[House Hearing, 113 Congress] [From the U.S. Government Publishing Office] CROSS-BORDER DATA FLOWS: COULD FOREIGN PROTECTIONISM HURT U.S. JOBS? ======================================================================= HEARING BEFORE THE SUBCOMMITTEE ON COMMERCE, MANUFACTURING, AND TRADE OF THE COMMITTEE ON ENERGY AND COMMERCE HOUSE OF REPRESENTATIVES ONE HUNDRED THIRTEENTH CONGRESS SECOND SESSION __________ SEPTEMBER 17, 2014 __________ Serial No. 113-176 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Printed for the use of the Committee on Energy and Commerce energycommerce.house.gov ______________________ U.S. GOVERNMENT PUBLISHING OFFICE 95-852 PDF WASHINGTON : 2015 _________________________________________________________________________________ For sale by the Superintendent of Documents, U.S. Government Publishing Office, Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800 Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001 COMMITTEE ON ENERGY AND COMMERCE FRED UPTON, Michigan Chairman RALPH M. HALL, Texas HENRY A. WAXMAN, California JOE BARTON, Texas Ranking Member Chairman Emeritus JOHN D. DINGELL, Michigan ED WHITFIELD, Kentucky FRANK PALLONE, Jr., New Jersey JOHN SHIMKUS, Illinois BOBBY L. RUSH, Illinois JOSEPH R. PITTS, Pennsylvania ANNA G. ESHOO, California GREG WALDEN, Oregon ELIOT L. ENGEL, New York LEE TERRY, Nebraska GENE GREEN, Texas MIKE ROGERS, Michigan DIANA DeGETTE, Colorado TIM MURPHY, Pennsylvania LOIS CAPPS, California MICHAEL C. BURGESS, Texas MICHAEL F. DOYLE, Pennsylvania MARSHA BLACKBURN, Tennessee JANICE D. SCHAKOWSKY, Illinois Vice Chairman JIM MATHESON, Utah PHIL GINGREY, Georgia G.K. BUTTERFIELD, North Carolina STEVE SCALISE, Louisiana JOHN BARROW, Georgia ROBERT E. LATTA, Ohio DORIS O. MATSUI, California CATHY McMORRIS RODGERS, Washington DONNA M. CHRISTENSEN, Virgin GREGG HARPER, Mississippi Islands LEONARD LANCE, New Jersey KATHY CASTOR, Florida BILL CASSIDY, Louisiana JOHN P. SARBANES, Maryland BRETT GUTHRIE, Kentucky JERRY McNERNEY, California PETE OLSON, Texas BRUCE L. BRALEY, Iowa DAVID B. McKINLEY, West Virginia PETER WELCH, Vermont CORY GARDNER, Colorado BEN RAY LUJAN, New Mexico MIKE POMPEO, Kansas PAUL TONKO, New York ADAM KINZINGER, Illinois JOHN A. YARMUTH, Kentucky H. MORGAN GRIFFITH, Virginia GUS M. BILIRAKIS, Florida BILL JOHNSON, Ohio BILLY LONG, Missouri RENEE L. ELLMERS, North Carolina _____ Subcommittee on Commerce, Manufacturing, and Trade LEE TERRY, Nebraska Chairman LEONARD LANCE, New Jersey JANICE D. SCHAKOWSKY, Illinois Vice Chairman Ranking Member MARSHA BLACKBURN, Tennessee JOHN P. SARBANES, Maryland GREGG HARPER, Mississippi JERRY McNERNEY, California BRETT GUTHRIE, Kentucky PETER WELCH, Vermont PETE OLSON, Texas JOHN A. YARMUTH, Kentucky DAVID B. McKINLEY, West Virginia JOHN D. DINGELL, Michigan MIKE POMPEO, Kansas BOBBY L. RUSH, Illinois ADAM KINZINGER, Illinois JIM MATHESON, Utah GUS M. BILIRAKIS, Florida JOHN BARROW, Georgia BILL JOHNSON, Ohio DONNA M. CHRISTENSEN, Virgin BILLY LONG, Missouri Islands JOE BARTON, Texas HENRY A. WAXMAN, California (ex FRED UPTON, Michigan (ex officio) officio) (ii) C O N T E N T S ---------- Page Hon. Lee Terry, a Representative in Congress from the State of Nebraska, opening statement.................................... 1 Prepared statement........................................... 3 Hon. Pete Olson, a Representative in Congress from the State of Texas, opening statement....................................... 4 Hon. Janice D. Shakowsky, a Representative in Congress from the State of Illinois, opening statement........................... 4 Hon. Jerry McNerney, a Representative in Congress from the State of California, opening statement............................... 5 Hon. Marsha Blackburn, a Representative in Congress from the State of Tennessee, opening statement.......................... 5 Prepared statement........................................... Hon. Henry A. Waxman, a Representative in Congress from the State of California, prepared statement.............................. 83 Witnesses Linda Dempsey, Vice President, International Economic Affairs, National Association of Manufacturers.......................... 7 Prepared statement........................................... 9 Answers to submitted questions............................... 84 Brian Bieron, Executive Director, Public Policy Lab, eBay, Inc... 24 Prepared statement........................................... 26 Answers to submitted questions............................... 91 Laura K. Donohue, Professor of Law, Director, Center on National Security and the Law, Georgetown University Law Center......... 34 Prepared statement........................................... 37 Sean S. Heather, Vice President, Center for Global Regulatory Cooperation, Executive Director, International Policy and Antitrust Policy, U.S. Chamber of Commerce..................... 57 Prepared statement........................................... 59 Answers to submitted questions............................... 96 Submitted Material Letter of September 16, 2014, from Howard Fienberg, Director of Government Affairs, Marketing Research Association, to Mr. Terry and Ms. Schakowsky, submitted by Mr. Terry............... 77 Letter of April 3, 2014, from Myron A. Brilliant, Executive Vice President and Head of International Affairs, U.S. Chamber of Commerce, to John P. Holden, Assistant to the President for Science and Technology Policy, submitted by Mr. Terry.......... 79 CROSS-BORDER DATA FLOWS: COULD FOREIGN PROTECTIONISM HURT U.S. JOBS? ---------- WEDNESDAY, SEPTEMBER 17, 2014 House of Representatives, Subcommittee on Commerce, Manufacturing, and Trade, Committee on Energy and Commerce, Washington, DC. The subcommittee met, pursuant to call, at 2:04 p.m., in room 2322, Rayburn House Office Building, Hon. Lee Terry (chairman of the subcommittee) presiding. Members present: Representatives Terry, Lance, Blackburn, Harper, Guthrie, Olson, Bilirakis, Long, Schakowsky, McNerney, and Barrow. Staff present: Leighton Brown, Press Assistant; Graham Dufault, Policy Coordinator, Commerce, Manufacturing, and Trade; Melissa Froelich, Counsel, Commerce, Manufacturing, and Trade; Kirby Howard, Legislative Clerk; Paul Nagle, Chief Counsel, Commerce, Manufacturing, and Trade; Michelle Ash, Democratic General Counsel; and Lisa Goldman, Democratic Counsel. Mr. Terry. I want to thank all of you for being here. We have a couple of Democrats and a couple of Republicans. I think we are ready to go. So I want to thank our witnesses for being here. I am going to start with my opening statement. OPENING STATEMENT OF HON. LEE TERRY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF NEBRASKA Good afternoon to all. Welcome to our hearing entitled ``Cross-Border Data Flows: Could Foreign Protectionism Hurt U.S. Jobs?'' I want to mention, before we get started, that eBay is here to testify today. And I am especially thankful for you that because eBay owns PayPal, which employs about 4,000 people in my district. We are here today to discuss an emerging trend among many countries around the globe that could potentially have a negative impact on our economy. First of all, what are data flows, and why are they important? The flow of data across borders simply refers to the ability to send an email, a file transfer, video, or other electronic data from one country to another. And because very little business is done today without some form of electronic data, data flows are a big deal for manufacturing, energy, agribusiness, health care, financial institutions, retailers, advertisers, insurance, and tech companies. But several countries have proposed or enacted restrictions on cross-border data flows or have required companies to locate data centers within their own borders. For example, Russia has made a law restricting data flows. Brazil proposed a, quote, ``civil Internet framework,'' end quote, that would have authorized the government to require data to be stored in Brazil. The governments of Indonesia, Singapore, and India have also issued proposals that would either subject cloud computing to additional regulation or require data to remain stored inside respective countries. Sadly, these are but a few of the countries where it is an issue. Proposals to require local data centers have been aptly named forced localization and come with varying rationales. The European Commission, for example, has argued that localization of data could be a way to promote domestic industry and create jobs. But as we will hear from some of the witnesses today, it is doubtful that such policies would achieve these intended goals. More likely, they would take away the benefits that digital trade brings to that country and to the U.S. companies. Other proponents of data flow restrictions argue that the revelations concerning U.S. intelligence surveillance justify balkanizing the flow of data. The United States should send a clear message that forced localization and other restrictions on data flows are commercial regulations that affect businesses, and recent headlines cannot be used to force concessions from U.S. companies that cost us jobs here in the