Innovation, Data, and Commerce

With more Americans than ever using online apps and digital services, a stunning amount of information and personal data is being collected on you and potentially exploited by data brokers. Energy and Commerce is investigating how these companies are harvesting your data, selling or sharing it without your knowledge, and failing to keep it secure.  WHAT EXPERTS ARE SAYING: At an April 19 Oversight and Investigations Subcommittee hearing , Justin Sherman, a Duke University Senior Fellow and Research Lead for the Data Brokerage Project, outlined the risks and dangers of continuing to let data brokers exploit your data without consequence, saying:   “Data brokerage is a threat to Americans’ civil rights, consumers’ privacy and well-being, and U.S. national security. The entire data brokerage ecosystem—from companies whose entire business model is data brokerage, to the thousands of other apps, advertisers, tech giants, and companies that collect, buy, sell, and share Americans’ personal data—profits from unregulated surveillance of every American, particularly the most vulnerable.”   INFORMATION COLLECTED BY DATA BROKERS: The best way to change the status quo and restore Americans’ control of their personal information is through a comprehensive data privacy and security framework, which will:  Protect your sensitive information online—like GPS, health, and mobile phone data—from being transferred to data brokers and sold without your knowledge to another private entity or government agency.   Prevent data brokers from aggregating your personal online information and selling that information to an employer or bank, who could then weaponize it to prevent you from getting a job or buying a home.  Restore your control over your personal online information by giving you the power to demand data brokers delete all of the information they’ve collected and stop further collection.  Require greater transparency around data brokers whose sole purpose is to covertly take money off of your information.   WHY IT MATTERS:  You are the product driving data brokers’ bottom line — these companies are willing to violate your civil liberties to turn a profit. This was made clear at the height of the COVID-19 pandemic, when data brokers collected Americans’ location data and sold it to federal and local government entities, including government entities in California and Washington, D.C. , as well as to the Center for Disease Control and Prevention. The information was then weaponized to spy on people during lockdowns to see who was attending activities, like church services, in person.  BIG PICTURE: Next-generation technologies like artificial intelligence and virtual reality will further deepen our reliance on online services and increase the amount of information collected. Without proper guardrails, that information can easily be sold to data brokers. Robust guardrails and a national privacy and data security standard would help prevent your information from being exploited further by these new technologies.  DON’T MISS: Last week, a bipartisan group of Energy and Commerce Committee Leaders sent letters to several data broker firms calling on them to be transparent about their data collection practices, selling practices, and the risks posed for Americans. The letters follow the April 19 Oversight and Investigations Subcommittee hearing examining the role of data brokers in the digital economy.   From CNBC:   The letters ask whether the brokers consider any type of data to be off limits for them to buy or sell, what restrictions they put on data they share with third parties and how they verify the accuracy of the data they collect and distribute. Additional questions span from seeking to understand how much money the businesses make from selling data to how many sources they use to get that information.   Last month, the subcommittee on oversight and investigations held a hearing with expert witnesses to examine “the role of data brokers in the digital economy.” The letters indicate the committee remains focused on this slice of the tech industry as it looks to pass comprehensive privacy legislation. It also shows that Congress is focused on a broader swath of companies than just the massive players like Google and Facebook that attract so much scrutiny.   CLICK HERE to read more. 

