. Ed Markey (D-Mass.) and Bill Cassidy (R-La.), the bill would reform COPPA to prohibit online companies from collecting personal information from users who are 13 to 16 years old without their consent and ban targeted advertising to children and teens.
  • Kids Online Safety Act (KOSA): Sponsored by Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.), the bill would impose a duty of care for digital services to prevent harm to younger users.

The Senate Commerce Committee favorably reported both bills in July 2023 during a markup. However, Cantwell postponed hotlining the bills in an effort to address remaining objections to KOSA regarding privacy and censorship concerns. The delay comes as public pressure to move the bill continues to mount. Most recently, a coalition of 200 kids' online safety advocates – which includes Common Sense Media, the American Psychological Association, Accountable Tech and the Eating Disorder Foundation – sent a letter to Senate Majority Leader Chuck Schumer (D-N.Y.) and Minority Leader Mitch McConnell (R-Ky.), calling on them to move the KOSA, "as well as strong privacy protections for kids and teens online, to the U.S. Senate floor for a vote by the end of the year."

It is unlikely, however, that a vote on COPPA 2.0 and KOSA would occur before the end of the year. Last year, both bills made it out of committee before ultimately failing to secure floor time for a vote.

Whistleblower Testimony Fans Flames for Kids' Online Safety Legislation

On Nov. 7, 2023, the Senate Committee on the Judiciary's Subcommittee on Privacy, Technology, and the Law held a hearing, "Social Media and the Teen Mental Health Crisis." In the hearing, Facebook's former director of engineering for protect and care testified to how social media algorithms push content to teens that promote bullying, drug abuse, eating disorders and self-harm. The need for stronger privacy parental controls and increased transparency as companies profit from children's data was a core tenet of the whistleblower's testimony. 

During the hearing, Senate Majority Whip and Judiciary Committee Chair Dick Durbin (D-Ill.) stated: "In the Senate Judiciary Committee, after some graphic hearings where parents and victims came forward and told us what had happened to them online, we decided to take action. We passed six bills related to this issue – child sexual abuse and similar issues. ... Six bills waiting for a day on the calendar. Six bills waiting for a national debate. ... They put real teeth in enforcement too and I think that is why they have gone nowhere. Big Tech is the big kid on the block when it comes to this issue and many other issues before us. That's the reality."

Soon after that hearing, the Judiciary Committee announced another hearing scheduled for Jan. 31, 2024, on child online exploitation in which the CEOs of five major social media companies will testify.

Sen. Wyden to Oppose Confirmation of New NSA/Cyber Command Leader

On Nov. 30, 2023, Sen. Ron Wyden (D-Ore.) announced he will place a hold on the nomination of Lt. Gen. Timothy Haugh as leader of the National Security Agency (NSA) and U.S. Cyber Command, citing complaints that defense and intelligence officials have refused to make public information received in 2021 about the NSA purchasing and using location data collected on Americans. He has vowed to block the confirmation until the NSA discloses whether it is buying Americans' location data web browsing records. He stated in a statement placed in the Congressional Record: "The American people have a right to know whether the NSA is conducting warrantless domestic surveillance of Americans in a manner that circumvents the Fourth Amendment to the Constitution. Particularly as Congress is currently debating extending Section 702 of the Foreign Intelligence Surveillance Act, Congress must be able to have an informed public debate about the scope of the NSA's warrantless surveillance of Americans." Haugh's nomination has enjoyed broad support, but with the hold, Gen. Paul Nakasone, the current head of the NSA and Cyber Command, will continue to serve with his term past due.

This hold comes as Congress considers the NDAA, which includes a short-term extension through April 19, 2024, of Section 702 of the Foreign Intelligence Surveillance Act (FISA), a controversial tool that allows the government to collect data from foreigners abroad. The authority was set to expire at the end of 2023. On Dec. 8, 2023, Wyden voted against a procedural vote on the NDAA in opposition to the Section 702 reauthorization.

Sen. Cortez Masto Reintroduces Three Privacy Bills

On Nov. 16, 2023, Sen. Catherine Cortez Masto (D-Nev.) reintroduced three privacy bills, including:

  1. The DATA Privacy Act is a comprehensive privacy bill that aims to strengthen protections for American online consumers while ensuring large corporations implement data security and privacy protections. Specifically, the bill would require businesses to provide users with an easily accessible opt-out method for personal data collection or sharing.
  2. The Promoting Digital Privacy Technologies Act, which is also sponsored by Sen. Deb Fischer (R-Neb.), would require the National Science Foundation (NSF) to support research into privacy enhancing technologies (PET). The bill also requires the National Institute of Standards and Technology (NIST) to work with academic, public and private sectors to establish standards for the integration of PET into business and government.
  3. The Internet Application I.D. Act aims to improve Americans' digital security by requiring operators of internet websites and mobile applications to disclose if the applications being used by consumers have been developed or store data within China or are under the control of the Chinese Communist Party.

The path forward for these bills is unclear, given that they have failed to receive enough bipartisan support in past years to advance. Nevertheless, Holland & Knight will monitor these bills in 2024, as some of the bills' provisions could be included in other legislation.

To view the full article click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.