U.S. Over 300 Federal and State privacy laws are on the books in the U.S., and that proves that we do have privacy policies in the U.S. We have more privacy and risk officers in the U.S. than anywhere else in the world. Companies are reacting to the market and giving consumers more control, like Facebook's recent policy that permit users to remove themselves from the categories of advertising. And there are very few nations with a better record for the rule of law than the United States. Intelligence surveillance is being tackled, as it should, with input from Congress and our national security agencies. When it comes to trade, the U.S. cannot allow protectionism. Whether it is under the pretext of privacy or whatever, it threatens U.S. jobs and U.S. competitiveness. Our trade negotiators with USTR and the International Trade Administration have stressed to the counterparts overseas that the negotiations must focus on the commercial flow of data, which is of great value to everyone involved. There are many pieces that touch on data flows, the Trans- Pacific Partnership, the Trade and Services Agreement, the Transatlantic and Investment Partnership, and the Safe Harbor Framework. We cannot falter in any of these. I am hopeful that Congress will send a unified message to current and future trading partners that trade barriers will not be tolerated, and that we will protect our economic interest in data flows. I want to thank our witnesses for being here today. [The prepared statement of Mr. Terry follows:] Prepared statement of Hon. Lee Terry Good afternoon, and welcome to our hearing entitled, ``Cross-Border Data Flows: Could Foreign Protectionism Hurt U.S. Jobs?'' I want to mention before we get started, that eBay is here to testify today, and I am especially thankful for that because eBay owns PayPal, which has an office of over 4,000 employees in the Omaha area. We are here today to discuss an emerging trend among many countries around the globe that could potentially have a negative impact on our economy. First of all, what are data flows and why are they important? The flow of data across borders simply refers to the ability to send an e-mail, a file transfer, video, or other electronic data from one country to another. And because very little business is done without some form of electronic data, ``data flows'' are a big deal for manufacturing, energy, agribusinesses, health care, financial institutions, retailers, advertisers, insurers, and tech companies. But several countries have proposed or enacted restrictions on cross-border data flows or have required companies to locate data centers within their own borders. For example, Russia has made a law restricting data flows. Brazil proposed a ``Civil Internet Framework'' that would have authorized the government to require data to be stored in Brazil. The governments of Indonesia, Singapore, and India have also issued proposals that would either subject cloud computing to additional regulation or require data to remain stored inside the respective countries. Sadly, these are but a few of the countries where this is an issue. Proposals to require local data centers have been aptly named ``forced localization,'' and come with varying rationales. The European Commission, for example, has argued that localization of data could be a way to promote domestic industry and create jobs. But as we'll hear from some of the witnesses today, it's doubtful that such policies would achieve these intended goals. More likely, they would take away the benefits that digital trade brings to that country and to U.S. companies. Other proponents of data flow restrictions argue that the revelations concerning U.S. intelligence surveillance justify balkanizing the flow of data. The United States should send a clear message that forced localization and other restrictions on data flows are commercial regulations that affect businesses, and recent headlines cannot be used to force concessions from U.S. companies that cost us jobs here in the U.S. Moreover, it is simply not accurate to say that there are not privacy protections in the U.S. Over 300 Federal and State privacy laws on the books in the U.S. prove otherwise. FTC enforcement proves otherwise. And our marketplace shows otherwise. We have more privacy and risk officers in the U.S. than anywhere else in the world. Companies are reacting to the market and giving consumers more control--like Facebook's recent policy announcement that permits users to remove themselves from categories of advertising. And there are few nations with a better record for the rule of law. Intelligence surveillance is being tackled as it should, with input from Congress and our national security agencies. When it comes to trade, the U.S. cannot allow protectionism-under the pretext of privacy-to threaten U.S. jobs and U.S. competitiveness. Our trade negotiators with USTR and the International Trade Administration have stressed to their counterparts overseas that the negotiations must focus on the commercial flow of data which is of great value to everyone involved. There are many pieces that touch on data flows: the Trans- Pacific Partnership (TPP), the Trade in Services Agreement (TiSA), the Transatlantic Trade and Investment Partnership (TTIP), and the Safe Harbor Framework. We cannot falter in any of these. I am hopeful that Congress can send a unified message to current and future trading partners that trade barriers will not be tolerated, and that we will protect our economic interest in data flows. I thank the witnesses for being here today to shed more light on this issue and for giving our subcommittee the opportunity to spearhead Congress' activity in this area. Mr. Terry. I have 1 minute, if anybody wants it. Gentleman from Texas. OPENING STATEMENT OF HON. PETE OLSON, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS Mr. Olson. Thank you, Mr. Chairman, for holding this hearing today. And thank you to our witnesses for your patience. As we listen and discuss data policies around the world, it is important to think about the answers to these questions: Number one, in what country has the Internet flourished? In what country, number two, are the majority of Internet headquarters located? Question three, does any other country have anything like Silicon Valley? If not, why not? I look forward to this discussion today. Thank you. I yield back. Mr. Terry. Well done. I recognize the gentlelady from Illinois. OPENING STATEMENT OF HON. JANICE D. SCHAKOWSKY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF ILLINOIS Ms. Schakowsky. Thank you, Mr. Chairman, and thank you to the witnesses. This is a very complex issue and one that is deserving of this committee's attention. From a video chat between family members thousands of miles apart, to instant access to news and research, to buying tickets or music or sporting events at the click of a button, the Internet has made our world more interconnected than most would have imagined maybe only 20 years. That growth has helped to support some of the most innovative companies in the world, providing not just entertainment and information, but also supporting millions of jobs here at home. With the value of e-commerce estimated at $8 trillion per year worldwide and U.S. digital exports in the hundreds of billions of dollars each year, we have to do all we can to promote responsible growth of the Internet. The U.S. has been the undisputed leader in the development and commercialization of the Internet. But just like at home, people abroad have doubts about the privacy and security practices of American companies. We have seen this most acutely in terms of efforts to restrict cross-border data flows or the transmission of data across national boundaries. Many major economic powers around the world have considered and enacted restrictions on cross-border data flows, and many individuals around the world have sought out alternatives to U.S.