The Subcommittee on Privacy Technology and the Law met for a hearing titled "Protecting the Virtual You, Safeguarding Americans' Online Data," with Chairwoman Marsha Blackburn and Ranking Member Amy Klobuchar opening the session and calling for federal action on data privacy.

Chairwoman Marsha Blackburn framed the hearing around how individuals "preserve their privacy and their personal data in the virtual space" and said a national standard should "prioritize transparency, minimize data collection, and provide meaningful consent, not just a box to check." Ranking Member Amy Klobuchar said "for too long, the big tech companies...have been telling American consumers, just trust us," adding bluntly, "the bottom line is that we are the product."

Witnesses from business groups, privacy nonprofits and academia largely told the subcommittee that a federal law is needed but differed on particulars. Kate Goodlow, managing director at the Business Software Alliance, said "The United States needs a strong, clear, comprehensive consumer privacy law" and urged preserving the controller/processor distinction used in many state laws. Joel Thayer, president of the Digital Progress Institute, warned against overly broad federal rules that could entrench incumbents and recommended targeted, enforceable solutions. Alan Butler of the Electronic Privacy Information Center and Sam Levine of the Berkeley Center emphasized stronger protections and enforcement, with Levine describing harms from personalized pricing and from profiling that threaten economic fairness and democratic freedoms.

Committee members and witnesses highlighted several recurring themes: (1) the current 20-state patchwork creates inconsistent protections for consumers and compliance burdens for businesses; (2) many state laws share common elements — consumer rights to access, delete and correct data and distinctions between controllers and processors; (3) debate remains over preemption (whether a federal law should preempt stronger state laws) and the scope of private rights of action; and (4) accelerating technologies including AI and data brokers present new risks that a federal law should address.

Senators also raised practical harms and recent incidents: Klobuchar cited large data breaches (Equifax, Change Healthcare) and a targeted cyberattack on Saint Paul, Minnesota, while Senator Adam Schiff noted California’s upcoming centralized delete capability for consumers and asked about federal actions that could undermine state protections. The hearing record will remain open for one week for members to submit additional questions and materials.

The subcommittee did not take formal votes. The hearing provided a record of witness views and senator questions that will inform bill drafting and follow-up review by committee staff.