Members press companies to answer what information is collected and where it is sold Washington, D.C. — House Energy and Commerce Committee Republicans, led by Chair Cathy McMorris Rodgers (R-WA) and Committee Democrats, led by Ranking Member Frank Pallone, Jr. (D-NJ), today wrote to the heads of data broker companies, requesting information to help the Committee protect Americans’ data from misuse. They were joined by Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-VA) and Ranking Member Kathy Castor (D-FL), Subcommittee on Innovation, Data and Commerce Chair Gus Bilirakis (R-FL) and Ranking Member Jan Schakowsky (D-IL), Subcommittee on Health Chair Brett Guthrie (R-KY) and Ranking Member Anna G. Eshoo (D-CA), and Subcommittee on Communications and Technology Chair Bob Latta (R-OH) and Ranking Member Doris Matsui (D-CA).  BACKGROUND:   The Subcommittee on Oversight and Investigations launched a bipartisan investigation at a hearing on April 19, 2023, titled “Who is Selling Your Data: A Critical Examination of the Role of Data Brokers in the Digital Economy.”  Data brokers purchase, collect, aggregate, license, sell, or otherwise share a wide range of information from Americans, including but not limited to demographic, location, and health data.  These companies profit from trading in Americans’ personal information, including sensitive information, often with little government oversight and in some cases, without any concern for how buyers use the consumer data that they purchase from brokers.  A recent study from Duke University found, for example, that “some data brokers are marketing highly sensitive data on individuals’ mental health conditions on the open market, with seemingly minimal vetting of customers and seemingly few controls on the use of purchased data.”  KEY EXCERPT:   “American privacy concerns in the data broker industry are not new, and existing laws do not sufficiently protect Americans’ data from misuse. In 2014, the FTC issued a report recommending that Congress require data brokers to increase transparency and give Americans more control of their data. However, data brokers can easily circumvent existing rules and laws regarding the collection and sharing of certain types of data, such as HIPAA.   “Enacting a comprehensive federal privacy law is a top priority for the Committee on Energy and Commerce. Currently, Americans do not have control over whether and where their personal data is sold and shared; they have no guaranteed way to access, delete, or correct their data; and, they have no ability to stop the unchecked collection of their sensitive personal information. According to the Electronic Privacy Information Center, the overcollection and secondary uses of personal data, including the sale to and use by data brokers, are inconsistent with the reasonable expectations of online consumers and may lead to discriminatory targeting that violates the privacy and autonomy of consumers.”  The leaders asked the companies for information pertinent to helping the Committee understand how data brokers purchase, collect, use, license, and sell Americans’ data, including:  What data elements do you possess on Americans and market to your clients?   In particular, do you possess any of the following:  Americans’ health data? If yes, what kind of health data?  Americans’ location data? If yes, what data elements?  Americans’ phone data, such as data on any apps downloaded on their mobile devices? If yes, what data elements?  Information revealing Americans’ purchase history? If yes, what data elements?  Information about children under the age of 13?  Information about children between the ages of 13 and 18?  Are there any categories of Americans’ personal information that you will not purchase, collect, aggregate, license, or sell and, if so, what categories are those?  When you license, sell, or otherwise share Americans’ personal information with your clients, do you require your clients to disclose the purpose(s) for which they will use the data?   If so, what do you do, if anything, to confirm they are using the data for the stated purpose(s)?  How much money did you spend in each of the past five years on purchasing or licensing Americans’ personal information?  What percentage of your annual revenue for each of the past five years was derived from selling or licensing Americans’ personal information?  How many clients did you sell or license Americans’ personal information to?  Does your company use the personal information of Americans that you purchase, collect, or aggregate to categorize people based on income, sex, age, race, or other categories?  What steps, if any, does your company take to protect data of users under eighteen?  When you become aware that you or your clients have transferred Americans’ personal information to a foreign adversary or a company beholden to a foreign adversary—currently defined by the Secretary of Commerce to include China, Russia, North Korea, Cuba, the Maduro regime in Venezuela, and Iran—do you notify the individual(s) whose personal information has been transferred or any U.S. government entity? If not, why not?  You can view the letters below:  Acxiom LLC AtData Babel Street   CoreLogic Solutions, LLC   Epsilon Data Management, LLC Equifax   Experian   Gravy Analytics, Inc. Intelius, LLC Kochava Inc. LiveRamp, Inc. Mylife   Oracle America, Inc.   PeopleConnect, Inc. Placer.ai   RELX Safegraph Inc. Spokeo, Inc.   Thomson Reuters   TransUnion   Verisk Analytics   Whitepages, Inc.