-based companies for services from email to e-commerce. Distrust of American companies and our Government is high. Massive data breaches, like those that occurred at Target and Home Depot, have made data privacy and security a central issue in trade talks with countries and with the European Union. Last year's revelations about the NSA's data collection practices just heightened concerns that already existed in many countries, adding fuel to the fire. I support the USA Freedom Act, legislation passed in the House in May to limit bulk data collection and require prior judicial approval for collection of sensitive information. The bill would also establish enhanced oversight and transparency mechanisms. The United States does not have comprehensive privacy or data security protections in place, and I support taking that step. I am an original cosponsor of H.R. 4400, the Data Accountability and Trust Act, which Mr. Rush introduced earlier this year. That bipartisan bill would require the FTC to establish clear standards for collecting, storing, and disposing of sensitive data and would require entities to inform the public in the event of a breach. Enactment of the USA Freedom Act and the Data Accountability and Trust Act, as well as steps to strengthen the Electronic Communications Privacy Act, would provide much needed assurances regarding the privacy of data held on U.S. servers. Doing so would, first and foremost, provide peace of mind to Americans concerned about the security of their personal information, and it would also make American businesses even more competitive in the global economy. I look forward to hearing from our witnesses and getting your perspectives on this important issue and the steps we should take in order to remain the undisputed world leader in the Internet economy. Do either of the gentlemen wish to--OK. And I would like to yield to Mr. McNerney whatever time is left. OPENING STATEMENT OF HON. JERRY MCNERNEY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF CALIFORNIA Mr. McNerney. I thank the ranking member and also the panel for giving your time and effort on this hearing. There is a lot of data that flows across our national border, an awful lot of data. That raises questions of privacy, it raises questions of commerce, of national security. Some of our companies that are innovators are saying that our national security posture is hurting their businesses, and that opens up the opportunity for countries across the world to take steps against our country that they say, again, our companies are saying, costing them commerce. So, as the ranking member said, this is a very complicated issue, and I hope this hearing sheds a little light on that. And then we will be glad to ask questions and try and shed a little bit more light on it. So with that, I will yield back. Mr. Terry. Mr. Barrow, do you have a statement? Mr. Barrow. No. Mr. Terry. You yield back your time? Ms. Schakowsky. I yield. Mr. Terry. No other statements on--oh, Ms. Blackburn, you are recognized for 5 minutes. OPENING STATEMENT OF HON. MARSHA BLACKBURN, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF TENNESSEE Ms. Blackburn. Thank you, Mr. Chairman. And I apologize that I am late getting to the committee. We have a few things on the floor and had to do a little bit of work there. I just am so pleased that we are doing something on the cross-border data flow and the importance that this has in our economy. I have had the opportunity to work with Peter Welch, and we cochaired the Privacy Working Group this year. And we brought in a group of business and consumer stakeholders so that we could look a little bit more into this issue and have the time to just do a roundtable discussion. It was important to formulating some opinions and views, and we are appreciative that we had the time to do that. And we think that it is imperative that our committee seriously examine the restrictions on data flows that are emerging as a primary nontariff trade barrier to the international marketplace that come in the form of digital protectionism and poses a direct threat to U.S. economic development and job creation. It should be a priority for this Congress and the administration to ensure that U.S. trade agreements cover new and emerging digital technologies. They need to address measures that restrict legitimate cross-border data flow, and they should reexamine emerging policy and legal restrictions that could potentially harm innovation. I would also like to point out that one of our Privacy Working Group's participants earlier this year was Laura Donohue from Georgetown University Law Center, who is with us today. And it is good to see you again. And we are pleased that you are here to share your thoughts today. And I yield back my time. Mr. Terry. Mr. Guthrie, statement? Mr. Bilirakis? Mr. Bilirakis. No. Thank you. Mr. Terry. All time being yielded back, we will now recognize our witnesses. I am going to introduce you all first. And then, Ms. Dempsey, we will start with you and go from my left to right. So we are pleased to have Linda Dempsey here today. She is the vice president of international economic affairs for the National Association of Manufacturers. Mr. Bieron, senior director, eBay Public Policy Lab, thank you. Ms. Donohue is here. She is a professor of law at Georgetown University Law Center, Center on National Security and the Law. Thank you for being here. And Mr. Heather, vice president, Center For Global Regulatory Cooperation, executive director, international policy and antitrust policy of the U.S. Chamber. So now, Ms. Dempsey, you are recognized for your 5 minutes. And there should be the little red light. We keep things easy for us here. Green means go. Yellow means wrap it up. Red means really wrap it up. You are recognized for 5 minutes. STATEMENTS OF LINDA DEMPSEY, VICE PRESIDENT, INTERNATIONAL ECONOMIC AFFAIRS, NATIONAL ASSOCIATION OF MANUFACTURERS; BRIAN BIERON, EXECUTIVE DIRECTOR, PUBLIC POLICY LAB, EBAY, INC.; LAURA K. DONOHUE, PROFESSOR OF LAW, DIRECTOR, CENTER ON NATIONAL SECURITY AND THE LAW, GEORGETOWN UNIVERSITY LAW CENTER; AND SEAN S. HEATHER, VICE PRESIDENT, CENTER FOR GLOBAL REGULATORY COOPERATION, EXECUTIVE DIRECTOR, INTERNATIONAL POLICY AND ANTITRUST POLICY, U.S. CHAMBER OF COMMERCE STATEMENT OF LINDA DEMPSEY Ms. Dempsey. Good afternoon, Chairman Terry, Ranking Member Schakowsky, members of the subcommittee. I welcome the opportunity to testify today on behalf of the National Association of Manufacturers. The NAM is the oldest and largest trade association with over 12,000 manufacturing members in every State and every sector of the manufacturing economy. And as this subcommittee knows well, manufacturing is an engine that drives the U.S. economy, directly employing more than 12 million men and women. A robust and multifaceted trade policy is a key component to growing manufacturing in the United States. With most of the world's consumers outside our borders and over $11 trillion in manufactured goods traded worldwide, exports in sales present enormous opportunity. Where there is a level playing field, manufacturers in the United States are succeeding, as shown by the fact that nearly half of all U.S. manufactured goods are shipped only to our 23 trade agreement partners, with which we also have a manufacturing trade surplus. To grow more opportunities for manufacturers, we need more trade agreements with more countries, and those trade agreements must be strong, comprehensive, and tailored to meet the challenges of the 21st century. One of the biggest new commercial challenges globally is the proliferation of new barriers to cross-border data flows and foreign government localization barriers related to information technology infrastructure. The use of digital platforms, including sharing data and information across national borders, is increasingly important to many businesses, particularly manufacturers. While some of our manufacturers produce and manage those information technology infrastructure, most manufacturers are actually consumers of these technologies. New information technologies and services, such as cloud computing and software as a service, machine-to-machine or M2M technologies, and advanced analytics are advancing manufacturers' ability to grow, be more productive, and more competitive. These technologies are particularly vital to small and medium-sized businesses, enabling them to acquire information, market their products, and communicate with and serve foreign customers much faster and in a much more cost-competitive manner than ever before. As information and communication technologies have advanced, however, many countries are moving to restrict the movement of data and where data can be stored for nothing more than good old protectionist reasons. Manufacturers have seen barriers adopted and considered in many markets, from Brazil, China, India, and Korea, to Indonesia, Nigeria, Vietnam, and Russia. And many governments are claiming national security concerns, although the measures proposed go far beyond the concerns expressed. For companies that maintain their own servers, the imposition of these types of restraints impede their ability to implement their own business strategies, raises costs, and could potentially force companies to make the choice between doing business in a foreign country or not. These restrictions also undermine cloud computing by reducing economies of scale, forcing service providers to locate servers based on Government mandate, not business decisions. The loss of cost-effective cloud solutions would be particularly harmful to small business manufacturers that increasingly rely on these technologies to market and sell overseas. Given the importance of this issue, in March the NAM board of directors unanimously approved new policy language urging that disciplines on these practices be included in U.S. trade agreements going forward. We have seen efforts to address these issues globally by APEC and the OECD, bilaterally by the United States and Europe, and with Korea. Yet the trading system has not fully kept place. The NAM therefore urged the inclusion of negotiating objectives on this issue as part of a new and modernized trade promotion authority. And in January, the NAM welcomed the bipartisan Congressional Trade Priorities Act of 2014, which answered that call by including