Policy

Top House E&C Republicans query public for ideas on data privacy law

A request for information from GOP leaders on the House Energy and Commerce Committee is Congress’ latest attempt to push comprehensive data privacy standards.

By Derek B. Johnson

February 21, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Rep. Brett Guthrie, R-Ky., speaks during a press conference at the U.S. Capitol Building on July 11, 2023 in Washington, D.C. (Photo by Anna Moneymaker/Getty Images)

Republican leaders on a key House committee are canvassing the public for input on how best to move forward in Congress’ longstanding quest to tackle national data privacy and security standards.

House Energy and Commerce Committee Chair Brett Guthrie, R-Ky., and Vice Chair John Joyce, R-Pa.,issued a Request for Information on Friday that seeks guidance on how to best develop legislation to protect the digital data of Americans across an ever-widening range of essential services.

“Leadership in digital technologies, including artificial intelligence, underpins U.S. economic and national security, provides American consumers with access to lower cost goods and services, and enables small businesses to reach markets around the world,” Guthrie and Joyce said in a statement. “However, the challenge of providing clear digital protections for Americans is compounded by the fast pace of technological advancement and the complex web of state and federal data privacy and security laws, which in some cases create conflicting legal requirements.”

Both Guthrie and Joyce are part of a Republican committee working group on data privacy, and the request includes questions that could guide lawmakers as they eye potential legislation. They include how to account for different roles and services that collect personal data, when a company should disclose the collection, processing, or transfer of user data, and what lessons can be learned from existing privacy frameworks in other countries.

It also queries how a comprehensive data privacy law might coexist with other major privacy statutes, like the Health Insurance Portability and Accountability Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and the Children’s Online Privacy Protection Rule.

Guthrie and Joyce asked for responses from the public no later than April 7, sent to the email account PrivacyWorkingGroup@mail.house.gov.

The committee’s request marks the latest attempt in a decadeslong quest by Congress and data privacy advocates to set baseline digital privacy standards, something most other Western democracies already have in place.

There is often broad bipartisan agreement about the need to set coherent standards for industry and crack down on some of the most predatory ways companies collect and use customer data. However, the underlying political coalition pushing the idea has often crumbled under the weight of factional disputes and failed to pass anything like a comprehensive law.