WASHINGTON – U.S. Senator Amy Klobuchar (D-MN), Ranking Member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, delivered the following opening statement at the subcommittee hearing titled “Protecting the Virtual You: Safeguarding Americans' Online Data.”
Testifying at the hearing was Alan Butler, Executive Director and President of the Electronic Privacy Information Center; Samuel Levine, Senior Fellow at the UC Berkeley Center for Consumer Law & Economic Justice; Kate Goodloe, Managing Director at the Business Software Alliance; Paul Martino, General Counsel at the Main Street Privacy Coalition; and Joel Thayer, President of the Digital Progress Institute.
A rough transcript of Klobuchar’s full opening statement is available below and a video can be downloaded here.
Senator Klobuchar: Well. Thank you very much, Chair Blackburn, and thank you to all of our witnesses, and I'm really grateful for your leadership on these issues, Madam Chair, and your willingness to work with me and Senator Blumenthal and many others.
We all know new technologies have made it easier for people to monitor their health, collaborate with colleagues, communicate with loved ones, and more. But federal law doesn't do enough, as we all know, to address the privacy that comes with these innovations, the privacy concerns.
Technology companies collect an enormous amount of personal information about our daily lives. They know what we buy, who our friends are, where we live, where we work and travel, even how much we would be willing to pay for something. Yet, for too long, the big tech companies, many of which dominate the market that they operate in, have been telling American consumers, “Just trust us,” even though their business models are designed to collect personal information and to use it for profit.
The bottom line is that we are the product, we are, and that's how many tech companies make their money, and a lot of it. In 2024, Google and Meta earned a combined $420 billion in advertising revenues alone. And they made a lot more money because Americans lack privacy protections. An American’s data earned Meta $68 in a single quarter last year. Think about that, all these people who don't realize that they're being tracked. But a European Facebook user with a comprehensive privacy protection only generated $23, and that money can be used for a lot of other things that people need right now.
And it seems like every day we hear a new story about companies playing fast and loose with data and taking advantage of customers. Earlier this year, a whistleblower from Facebook, now Meta, testified to another subcommittee about how the company would track users so closely that it could identify when teenage girls felt emotionally vulnerable and then target them with ads exploiting these emotions. For example, when a teenage girl would delete a selfie, Facebook might serve her an ad for diet products.
Criminals also view huge troves of data as attractive targets for hacking. We've seen major data breaches ranging from the 2017 Equifax database breach that exposed sensitive financial information from more than 140 million individuals to the hack of Change Healthcare, affecting 190 million people and causing more than 100 electronic systems vital to the U.S. health care system to be shut down.
On my way here, I was on the phone with the mayor of St. Paul, Minnesota, because they, like so many other jurisdictions, are responding to a targeted cyber-attack on their IT infrastructure, which has shut down some of the city's digital services and may have compromised city employee data.
Once in the hands of criminals, data can be used for everything from identity theft to more serious crimes. And we all learned too tragically with the horrific murders in my state of my good friend Melissa Hortman, the former Speaker of the House, and her husband Mark how accessible personal data is, including people's addresses, because the murderer only killed the people and went to the houses of the people whose addresses he had.
Businesses are also using personal data collected across the internet in novel ways, such as to set individualized prices designed to increase costs for consumers.
Should a person, and this is a question we have to ask as Senators, really have to submit to this kind of intrusive data collection just to send a message to a friend online, to book a flight, or to order some diapers? I don't think so.
That's why more than 20 states have stepped in. I suspect today we'll hear from some of our witnesses about the patchwork of state laws. I agree it's a problem, but I believe we should have passed privacy legislation many, many years ago. I advocated for it back then. We tried, and in fact, in [2024], I [worked on] a comprehensive privacy bill with Senator Cantwell and Kathy McMorris Rogers, a former Republican House member. The bill would have required companies to collect only the information necessary to provide the goods and services that consumers sought, ensured consumers consented before their personal data was shared with third parties, and put consumers in control of their data by allowing them to access, correct, and even delete personal data.
But many of the businesses that today complain about the burden of complying with the patchwork of state laws, I have the advantage of having been there then, even before Maria Cantwell's bill was introduced, when the companies were lobbying against a federal privacy law, and now they're back complaining about the patchwork of laws. And I would like to change that, but I do think it's important to know that's why we're in the position that we are and to understand why some of these states are looking at this going, “Wait a minute.”
The need for federal privacy reform is even more urgent as AI continues to expand its role in to our lives. Data is both the gasoline and the engine for AI models. That means that demand for our data is skyrocketing, so it is critical that we set guardrails to ensure the data that powers AI is responsibly sourced and used for legitimate means and protected when you want to have it protected.
Luckily, there is a bipartisan agreement that Congress needs to act. The Commerce Committee, on which Chair Blackburn and I also sit, has seen strong bipartisan, bicameral proposals for federal privacy reform. Not everyone agrees with all of them, but there has been some start out of that committee, and I look forward to hearing from our witnesses about why we need these guardrails now.
Thank you, Senator Blackburn.
###