negotiating objectives to include such disciplines in future agreements. The NAM is working with U.S. negotiators in support of binding provisions in future trade agreements, including both the final TPP and TTIP talks, that will allow manufacturers and other industries to move, access, and store information across borders, prohibit requirements to establish or use local servers, and ensure nondiscriminatory treatment of digital products and services. We agree that there can be areas where legitimate exceptions to such binding commitments should be permitted, such as with respect to national security, intellectual property, privacy, and law enforcement. But such exceptions should not be used to create unwarranted or protectionist-based barriers. We are seeking strong rules in the TPP and TTIP that can set a global model. As manufacturers continue their efforts to rebound after the recession, the last thing they need are additional barriers or unnecessary costs. It is important that the Congress and the administration work together to modernize the trade rules through new trade agreements and a new trade negotiating framework to address these growing barriers. [The prepared statement of Ms. Dempsey follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Terry. Thank you. Mr. Bieron, you are recognized for 5 minutes. STATEMENT OF BRIAN BIERON Mr. Bieron. Chairman Terry, Ranking Member Schakowsky, and members of the subcommittee, thank you for giving eBay Inc. the opportunity to testify on the role of cross-border data flows in promoting commerce, economic growth, and opportunity. Our company is a truly global business. 60 percent of our marketplace business is outside the United States. We serve over 152 million PayPal users in 2003 countries. EBay Inc. is using technology to power global trade. The eBay marketplace, PayPal payment service, and eBay Enterprise enable hundreds of thousands of U.S. entrepreneurs and small businesses, as well as midsized and large business, to reach customers around the world. This is transforming trade by allowing Main Street businesses to directly take part in globalization, reaping the benefits of markets previously only open to the largest global companies. The 21st century global economy is built on data flows. Every business that operates internationally depends on access to digital services, including technology, logistics, finance, and professional services. The Internet alone powers 21 percent of GDP growth in advanced economies and facilitates $8 trillion in e-commerce. It drives global economic and social progress, and the U.S. Internet industry leads the way. But it should be clearly understood that much of the benefit is gained by traditional industries and businesses, 75 percent according to McKinsey. So, not surprisingly, America's leading industries are united in their concerns about data protectionism. But our unique experience at eBay and PayPal leads us to stress how the Internet and mobile technology are now powering global trade by small and microbusinesses. These entrepreneurial traders, such as Tracey Johnson, who employs three people in Valley, Nebraska, or Esther Ben Porat, who employs 12 people in Lincolnwood, Illinois, they will be undermined in their businesses if open cross-border data flows are restricted. My team conducts research on the growth of global trade by technology-enabled small businesses. In brief, the Internet and platforms like eBay and PayPal are revolutionizing this global trade. In the U.S., only 4 percent of traditional small businesses export. On eBay, 95 percent export. Traditional small business exporters reach an average of 2 markets a year. On eBay, the average small business exporter reaches 30 markets a year. Technology-enabled small businesses survive at a higher rate, and newcomers capture a larger share of the overall market than in the traditional offline world. The global trade regime is literally changing before our eyes, as enterprises that historically were too small to break into global trade can now directly participate. This new inclusive globalization depends on four components that make up what we call the Global Empowerment Network. They are, one, access to the Internet; two, access to the global services that exist on top of the Internet; three, an efficient small package shipment logistics network; and, four, an educational system for small businesses to learn about online opportunities. Each of these components is undermined by data restrictions requiring businesses to locate data centers, store data, or process data in a specific country. These restrictions impose meaningful economic and security harms. These are nontariff trade barriers. Like all trade barriers, they lead to inefficiencies, higher prices, and harms to businesses and consumers. They harm U.S. businesses. But just as importantly, they hurt businesses and consumers in the markets that employ them. Data localization proposals in countries like Brazil, China, the EU, India, Indonesia, Korea, Vietnam have been estimated to impact GDP from potentially a 10th of a percent to 1.7 percent, depending on the market. Small and midsized technology-enabled business in each of those countries are threatened. Of course, the U.S. impact is key as well. The U.S.-based global corporations will be harmed by the entire range of data protectionist proposals. Costs are imposed, inefficiencies are forced into the system, and opportunities are lost. But now, because of Internet-enabled global commerce, small and midsized businesses in every State and region of the United States will be impacted. Today we are witnessing the dawn of a new era of globalization. Small and midsized businesses contribute to their local economy and regularly serve customers around the world at the same time. This is good economics because it means more growth and wealth, and it is good for society because it means a more inclusive form of globalization. U.S. leadership is key to maintaining open global data flows and pushing back on data protectionism. This should be a top trade policy priority, to protect and promote growth at all levels. And I look forward to answering any questions. [The prepared statement of Mr. Bieron follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Terry. Thank you, Mr. Bieron. Professor Donohue, you are now recognized for your 5 minutes. STATEMENT OF LAURA K. DONOHUE Ms. Donohue. Thank you very much. I would like to thank you. Thank you, Ranking Member Schakowsky, and also members of the committee for inviting me here today. As you have noted, U.S. Companies dominate the digital space: Web browsing, search, email, social networking, traditional computing devices, smartphones, tablets. There are few foreign analogs to Google, Facebook, LinkedIn, Twitter, Instagram, Pinterest, myriad others who could compute with us on a global basis. But the U.S.' position is now imperiled. Documents released over the past year detailing the National Security Agency's call record program and the interception of content under the Foreign Intelligence Surveillance Act directly implicated U.S. high technology companies in Government surveillance. The result has been an immediate and detrimental impact on U.S. industry. The first documents revealed that the Government had served orders on Verizon, directing the company to turn over telephony metadata under Section 215 of the USA Patriot Act. The following day, The Guardian published classified slides on PRISM, detailing how the NSA had intercepted email, video, and voice chat, videos, photos, stored data, Voice over Internet Protocol, file transfers, video conferencing, online social networking details. And the companies read like a who's who of U.S. Internet giants: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. Slides showing the extent of so-called upstream collection similarly stunned the public, showing that the NSA had bypassed companies' encryption, intercepting data as it transferred between servers and the cloud, and it had obtained millions of email address books. Beyond these revelations, reports show that the NSA has at times posed as U.S. companies without their knowledge in order to gain access to foreign targets. I have documented all of this information in my written remarks. Three points follow. First, these programs have cost the United States billions of dollars. Second, they have pushed foreign countries to erect trade barriers through data localization laws. And, third, they have undermined U.S. national security. This subcommittee is uniquely poised to address the problem by supporting changes to FISA and U.S. privacy laws. It can also push for the insertion of economic and commercial representation throughout the national security infrastructure to prevent this situation from occurring again. So, first, the economic impact. In short, billions of dollars are on the line because of worldwide concern that the services provided by U.S. information technology companies are neither secure nor private. Perhaps nowhere is this more apparent than in cloud computing, arguably one of the most important industrial sectors for the future. The