These are strange times in Washington. Congress, which has spent decades conspicuously showing only the most passing interest in privacy, suddenly is awash in proposed privacy legislation and the calendars in both chambers are crowded with committee hearings on the topic. The unending string of breaches and data-misuse and abuse scandals, coupled with increasing consumer outrage, has apparently combined to accomplish that most difficult of tasks: convincing Congress to act.

But there’s a significant difference between knowing that something must be done and knowing what do. Right now, Congress seems to be stranded somewhere between those two mileposts, and a pair of hearings this week on Capitol Hill did not produce much evidence that is going to change soon.

The good news is that there seems to be a general sentiment in Washington that it’s time to pass a federal privacy law. The various state laws that exist now have laid the groundwork, holding companies accountable for lapses in privacy protection and loss of consumer data, and providing some expectation on the part of consumers that there will be consequences--however fleeting they may be--when these incidents occur. People have become much more conscious of and educated about the ways in which companies collect and use their data in the last few years, and expect that there will be legal and regulatory measures in place to keep those companies from going off the rails. While there is no federal privacy law at the moment, there are several bills at different stages of the legislative process right now, some of which would impose severe fines on companies for violations.

Both the House of Representatives and the Senate held hearings this week to discuss the need for a federal privacy measure, what that could look like, and what it might mean for data collectors as well as consumers. On Wednesday, the Senate Committee on Commerce, Science, and Transportation met to talk about the parameters of a federal policy framework, and members expressed an eagerness to improve the protections for consumers across the board.

“Congress need to develop a uniquely American data privacy framework. It is clear that we need a strong national data privacy law,” said committee Chairman Roger Wicker (R-Miss.).

A good portion of the Senate hearing focused on the concept of notice and consent, which involves showing people a privacy policy in some form and having them consent to whatever data collection and usage is specified in the policy. This method relies on the idea that people actually read privacy policies (they don’t) and understand the implications of the data collection and usage (they don’t). Which is why many in the privacy community have little use for notice and consent and consider it to be not much more than window dressing.

“I believe that notice and consent are no longer enough,” said Sen. Maria Cantwell (D-Wash.).