Statement for the Record
Thomas A. Schatz
President
Council for Citizens Against Government Waste
Before the
House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade
U.S. House of Representatives
June 3, 2026
Examining Legislation To Establish A Federal Comprehensive Privacy and Data Security
Law
Mr. Chairman and members of the committee, my name is Thomas A. Schatz, and I am the president of the Council for Citizens Against Government Waste (CCAGW). I appreciate the opportunity to provide testimony for the record for the June 3, 2026, hearing, “Examining Legislation To Establish A Federal Comprehensive Privacy and Data Security Law.”
CCAGW is a private, nonpartisan, nonprofit organization representing more than one million members and supporters nationwide. Founded in 1984, CCAGW is the lobbying arm of Citizens Against Government Waste (CAGW), which was established to follow up on the implementation of the recommendations of President Ronald Reagan’s Private Sector Survey on Cost Control, also known as the Grace Commission, to eliminate waste, fraud, abuse, mismanagement and inefficiency in government.
As the subcommittee considers data privacy legislation, CCAGW encourages members to support the SECURE Data Act and move it through the subcommittee as introduced. The bill in its current form meets all the criteria for a comprehensive data privacy framework at the national level, providing much needed certainty and consistency for consumers and the companies that hold their information. The legislation is thorough in its protection of consumer rights, while also co-opting the best examples from the states, allowing the bill to preempt state laws without exceptions.
CCAGW has been promoting policies related to privacy since 2001, and beginning in 2016, began calling for a comprehensive national consumer data privacy framework to be enacted.
Data privacy is something that most people want but then do not pay attention to until their information is compromised. During the 117th Congress the House of Representatives considered but did not pass legislation that would have provided a national framework for consumers and businesses on how data should be protected. H.R. 8152, the American Data Privacy and Protection Act (ADPPA), would have created a single set of federal rules.[1] However, that legislation was not without its flaws.
CCAGW’s July 19, 2022, letter to the House Energy and Commerce Committee was critical of the bill’s exemptions from preemption of several existing state laws, the inclusion of a private right of action, and an expansion of the Federal Trade Commission’s authority, considering that agency’s abandonment of the consumer welfare standard during the last administration and its abject disregard for the economic impact of its proceedings on privacy, non-disclosure agreements, and merger applications[2]
CCAGW had hoped that the 118th Congress would renew the effort to enact a data privacy bill but following hearings before the House Energy and Commerce Subcommittee on Innovation, Data, and Commerce on March 1, 2023, and on April 27, 2023, to discuss data privacy, a comprehensive consumer data privacy bill like ADPPA was not introduced before Congress adjourned.[3]
The creation of the House Data Privacy Working Group in the 119th Congress led to the April 23, 2026, introduction of H.R. 8413, the SECURE Data Act, by House Energy and Commerce Vice Chairman John Joyce (R-Pa.), who leads the Data Privacy Working Group.[4]
The SECURE Data Act includes provisions that have been previously adopted by states like Colorado, Connecticut, Kentucky and Virginia rather than states that have more restrictive and burdensome requirements. Currently, there are 21 states that have comprehensive data privacy laws, with another bill in Louisiana waiting for Gov. Jeff Landry’s signature.
The pre-emption provision of H.R. 8413 makes federal law supersede state laws, eliminating the patchwork of state laws that could cost businesses up to $1 trillion over 10 years and continue to cause confusion for consumers.[5] H.R. 8413 also does not include a private right of action, leaving enforcement of the bill to the Federal Trade Commission and the state attorneys general and saving taxpayers and businesses from endless and potentially frivolous litigation.
H.R. 8413 also includes several provisions from the six principles for date privacy submitted by CAGW in 2018 to the National Telecommunications and Information Administration: 1) A National Privacy Framework; 2) Consumer Choice and Control; 3) Transparency; 4) Data Minimization and Contextuality; 5) Flexibility; and 6) Data Security and Breach Notification.[6] In addition, many of the core provisions of the bill have already been enacted by state legislatures across the country as noted in a May 15, 2026 ITIF article, including de-identified and public data; consumer choice for data use; consumer data rights; protection from automated decisions; reasonable data security; general notice and transparency; data minimization; purpose limitation; no private lawsuits; and opportunity to cure.[7]
CCAGW urges the subcommittee to adopt the SECURE Data Act as currently written and introduced and reject efforts to undo the national framework like eliminating state law pre-emption and adding a private right of action. The bill provides strong protections of consumer data privacy. H.R. 8413 would eliminate confusion and provide a standard that consumers and the companies that hold their information can rely on regardless of where they live or work. For these reasons, I strongly urge your support for this bill.
[1] American Data Privacy and Protection Act, H.R. 8152, 117th Congress, Second Session (2022), https://www.congress.gov/bill/117th-congress/house-bill/8152.
[2] Council for Citizens Against Government Waste, “Letter to House Energy and Commerce Committee Regrading H.R. 8152, the American Data Privacy and Protection Act,” July 19, 2022, https://ccagw.org/legislative-affairs/ccagw-sends-letter-to-house-energy-and-commerce-committee-regarding-h-r-8152-the-american-data-privacy-and-protection-act/.
[3] House Committee on Energy and Commerce, “Innovation, Data, and Commerce Subcommittee Hearing: “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy,” March 1, 2023, https://energycommerce.house.gov/events/innovation-data-and-commerce-subcommittee-hearing-promoting-u-s-innovation-and-individual-liberty-through-a-national-standard-for-data-privacy; “Innovation, Data, and Commerce Subcommittee Hearing: “Addressing America’s Data Privacy Shortfalls: How a National Standard Fills Gaps to Protect Americans’ Personal Information,” https://energycommerce.house.gov/events/innovation-data-and-commerce-subcommittee-hearing-addressing-america-s-data-privacy-shortfalls-how-a-national-standard-fills-gaps-to-protect-americans-personal-information.
[4] SECURE Data Act, H.R. 8413, 119th Congress, Second Session (2026), https://www.congress.gov/bill/119th-congress/house-bill/8413.
[5] Daniel Castro, Luke Dascoli, Gillian Diebold, “The Looming Cost of a Patchwork of State Privacy Laws,” Information Technology & Innovation Foundation (ITIF), January 24, 2022, https://itif.org/publications/2022/01/24/looming-cost-patchwork-state-privacy-laws/.
[6] Thomas Schatz, “Comments to NTIA on Developing the Administration’s Approach to Consumer Privacy,” Citizens Against Government Waste, November 8, 2018, https://ccagw.org/comments-to-ntia-on-developing-the-administrations-approach-to-consumer-privacy/.
[7] Ash Johnson, “ State Privacy Laws Show the SECURE Data Act’s Merits and Political Appeal,” ITIF, May 15, 2026, https://itif.org/publications/2026/05/15/state-privacy-laws-show-the-secure-data-acts-merits-and-political-appeal.