Information Technology and Innovation Foundation estimates that declining revenues for U.S. cloud computing could reach more than $35 billion over the next 3 years. Other commentators have put the losses as high as $180 billion by 2016, unless something is done to restore confidence in U.S. industry. The impact extends to high technology. Cisco, Qualcomm, IBM, Microsoft, and Hewlett-Packard have all claimed declining revenues as a result of the NSA programs. Servint, a Web- hosting company next door here in Virginia, reports that its international clients have dropped by 50 percent. As a senior analyst at the Information Technology and Innovation Fund explained, it is clear to every single tech company that this is affecting their bottom line. In return, companies have had to spend billions of dollars on new encryption. And even as U.S. companies are losing money, foreign companies are seeing their revenues increase. The NSA's involvement in these programs also revealed the extent to which it had became embedded in the architecture of the Internet itself. And as a result there has been a backlash that has led some commentators to raise concern that the Internet will never be the same. At risk is the balkanization of the Internet, undermining a traditional culture of open access and increasing the cost of doing business. As of today, China, Greece, Malaysia, Russia, South Korea, Venezuela, Vietnam, and others have already implemented data localization requirement laws. Turkey has introduced new privacy regulations, preventing the transfer of personal data overseas. Other countries, such as Argentina, Brazil, India, and Indonesia, are actively considering new data localization laws. Germany and France are considering a Schengen routing system, retaining as much online data in the European Union as possible. The Snowden release has further implicated our multilateral and bilateral trade negotiations. Two of the most important underway are TTIP, the Transatlantic Trade and Investment Partnership, and the Trans-Pacific Partnership. Although the U.S. Trade Representative is trying to put data protections on the table for the TTIP negotiations, the EU has steadfastly resisted this. And as long as the European public is strongly opposed to giving the United States access to European data the future does not bode well for our efforts. TPP, in turn, accounts for about 40 percent of global GDP, about \1/3\ of world trade. Two of our objectives in those negotiations are directly implicated by the Snowden releases: e-commerce, telecommunications, and intellectual property rights. The NSA programs weaken the USTR's hand with regard to open access and safeguards against cyber surveillance. This subcommittee has an opportunity to make a difference. The most important thing you could do is to curb the NSA's authorities under the Foreign Intelligence Surveillance Act. In January 2014 the President announced the telephony metadata program would be discontinued within 2 months. As of last month, it was continued for another 90 days. The Section 702 program is more complicated. Overseas collection from non-USP's is a concomitant of the foreign affairs powers of the Government and outside the confines of the Fourth Amendment. I would like to conclude. In addition to recognizing a residual right in privacy that is held with third-party data and passing new privacy acts, one of the greatest and least discussed problems, international security infrastructure, is the lack of economic and commercial representation. The National Security Act does not include the Secretary of Treasury as a statutory member. That is done by PPD. Other economic concerns are not represented at a programmatic level of the national security infrastructure. This committee could change that structure to prevent this from happening in the future. [The prepared statement of Ms. Donohue follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Terry. Thank you, Professor. Mr. Heather, you are now recognized for 5 minutes. STATEMENT OF SEAN S. HEATHER Mr. Heather. Thank you, Mr. Chairman and Ranking Member, members of the subcommittee, for the opportunity to be here today. Members of the U.S. Chamber, large and small alike, across all sectors of the economy rely on cross-border data flows to run their businesses as well as create better products and services. Let me share with you some examples of where cross- border data flows are necessary as part of today's economy. From anywhere in the world, medical diagnostic equipment can now be serviced and even repaired remotely, saving valuable downtime. Financial transactions take place globally in the form of credit card services or the purchase or sale of stocks and bonds. Every package that ships has data associated with it, and as that package physically moves across borders so does the data electronically. Insurance companies store policy information in multiple server locations to be sure they can access it in case of disasters. And perhaps most obviously, any company with employees in multiple countries needs to have an IT network that moves company emails. For all of these reasons and thousands more, we must understand that cross-border data flows affect all businesses, not just ICT companies. Despite the paramount importance of and benefits derived from having the ability to transfer data across borders, some foreign governments continue to push for restrictions on cross-border data flows. Within the last year, we have seen more than a dozen countries consider such measures. Efforts to restrict cross-border data flows have been fueled by revelations regarding U.S. Government surveillance. This issue, while important, ultimately conflates concerns about Government access and use of data with commercial access and use of data. Attempts to limit the movement of commercial data ignore the fact that a completely separate legal regime often governs law enforcement activities. In reality, foreign government efforts to require forced localization of servers or to put in place local content requirements are at their core often attempts to bolster homegrown ICT industries. The Chamber, as a part of an educational awareness campaign in Indonesia earlier this year, assembled a panel of Indonesia ICT startups. Their message to their government underscored their need for cross-border data flows in order for them to be successful. Their voice has sent a powerful message that data localization efforts effectively walled them off from the rest of the world. Still, some foreign governments believe that requiring data centers will be a boon to job creation. The truth is data centers cost hundreds of millions of dollars but require fewer than 150 employees to operate. Foreign governments often fail to realize that jobs are created by businesses that rely on cross-border data flows, exhibiting a fundamental failure to understand how the digital economy operates and running a risk of cutting the world out of the World Wide Web. Cross-border data flow restrictions can also arise through the complexity of complying with privacy frameworks across multiple jurisdictions. All companies must abide by privacy rules in the countries in which they operate. Many times privacy regulations from country to country are nuanced and rooted in important cultural and societal differences. However, conflicting privacy rules between jurisdictions can present significant problems to moving data. Thus, it is imperative that governments work together to develop solutions to ensure that privacy regimes facilitate trade in goods and services that increasingly rely on data flows while protecting privacy. This is especially important as consumers too are mobile and their expectations are that they can access information when traveling, while at the same time they have assurances that their data, regardless of where it is transferred, stored, or accessed, is protected. The Chamber believes privacy objectives and seamless movement of data can both be achieved. Trade agreements can help. For example, the U.S.-Panama and U.S.