WASHINGTON, D.C. — The conversation at Tuesday’s Senate Banking, Housing and Urban Affairs Committee hearing sounded pretty bleak at points.

“As a tech person, I’m not used to wearing a neck tie,” said Maciej Ceglowski, the founder of Pinboard and one of the witnesses who testified. “Putting mine on this morning, I saw that there was a small tag on the back of it. I realized that my neck tie is better regulated than my entire industry.”

Ceglowski added: “We collect this data; we have no transparency in what we do with it; and we are simply deceiving the American people.”

From social media to online shopping to how we work and stay organized, technology is everywhere — and so is our personal information.

“The data about a person should be owned by that person, not shared and used for profit, as it's become in this country now,” said Senator Sherrod Brown (D-OH), who serves as ranking member on the Banking Committee. “The Europeans have figured some things out. We’ve got to do more.”

Tuesday’s hearing focused on something that went in effect in Europe about a year ago.

It’s called the General Data Protection Regulation, or GDPR, and it’s an effort to protect Europeans’ data by putting certain rules and standards in place.

Brown said Europe is leading the world in this, but there’s still a lot to be done.

“As we start to think about this subject, we need to do it with an open mind,” Brown said in his opening statement. “Technology has advanced rapidly; we should have some humility to admit that we don’t even know all there is to know about what happens when personal information is collected on a large scale.”

The witnesses said it’s too early to tell how effective the GDPR has been in Europe, but they explained that it’s more of a data privacy law than a data security law, with the goal of trying first to get big technology companies to comply with the new rules before resorting to financial punishments.

“You need punishment for these companies that act irresponsibly, incompetently, or in some cases maliciously,” Brown said. “If it’s serious and it’s repetitive and it’s malicious, then it’s some punishment greater than that, eventually.”

Brown used Equifax, and its recent breach that affected nearly 150 million Americans, as an example of what’s at stake.

One of the witnesses summed things up this way:

“The highest level of privacy protection in the digital age will result when both companies and consumers exercise their roles to the fullest,” said Jay Cline, the Privacy and Consumer Protection Leader at PwC US.

Brown said he’s confident this is an issue that Congress can approach in a bipartisan fashion.

On Monday, the Washington Post published a piece called, “Alexa has been eavesdropping on you this whole time.”