Energy and Commerce is leading on a federal data privacy and security law that strengthens Americans’ data protections and establishes the strongest safeguards for kids’ online data. As Chair Rodgers said in the latest hearing in our privacy series, a national standard is a foundational piece of protecting children online.   Our framework protects kids online and makes it tougher for their data to land in the hands of Big Tech and data brokers by :   Minimizing the data that is collected and retained on all Americans, including children Making it illegal to target advertising to children under 17 years old Treating all data on children under 17 as sensitive, meaning more robust protections for the collection and transfer of their personal information Requiring Big Tech to assess for how their algorithms harm children BIG PICTURE: Big Tech is manipulating, exploiting, and monetizing children.   Big Tech companies are collecting a stunning amount of data on everyone, including children—from physical and mental health, to their location, what they are buying, and what they are eating. To profit off children, these companies are using this data to build algorithms to keep kids hooked on their platforms.  These algorithms subject children to dangerous content and targeted advertisements that can lead to dangerous and life-threatening behaviors, like eating disorders and self-harm. The collection, retention, and sale of children’s data also exposes them to criminals, like drug dealers and sex traffickers, who have exploited features on these platforms—such as location sharing—to target children.  WHY IT MATTERS: Big Tech and data brokers are profiting from and manipulating children for nearly their entire adolescent lives. Half of American teens use the internet “almost constantly” and most kids have their own smartphones by age 11. The more time children spend on their screens, the more companies are able to collect, retain, share, and use data to build profiles on them. Teens and young adults who spend more time using social media report lower psychological well-being, lower life satisfaction, less happiness, more feelings of loneliness and isolation, and more depression.  The best and strongest way to ensure kids are safe online and prevent Big Tech from manipulating them is with a comprehensive national data privacy and security law.  DON’T MISS: Parents whose children have been harmed by Big Tech are raising the alarm to E&C. They’re calling on Congress to act so other parents don’t experience their pain. READ MORE .   In addition, child privacy protection advocates agree a national standard is a key way to protect kids online.  "ADPPA... provides the strongest possible safeguards for the online data of kids and teens. Establishing strong data privacy protections is a critical step toward making today's internet healthier and safer for young users... the kids' protections in [ADPPA]… are stronger than current federal law, stronger than California law, and stronger than when the bill was first introduced.” — Common Sense Media   ADPPA stands for the American Data Privacy and Protection Act, which passed the Energy and Commerce Committee last Congress with an overwhelming bipartisan vote. Committee members have participated in six data privacy hearings already this year and will be considering an updated data privacy and security standard.  RELATED:   WATCH Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) tell Big Tech CEOs that their platforms are her biggest fear as a parent.  CLICK HERE for more on why privacy experts are saying America needs a national data privacy standard. 