-Korea Trade Agreement both recognize the importance of seamless flow of information. The Chamber's members support ambitious cross-border data flows obligations in the TPP, TTIP, and TISA. Ideally, these agreements should address data transfers by including three key elements: one, a commitment to allow cross-border data transfers; two, a prohibition on data localization and local content requirements; and, three, a nonexhaustive list of data transfer mechanisms. In closing, the key takeaways from my remarks are, first, cross-border data flows are critical to all sectors of the economy, not just ICT companies; two, concerns over Government access and use of data will not be addressed through laws targeting commercial data; three, ICT industries are best fostered where data flows seamlessly; four, privacy concerns by Government must not mask protectionism aims; five, legitimate privacy objectives can be supported through cross-border cooperation between regulators; and, finally, going forward, trade agreements must support cross-border data flows, push back against forced localization and local content requirements, endorse the seamless flow of data, and encourage interoperability among privacy regimes. It is well understood that the free flow of capital across borders is important to the global economy. Without it, markets seize up and economic growth stagnates. Today I would submit, in this increasingly digital age, the same can be said about the importance of data flows across borders. Like capital flows, our economy and the world economy are relying on cross-border data flows for businesses to operate and for economic growth. The Chamber appreciates the opportunity to be here before the committee. Today's hearing importantly raises the profile of this issue at a critical time. And we look forward to working with this committee to preserving the movement of data seamlessly across borders. Thank you. [The prepared statement of Mr. Heather follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Terry. Thank you, Mr. Heather. And well done, everyone. Appreciate the input. Now it is our turn to ask questions to kind of dive deeper into your statements. But just my first question is a shallow question, but one that helps us really define the significance of cross-border data. And so to Ms. Dempsey, Bieron, and Mr. Heather, can you, in your best estimate, tell us just either by dollar amount or the percentage of your members or clients engage in cross- border data transfers? Ms. Dempsey? Hundred percent? Fifty percent? Ten percent? Ms. Dempsey. Thank you, Mr. Chairman. That is a tough one to answer quantitatively for NAM. I think information technologies are clearly a driver of global trade. And the growth in global trade that we have seen, particularly among small businesses, has been driven in significant part by that. We obviously have over $200 billion last year in actual computer and electronic equipment, but the gains are much, much more than that. But beyond that quantification---- Mr. Terry. OK. Mr. Bieron. In the United States, the eBay commercial sellers--so these would be when we have done our research globally, we sort of pick $10,000 in sales a year simply because we had to pick a number and that seemed like a nice round number--so at that level in the United States, 97 percent of them are exporting. And so they are interacting with customers globally. And that number, in the upper 90s, tends to be with our commercial sellers almost everywhere in the world. So it is nearly everybody. Mr. Terry. So out of that group, 97 percent. But how big is that group? Mr. Bieron. Hundreds of thousands in the United States and, you know, about 2 times that globally. Mr. Terry. Awesome. Mr. Heather. Mr. Heather. I, like the NAM, have a hard time quantifying what the number would be in the U.S. Chamber's membership. But I think, from talking with our members, what you see is the frequency by which they are increasingly relying on cross- border data flows. So you may have a small business that 5 years ago only once may have been looking online to source a product that they needed outside of the United States, and today they are doing that a dozen times in a year. And so what I can speak to more is the frequency in which companies are increasingly relying on cross-border data flows, but some absolute number to give you across the membership would be difficult. Mr. Terry. All right. Professor Donohue. Ms. Donohue. Yes. Just to add to that, outside of e- commerce, for the IP industry alone about 40 million American jobs are tied directly to IP-intensive industries, which stimulate about 60 percent of our exports, our merchandise exports. So it is enormous numbers. Mr. Terry. They are enormous numbers, and that is why we want to set the table about how important this is. The next part is we have all talked about how this has to be discussed and negotiated in our trade agreements. Do you think it would help Congress to weigh in with some level of resolution, instructing or suggesting to USTR and the Department of Commerce? Would that be helpful? And we will start from right to left, just to be different. Mr. Heather. Mr. Heather. I think absolutely. If you look at language that has been drafted in, for example, the trade promotion authority legislation that has been out there for examination, there is very positive language in that proposed legislation on this issue. I think it would be important for this committee to echo that, not only in order to give encouragement to the U.S. Chamber of Commerce, who are working these issues hard, but to send a signal to those trading partners that there is an expectation that USTR brings that home when they bring home an agreement for the Congress to consider. Mr. Terry. Professor Donohue. Ms. Donohue. So I would say it is not just important, but essential that this committee actually weigh in on that. And it is essential that they both weigh in on the importance of data flows and data transfers and also doing something to give our industry the ability to say things have changed, to increase consumer confidence. So really going after the source of the problem that is really accelerated this movement toward data localization, to say, no, we have now curved these surveillance authorities, they are more transparent, we have more oversight. So you take away the reason people might give for otherwise doing this. And this committee can play a unique role in both ways. Mr. Terry. Mr. Bieron. Mr. Bieron. In a word ``yes.'' And to expound on that, I think that trade negotiations and the global trade sort of infrastructure moves very slowly. We all know that trade agreements tend to be built on the previous trade agreement, which is built on the previous trade agreement. They all take, let's say, a decade to negotiate. When you are dealing with the changes that are wrought by the Internet where the global economy is changing so rapidly, they very much need a very forceful direction to rapidly change how the Internet is accounted for in our negotiating objectives, because if we move our trade policy at the normal speed that it moves, we will, like, miss most of what is happening in the Internet. Mr. Terry. That is a good point. Ms. Dempsey. And I am out of time, so make it quick. Ms. Dempsey. I agree. And I will just add, I concur with all that my colleagues have said. It is so important for the United States to speak with one voice on this issue. It is moving fast. We are seeing this proliferation of other countries trying to impose very protectionist policies under the guise of security or privacy concerns. It is important for you all to work together to move this issue forward. Mr. Terry. Thank you. Gentlelady from Illinois is recognized. Ms. Schakowsky. Thank you, Mr. Chairman. Mr. Bieron, I have--did I say that right? Mr. Bieron. Yes. Ms. Schakowsky. OK. I have a number of questions for you. One of the reasons other countries are considering laws that restrict cross-border data flow is the fear that their personal and financial information is not being properly protected from criminal cyber attacks. Earlier this year, this subcommittee held a hearing on the Target and Neiman Marcus data breaches that occurred late last year. And since then, we have heard of a number of other large-scale data breaches, Michaels, Home Depot. In May of this year, news broke that eBay's system had been breached and an unknown number of eBay's 145 million customers' personal information, including names, phone numbers, home address, emails, and encrypted passwords, were compromised. So I am asking you if you have any sense now, more than 3 months after the breach, of how many customers had their data exposed during the breach? Mr. Bieron. I don't believe that we know exactly how many customers had their data accessed. The cyber attack that resulted in the essentially stealing of names--as you said, names, addresses, phone numbers--did prompt eBay to ask and require all of our users to change their passwords before they could reaccess the site. So what it prompted, in our case, was the decision to, for safety's sake, require everybody to change their password, because user passwords, although accessed in an encrypted form, they were accessed, encrypted passwords were accessed. And we decided that the smartest and safest thing to do was to require a password reset, which we implemented. Ms. Schakowsky. Did the breach compromise eBay's customers in countries other than the United States? Mr. Bieron. It impacted our eBay customers globally. Ms. Schakowsky. So I am sure you recall that eBay received some criticism at the time the breach was announced about its public response to the attack. There was an article in Wired which noted that the initial warning about the breach was a note on the eBay corporate Web site, not eBay.com. A statement was also posted to PayPal's Web site that warned in its title that eBay users should change their password, but the body of the post offered no information, other than the words, quote, ``placeholder text,'' unquote. And so in what ways, then, did you notify customers that they should change their password, other than that? Mr. Bieron. Well, I mean---- Ms. Schakowsky. PayPal. Mr. Bieron. Sure. When