A bipartisan group of legislators in the US House and Senate has proposed a bill that could result in a long-awaited national data privacy law. This is big news that could allow internet users to opt out of targeted advertisements and sue companies that improperly sell their personal data.
This is the biggest breakthrough to date for a national privacy law
While it’s too soon to say whether the bill will pass, whether its protections will be diluted before it passes, and how rigorously the law will be enforced, this is the biggest breakthrough to date for a national data privacy law. The US is one of the only major global economies without strong national privacy laws akin to the GDPR.
Some say this bill offers a compromise position
Until now, partisan disagreements and privacy actives fighting for their version of a perfect bill have hampered efforts and distracted from the benefits of passing a reasonable, decent bill. Democrats argue for a private right of action that will give consumers legal rights if government fails to enforce the federal law, while Republicans want a federal law to preempt state laws to end the patchwork of compliance obligations on business.
Observers say this current bipartisan bill represents a compromise on these two big sticking points, in that it limits when and how users could sue internet companies for privacy violations and contains measures that would supersede most state data privacy laws.
Under the proposed bill:
- Companies would have to restrict their data collection to only data that is necessary for their business to function.
- Companies couldn’t charge users to access data privacy measures except in some limited circumstances.
- The Federal Trade Commission would have to maintain a public registry of data brokers and present a way for users to opt out of targeted advertisements and other data sharing practices.
- Consumers could access, correct and delete their own data and companies would have to tell third parties to change user data where users request it.
- Companies would have to annually prove their compliance.
- The FTC would be tasked with enforcing the law via a new purpose-built bureau for consumer data privacy.
- Individual users could sue companies after a four-year waiting period from the date this new bill is enacted. There are some caveats on individual powers to sue.
- The new federal law would supersede most state data privacy laws with some exceptions.
The proposed bill needs more members’ support and is in a race against time to be passed before the midterm elections. So while this proposed bill is generally good news, a bill is only as good as the funding and capabilities of the agencies responsible for enforcing it. And if it doesn’t pass before the midterms, what then?
Photo by create jobs 51