Members press companies to answer what information is collected and where it is sold Washington, D.C. — House Energy and Commerce Committee Republicans, led by Chair Cathy McMorris Rodgers (R-WA) and Committee Democrats, led by Ranking Member Frank Pallone, Jr. (D-NJ), today wrote to the heads of data broker companies, requesting information to help the Committee protect Americans’ data from misuse. They were joined by Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-VA) and Ranking Member Kathy Castor (D-FL), Subcommittee on Innovation, Data and Commerce Chair Gus Bilirakis (R-FL) and Ranking Member Jan Schakowsky (D-IL), Subcommittee on Health Chair Brett Guthrie (R-KY) and Ranking Member Anna G. Eshoo (D-CA), and Subcommittee on Communications and Technology Chair Bob Latta (R-OH) and Ranking Member Doris Matsui (D-CA).  BACKGROUND:   The Subcommittee on Oversight and Investigations launched a bipartisan investigation at a hearing on April 19, 2023, titled “Who is Selling Your Data: A Critical Examination of the Role of Data Brokers in the Digital Economy.”  Data brokers purchase, collect, aggregate, license, sell, or otherwise share a wide range of information from Americans, including but not limited to demographic, location, and health data.  These companies profit from trading in Americans’ personal information, including sensitive information, often with little government oversight and in some cases, without any concern for how buyers use the consumer data that they purchase from brokers.  A recent study from Duke University found, for example, that “some data brokers are marketing highly sensitive data on individuals’ mental health conditions on the open market, with seemingly minimal vetting of customers and seemingly few controls on the use of purchased data.”  KEY EXCERPT:   “American privacy concerns in the data broker industry are not new, and existing laws do not sufficiently protect Americans’ data from misuse. In 2014, the FTC issued a report recommending that Congress require data brokers to increase transparency and give Americans more control of their data. However, data brokers can easily circumvent existing rules and laws regarding the collection and sharing of certain types of data, such as HIPAA.   “Enacting a comprehensive federal privacy law is a top priority for the Committee on Energy and Commerce. Currently, Americans do not have control over whether and where their personal data is sold and shared; they have no guaranteed way to access, delete, or correct their data; and, they have no ability to stop the unchecked collection of their sensitive personal information. According to the Electronic Privacy Information Center, the overcollection and secondary uses of personal data, including the sale to and use by data brokers, are inconsistent with the reasonable expectations of online consumers and may lead to discriminatory targeting that violates the privacy and autonomy of consumers.”  The leaders asked the companies for information pertinent to helping the Committee understand how data brokers purchase, collect, use, license, and sell Americans’ data, including:  What data elements do you possess on Americans and market to your clients?   In particular, do you possess any of the following:  Americans’ health data? If yes, what kind of health data?  Americans’ location data? If yes, what data elements?  Americans’ phone data, such as data on any apps downloaded on their mobile devices? If yes, what data elements?  Information revealing Americans’ purchase history? If yes, what data elements?  Information about children under the age of 13?  Information about children between the ages of 13 and 18?  Are there any categories of Americans’ personal information that you will not purchase, collect, aggregate, license, or sell and, if so, what categories are those?  When you license, sell, or otherwise share Americans’ personal information with your clients, do you require your clients to disclose the purpose(s) for which they will use the data?   If so, what do you do, if anything, to confirm they are using the data for the stated purpose(s)?  How much money did you spend in each of the past five years on purchasing or licensing Americans’ personal information?  What percentage of your annual revenue for each of the past five years was derived from selling or licensing Americans’ personal information?  How many clients did you sell or license Americans’ personal information to?  Does your company use the personal information of Americans that you purchase, collect, or aggregate to categorize people based on income, sex, age, race, or other categories?  What steps, if any, does your company take to protect data of users under eighteen?  When you become aware that you or your clients have transferred Americans’ personal information to a foreign adversary or a company beholden to a foreign adversary—currently defined by the Secretary of Commerce to include China, Russia, North Korea, Cuba, the Maduro regime in Venezuela, and Iran—do you notify the individual(s) whose personal information has been transferred or any U.S. government entity? If not, why not?  You can view the letters below:  Acxiom LLC AtData Babel Street   CoreLogic Solutions, LLC   Epsilon Data Management, LLC Equifax   Experian   Gravy Analytics, Inc. Intelius, LLC Kochava Inc. LiveRamp, Inc. Mylife   Oracle America, Inc.   PeopleConnect, Inc. Placer.ai   RELX Safegraph Inc. Spokeo, Inc.   Thomson Reuters   TransUnion   Verisk Analytics   Whitepages, Inc.