we discovered that there had been a breach of our system, the company rapidly worked to determine what the extent of that breach was, when it was determined, what the extent was. And we realized that the proper course of action would be to have everyone reset their password. Ms. Schakowsky. You still don't have a number? Mr. Bieron. No. We still don't have a number because data files we know were accessed that had names and addresses and passwords and phone numbers. And as I would note, the passwords were encrypted. They were accessed, but even now the exact number of the data points in the files, we don't know exactly how many ended up being withdrawn. So we know that---- Ms. Schakowsky. Well, I am just asking a simple question: How many customers had their data exposed, not what happened or---- Mr. Bieron. And that is what I am saying, we do not know based on how the breach occurred exactly the number that was accessed. Ms. Schakowsky. Don't think that is important, and how are you proceeding then? Mr. Bieron. Well, how we proceeded was to require all of our customers to reset their passwords. Ms. Schakowsky. So are you ever going to know? Mr. Bieron. I am not sure if our technical people will ever know exactly the number. We do know that all of our users have had to reset their passwords because of that. And actually I believe that we have received quite a bit of praise for how rapidly we were able to put in place a system to have everybody have to reset their passwords and to notify all of our users. Ms. Schakowsky. OK. Well, let me ask you. Different countries have different laws regarding breach notification. So how does eBay handle notification in the many different countries in which it operates, or did you have the same procedure, just change your password? Mr. Bieron. We had the same procedures. We notified everybody. And then when they were coming to our site, they were stopped from proceeding and using the site until they changed their password. Ms. Schakowsky. In addition to that, have you made any changes to your security and breach response procedures since May that would respond to any future attacks? Mr. Bieron. Yes. I think that I would prefer, if we could, to respond in writing to give you a specific set of examples of things that we have done. But there is no question that the company looked very much at the kind of threats that are always coming at an Internet business like ours and did make some changes to address the way that this attack occurred. Ms. Schakowsky. Thank you. I yield back. Mr. Terry. Gentleman from New Jersey, vice chairman of the subcommittee, is recognized for 5 minutes. Mr. Lance. Thank you very much. And I did change my password on eBay. Ms. Dempsey, one of the chief concerns of the Energy and Commerce Committee and certainly this subcommittee is to promote the policies that reinvigorate the American manufacturing economy and we hope create jobs here at home. What do you think restrictions on data flows would have as a result, based on what we would like to do to reinvigorate the American economy? Ms. Dempsey. Thank you, Congressman. And thank you for the work of this committee. On manufacturing, obviously, it is NAM's mission to grow manufacturing in the United States. My position is to grow manufacturing through international trade policies and investment policies. Restrictions on data flows, server localization barriers are going to drive a stake through the heart of the growth in manufactured exports that we have witnessed over the past decades. We have seen more than a doubling of U.S.-manufactured exports since 2002. We are at a record high, $1.38 trillion in manufactured exports, which helped fuel the biggest manufacturing output for the United States of over $2 trillion in 2013. That is great news. The bad news? There is $11 trillion traded outside our borders in manufactured goods every year. The United States, while we have increased manufactured goods exports, we have lost market share. Our ability to compete overseas is increasingly tied to different policies. Eliminating barriers overseas, as I indicated, with new trade agreements. These are some of the barriers that are becoming most pernicious and are continuing to grow. We can succeed when we have strong trade agreements, when we eliminate these barriers overseas. We see that with our trade agreement partners. So if we want to continue to grow exports and continue to have that to be a source of manufacturing growth, eliminating these types of barriers will go a long way. Mr. Lance. And we have lost market share because the pie has grown so much? Ms. Dempsey. Yes. So other, new emerging countries. China, obviously. The United States used to be the largest manufactured goods exporter. We were overtaken by Germany and then by China. We are number two. And we are doing well, but we can do better. And we have a lot of other countries out there who are working hard. But I will say that some of the countries that are really growing are those that are doing more to grow export opportunities, grow trade agreements. I am always disheartened to hear that companies are sometimes choosing Mexico as a venue to put new factories. Not because of NAFTA. It is because Mexico has a trade agreement with Brazil, and they have a lot more in Japan and a lot more trade agreements than we do that eliminate barriers. So those are the types of things that impede us and putting the United States back on the track to lead and lead in the types of rules that we are going to have in the international economy. Mr. Lance. Thank you. Is there anyone else on the panel who would like to comment? Seeing none, Mr. Chairman, I will yield back the balance of my time. Mr. Terry. Thank you. I recognize the gentleman from California. You are recognized for 5 minutes. Mr. McNerney. Thank you, Mr. Chairman. I am glad I came to the hearing today. It is a very interesting discussion, and I appreciate that. I am going to start with you, Professor Donohue. Your testimony was pretty stark actually. I was on the Privacy Working Group, so I have heard some of this before, the impact of NSA activities and the disclosures about that on American businesses. And it is not very comforting. You said that this subcommittee has a role to play in restricting NSA. Would you give us some suggestions or ideas. Ms. Donohue. Sure. Sure. Thank you, Congressman McNerney. I appreciate it. It is nice to see you again. I think there are three roles, really, that this committee could play. The first role is in supporting legislation passing through Congress right now dealing with the Foreign Intelligence Surveillance Act. Now, there are many bills underway. Some of them accomplish different things to different extents. But something needs to be done. Otherwise, our industry and our USTR are in a position where they can't really argue changed circumstances at all. And so I think it is very important that something be done. The second thing that this committee can do is to take a look at the privacy laws and the ways in which consumer privacy is or is not actually protected. So the U.S. and the EU, a lot of ink has been spilled about how the two countries are so different in terms of their privacy laws. I disagree. And my written remarks go into some detail as to why I think we are actually not that far apart from Europe. But two ways in which we differ significantly that are important are, first, in terms of third-party data and, second, in terms of having an omnibus statute as opposed to single statutes that drill down deeper, but in very narrow areas. In the second instance, Europe has broader statutes, directives that cross different areas. We have more narrow ones. So one thing that this committee could do is look at a more overarching framework. The Privacy Act is 40 years old this year and is really a defunct piece of legislation. So that needs to be looked at. The first part of this, though, the third-party data rights, the idea that you still have a right in information, even though a third party holds it or a company holds it. Our case law comes from the 1970s, from Smith v. Maryland. And we have seen recently that the Supreme Court is coming to the conclusion that the privacy implication and the privacy rights implicated by new technologies are significantly deeper than they were at a time when all we had were land lines. Now your cell phones tells where you are 24 hours a day, who you are with, what you are doing, what you read, what you believe, all of this information. And so this committee could get out ahead of the Supreme Court in some ways and really recognize a consumer right to privacy in an omnibus statute and in this way bring the U.S. into line with the European Union on our own terms, but in a way that again helps our USTR and TTIP and other negotiations. Mr. McNerney. I mean, that sounds like something that could happen on a bipartisan basis as well. Ms. Dempsey. Oh. Absolutely. Yes. Yes. The third, and this has gotten almost no attention, but I have been really struck actually, and I say this as a scholar, just looking at how this has played out, the National Security Act