Today, U.S. Secretary of Commerce Penny Pritzker delivered a keynote address at an event hosted by the Council on Foreign Relations on Privacy and Data in the Age of Surveillance. This symposium convened policymakers, business leaders, and academic experts for a candid discussion of online privacy in an era of fast-moving digital innovation.

During her remarks, Secretary Pritzker emphasized that trust in the privacy and security of digital technologies is essential to America’s future competitiveness in the global economy. The Secretary discussed how collaboration between government and industry stakeholders has guided the Commerce Department’s first-ever digital economy agenda, which aims to advance policies that promote a free and open Internet, protect security and privacy, build a workforce prepared for the 21st century, and engage with industry on emerging technologies. 

Secretary Pritzker highlighted several successful efforts undertaken by the Commerce Department, such as the recent completion of the EU-U.S. Privacy Shield Framework, which supports digital trade in the transatlantic economy, and the Cybersecurity Framework, a tool created by NIST in consultation with over 3,000 industry stakeholders designed to help businesses and agencies improve their cybersecurity posture. Looking ahead, Secretary Pritzker discussed the Commerce Department’s role in supporting the Commission on Enhancing National Cybersecurity, which is slated to issue recommendations on how government and industry can secure our nation’s vast digital assets and promote the trust essential to our continued success in the digital economy. 

View video of speech on CFR.org

Remarks as Prepared for Delivery

Thank you, Richard, for that warm welcome. It’s a pleasure to be here at the Council on Foreign Relations. Today’s discussion of privacy and security has never been more important. 

To address these challenges, restore trust, and maintain American leadership in online innovation, our team developed our first-ever digital economy agenda, with four key priorities: promoting a free and open Internet; protecting digital security and privacy; building a workforce prepared for the 21st century; and engaging with industry on emerging technologies.

In recent months, we have witnessed a denial-of-service attack bring down Twitter and other websites by turning household objects into cyber-weapons, hacked emails drive the news cycle, and foreign influence in our democratic process.

These events suggest we have arrived at a serious point of inflection. Innovation and technology adoption are outpacing our ability to ensure privacy and security – and undermining our ability to realize the digital economy’s full potential.

Today, digitization is transforming every sector – from health care to energy to manufacturing. Companies now have powerful tools to analyze and apply data in ways that hold enormous progress for our world.

Let me give you an example. Last April in Hamburg, I learned how Germany has used big data to cope with the refugee crisis. These refugees speak 25 different languages. But thanks to automated translation services, German health workers were able to screen thousands of displaced families in-real time. This technology has helped Germany protect public health and move thousands of refugees through the migration process more efficiently. 

This is just one of countless ways that big data can improve people’s lives. Think about how it could help reduce road congestion and prevent traffic fatalities. Or advance precision medicine. Or prevent retail fraud.But one thing is clear. We will not deliver on the promise of these innovations unless people can trust that their privacy and security will be protected online.

We now have a daily drumbeat of cyber threats and data breaches headlining the news. To better understand the economic impact of these challenges, earlier this year the National Telecommunications and Information Administration surveyed 41,000 Internet-connected households across America. They found that nearly 45 percent of respondents said that concerns over privacy have discouraged them using certain online services. These results drive home how violations of privacy and security have a chilling effect on the adoption of new technology.

Throughout my time as Secretary of Commerce, our team has made these issues of trust and privacy top priorities. When I took this job, President Obama asked me to build bridges with the business community at a time when relations were frayed by the Snowden disclosures. Those revelations spurred more than debates over civil liberties. They undermined the ability of our businesses to compete worldwide. Nations began to erect new digital walls. Data localization laws, content controls, and onerous technical standards threatened market access. Some of these policies were well-intentioned. However, more often than not, they limited consumer choice, undermined competition, and stifled innovation.

Trust is a key pillar of this agenda. And our team has made some significant strides in this area - strides that are delivering real benefits to our economy. Take for instance when our data privacy agreement with Europe, then known as the Safe Harbor, was struck down by European courts. This posed significant challenges to U.S. companies, who struggled to comply with often incompatible privacy rules.

For two years, we negotiated with our counterparts in the European Commission. And this summer we successfully secured the EU-U.S. Privacy Shield Framework. This agreement bridges the gaps between European and U.S. legal constructs for privacy – creating certainty for companies and protecting privacy for consumers on both sides of the Atlantic. The Framework ultimately supports $290 billion in digital serves traded annually between the U.S. and Europe – and paves the way for future growth.

These issues of privacy and security are complex, and we need business at the table to address them. That is why at the Commerce Department, close cooperation with industry has guided our agenda at every turn.

At the National Institute for Standards and Technology, for instance, we convened over 3,000 industry leaders and technical experts to create the Cybersecurity Framework – a dynamic tool now widely-viewed by industry and government to be the gold standard for measuring cyber risk. At our National Telecommunications and Information Administration, our team is actively engaging experts in emerging sectors like the Internet of Things, so that the cars, baby monitors, and devices of the future are born secure. And earlier this year, the President tasked the Commerce Department with providing support to the Commission on Enhancing National Cybersecurity, comprised of 12 public and private sector leaders.

The Commission is expected to report to the President on December 1st. We expect their recommendations to provide the next Administration with a blueprint for better securing our government and our digital economy at large from cyber threats.

The Obama Administration has also made significant progress on restoring trust both at home and abroad by reforming surveillance rules and passing the USA Freedom Act. I am proud of our Administration’s leadership on all of these fronts.

Still, significant unfinished business remains. For example, we currently have a system of sector-specific privacy laws, with broad enforcement authority for the FTC to police the privacy practices of companies and protect consumers. And recently, the FCC entered the privacy enforcement space.

As innovation moves faster than our ability to regulate or legislate, we must consider whether we need new ways to protect privacy in a future headed towards artificial intelligence, machine learning, virtual reality, and other technologies from the sci-fi films of my youth.

Another difficult issue to address is encryption. We all know that encryption is essential for protecting data – for industry, for consumers, for our government and for our military. In fact, President Obama has said, and I quote, “there’s no scenario in which we don’t want really strong encryption.”

However, we increasingly have digital services that impede law enforcement’s ability – with a warrant – to do its job. We must continue to take a clear-eyed approach to this issue that fully appreciates its “security versus security” implications.

In other words, we must strive to ensure any changes in our encryption policies do not jeopardize our national security or undermine our ability to compete globally. And yet we cannot compromise our safety by leaving law enforcement blind. I fundamentally believe that collaboration with industry is essential if we are to make any progress on this challenge.

Privacy and security are values that run deep among all Americans. At the same time, we are an innovative society that has always embraced new technology. Digitization, automation, and data optimization have the potential to deliver benefits to our world like never before. How we empower our businesses, our communities, and our people to realize the promise of this new digital age – while protecting the privacy and security essential for their success – is a central question of our time.

This question will confront the next Administration on day one – and all of us for years to come. Thank you, and I look forward to today’s conversation.