Washington, D.C. — House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA), Subcommittee on Innovation, Data, and Commerce Chair Gus Bilirakis (R-FL), and Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-VA) today requested a full accounting from Secretary of Commerce Gina Raimondo of funding from the CHIPS and Science Act.  The letter follows an Oversight and Investigations Subcommittee hearing at which the Department of Commerce Inspector General Peggy Gustafon provided the following testimony :  "The increased funding may also increase the volume and complexity of financial transactions, thus making it more difficult to detect and prevent payment errors, fraud, waste, and abuse. The increase in funding may require additional monitoring and reporting to ensure project recipients comply with statutes, achieve intended outcomes, and use funds efficiently. Finally, the increased funding may introduce new or emerging risks that must be identified and addressed in a timely fashion." KEY COMMITTEE LETTER EXCERPT:   “Over the past two years, under one-party Democratic rule, Congress and the Biden administration have spent trillions of dollars across the federal government. Beginning with the American Rescue Plan Act and most recently with the so-called Inflation Reduction Act, Democrats have funneled an excessive amount of taxpayer dollars to advance their radical, progressive agenda and to benefit their political allies. The CHIPS and Science Act granted the Department of Commerce (the Department) control of $50 billion to spend on semiconductor activities, including $39 billion in manufacturing incentives. The American people deserve a full, transparent, and regular accounting of the funds that have been spent, where the funds have gone and for what purpose, who has benefited, and how much remains." The Chairs requested monthly reports beginning on no later than April 18, 2023.  CLICK HERE to read the full letter.

Washington, D.C. — House Energy and Commerce Committee Chair Cathy Rodgers (R-WA), Subcommittee on Communications and Technology Chair Bob Latta (R-OH), Subcommittee on Health Chair Brett Guthrie (R-KY), Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-VA), Subcommittee on Innovation, Data, and Commerce Chair Gus Bilirakis (R-FL), Subcommittee on Environment, Manufacturing, and Critical Materials Chair Bill Johnson (R-OH), and Subcommittee on Energy, Climate, and Grid Security Jeff Duncan (R-SC) wrote to the heads of the Department of Energy, Department of Health and Human Services (HHS), Environmental Protection Agency (EPA), and Department of Commerce laying out expectations for intergovernmental cooperation regarding oversight. As Chair Rodgers said in the full committee markup of Energy and Commerce’s Authorization and Oversight Plan for the 118th Congress, “We have a responsibility to conduct oversight to get answers on behalf of those we serve and to ensure accountability so the government is responsive to the American people.” The members outline the below seven principles for each agency or department to comply with Congressional requests and provide answers the American people deserve. 1. For all requests or questions, please reproduce the requests or questions presented in a written letter with the department or agency response. 2. In the spirit of comity and inter-branch accommodation, your department or agency should endeavor to cooperate as much as possible with committee oversight requests. If your department or agency has determined it will not voluntarily cooperate with the requests, please provide electronic written notice within two business days specifying which requests you are declining to cooperate with and the stated reasons for voluntary noncooperation. 3. Your department or agency should make a determination on whether certain requests cannot be fulfilled as presented. Provide electronic written notice within one business week of receipt of the request about such determinations, stating the reasons why. If there is an alternative approach that could address the Committee’s request, then such an alternative approach should be suggested in the interests of comity and inter-branch accommodation. 4. If the department or agency needs clarification about a Committee request, your staff should make good faith efforts to contact Committee staff for assistance as soon as possible. 5. We expect your department or agency to provide a written response to our oversight requests within two weeks of receipt of the letter. If the department or agency needs additional time to respond to Committee requests, your staff should make good faith efforts to contact Committee staff for assistance as soon as possible. 6. If your department or agency has determined that certain requested documents cannot be produced pursuant to a privilege or other legal basis, your department or agency should submit an index of the withheld documents and the privilege asserted within two business weeks of receipt of the request letter. 7. If your department has determined that a requested witness cannot be made available pursuant to a privilege or other legal basis, your department or agency should submit in writing an explanation of the privilege or other legal basis asserted within two business weeks of receipt of the request letter. CLICK HERE to view the letter to Energy Secretary Jennifer Granholm. CLICK HERE to view the letter to HHS Secretary Xavier Becerra. CLICK HERE to view the letter to EPA Administrator Michael Regan. CLICK HERE to view the letter to Commerce Secretary Gina Raimondo.