does not include the Secretary of Treasury on the National Security Council. So PPD-1 does. That is up to the President. And when international economic issues are on the agenda, then the President may invite the Secretary of Commerce, the USTR, the Assistant to the President for Economic Policy, or the Chair of the Council of Economic Advisors to NSC meetings. The problem is, if the issue isn't front-and-center international trade or international implications, that economic representation is not there, the consumer side of this, the commercial side of it, everywhere from the NSC down to a programmatic level. And so there are ways that the national security infrastructure fails to take account of the things that this committee cares about in a way that would help to prevent this kind of situation from arising in the future. And I think the committee could play a very strong role there by insisting that economic security, which from the founding has been central to U.S. national security, that economic security be taken into account as well. Mr. McNerney. Thank you. Mr. Chairman, I was wondering if I could have another 5 minutes. Just joking. Mr. Terry. No. You can have 53 seconds. Mr. McNerney. Mr. Heather, I think on your closing statement you had five items that you mentioned. And the second one I think you mentioned was that data-flow problems cannot be addressed directly by dealing with commercial data. Did I misunderstand that? Mr. Heather. The second point was that concerns about Government use of data and access of data are not going to be addressed with regard to laws about commercial data. In other words, concerns about NSA often conflate commercial use of data versus Government use of data. So the solutions to dealing with concerns about Government use are going to be different than solutions for use by commercial data. Mr. McNerney. Yes. Well, that is in line with what Dr. Donohue was saying, basically. Mr. Heather. Correct. Mr. McNerney. All right. Mr. Chairman, I will yield back. Mr. Terry. Thank you. I appreciate that. Now Mr. Bilirakis, gentleman from Florida, is recognized for 5 minutes. Mr. Bilirakis. Thank you, Mr. Chairman. And I thank the panel for their testimony today. Mr. Bieron, you mentioned in your testimony that over 95 percent of small U.S.-based businesses using the eBay marketplace platform engage in exporting versus 4 percent of traditional businesses. Can you explain how you arrived at these figures? In particular, what is a traditional business in this context? Mr. Bieron. Well, that was based on comparing data from the eBay marketplace with data that, I believe, was Census Bureau data that we had and a trade economist at the University of Geneva actually analyzed. So U.S. Government data on small business and their trading in the traditional economy compared to the percentages of exporting going on over our marketplace. Mr. Bilirakis. OK. Thank you. Next question, again, for Mr. Bieron. Your testimony says that smaller businesses are reaching roughly 10 times as many markets per year than the traditional U.S. businesses. Please explain the difference in these markets and their importance to the overall business growth. Mr. Bieron. That was simply data to explain sort of the difference between the kind of global marketing that a small Internet business can do. And again they are not businesses that, like, just exist on the Internet. These are small storefront businesses in many cases that also use the Internet. So they are selling locally, and they are also able to reach anyone who uses the services that they use. So if they are up on eBay, they are being seen by 140 million customers potentially around the world. So the traditional business export model for small businesses tends to be--and this is why only about 4 percent do it--oftentimes they are small businesses that are either located near a border, so they have customers coming across the border regularly, or they have family connections, let's say, to a particular country, so they have export relationships through that. Or maybe they are a business that is part of another bigger business' supply chain. So maybe they are supplying a particular business in another country. This is why small businesses traditionally have oftentimes only exported to one or two countries a year. In the Internet global business model, where you can be a really tiny business but now you are literally being seen by individual customers around the world and you are using your Internet, combined with services like eBay and PayPal, combined with then UPS, FedEx, the Postal Service to then ship packages, so, like I said, on our site, the average number of export markets for our--they are still tiny, microbusinesses in many cases--ended up being just under 30 per year. Mr. Bilirakis. OK. In your opinion, how difficult would it be for a small business to reach the international marketplace without cross-border data flows? Mr. Bieron. Essentially impossible. I mean, today, as we have heard, whether you are a giant, multibillion-dollar business or you are an individual who wants to send an email to somebody, at the end of the day it involves cross-border data. So, I mean, you can't get paid by somebody outside the country generally if you don't have an ability to have cross-border data flow. So it underpins, whether you are a tiny individual entrepreneur or a giant business, it underpins the way all kind of cross-border business gets done. Mr. Bilirakis. Thank you. Thank you. I yield back, Mr. Chairman. Appreciate it. Mr. Terry. That is all the folks that we have to ask questions, so I guess that completes our hearing today, except that all committee members, whether they were here or not, have the opportunity to submit written questions to you. I don't know if there will be any, but if there are any submitted to you, I would appreciate about a 14-day turnaround. I think that is pretty reasonable. So with that, let's see, we do have two letters for the record. Letter on behalf of the Marketing Research Association, dated September 16, 2014, addressed to the ranking member and myself. Then the second one is a letter on behalf of the International Affairs Division of the U.S. Chamber of Commerce dated April 3, 2014, addressed to the Office of Science and Technology Policy. Unanimous consent to submit those. No objection, so ordered. [The information follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Terry. And that concludes our hearing. Thank you very much. [Whereupon, at 3:05 p.m., the committee was adjourned.] [Material submitted for inclusion in the record follows:] Prepared statement of Hon. Henry A. Waxman Today's hearing is on efforts to limit the electronic movement of information across national boundaries. The United States leads the world in technological innovation. Digital trade-related exports totaled more than $350 billion in 2011, up from about $280 billion in 2007. In today's heavily digital commercial environment, cross- border data flows are not just a normal part of doing business, but also essential to the innovative capacity of U.S. enterprises. Any limits on international trade, including digital trade, will have an effect on the American economy and American jobs. Recent industry reports find that the efforts of foreign countries to restrict data flows--or even the threat to do so--can hurt American businesses. There is no doubt that foreign trust in the United States Government and of U.S.-based companies has been hurt by revelations since last year about the NSA's online surveillance programs. But other factors are also at work. Just like Americans, citizens of other nations are concerned about the massive amount of personal information being collected by private companies and whether this information is secure. In Europe, for example, the efforts to limit private data mining and to ensure basic data security protections began long before Mr. Snowden's name was known. For example, in 2012, an Austrian law student sparked outrage in Europe over his discovery that Facebook possessed files of personal information on individual users that were hundreds of pages long. Even earlier, several European countries took action against Google's Street View service after it was revealed that Google's Street View cars collected personal information as they drove through the streets. One way to help alleviate those fears and build trust is for the United States to establish effective baseline privacy and data security protections. That is why I have supported, and continue to support, efforts to establish such protections for consumers' information. Regaining the trust of consumers worldwide is crucial to the continued growth of Internet and communications technology sector in the United States. That requires a multi-faceted approach--through appropriate legislation and regulation, as well as through trade negotiations and other administration efforts to prevent harmful restrictions on cross-border data flows. I look forward to the witnesses' testimony and to our discussion today of this important topic. Thank you. [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]