Getty Images/iStockphoto
Proposed Data Privacy Bill Creates Federal Data Standard, Empowers FTC
A newly proposed consumer data privacy bill aims to create a federal data standard and gives the FTC authority to enforce penalties against companies that fail to comply.
Rep. Suzan Delbene, D-Washington, introduced a national consumer data privacy bill, which would create a federal data privacy standard and supersede the patchwork of state laws. The proposed legislation includes regulations for a range of data, including genetic and health information.
The proposal is the first privacy legislation of 2021. Congress made consumer data privacy a key priority in 2019 with a number of proposed bills and Congressional hearings to discuss necessary steps to shoring up privacy protections.
Previous hearings and proposals settled on the need for a bipartisan agreement, while empowering the FTC with the authority to impose fines on entities that fail to comply with standards. However, Congress has yet to settle on how to meet in the middle.
And with COVID-19, much of the privacy discussion was put on the back burner.
Delbene’s proposal takes aim at some of these challenges, particularly the lack of a federal data privacy standard and the patchwork of state laws. The argument is that the range of privacy regulations can and have led to confusion for both businesses and individuals.
To Delbene, a national standard will create a uniform set of consumer rights and rules for businesses. She argues that the lack of federal standards is an international and domestic concern, one that has been taken up by other countries, such as the EU with its General Data Protection Regulation.
The proposed legislation will apply to health, financial, biometric, genetic, geolocation, sexual orientation, citizenship and immigration status, Social Security numbers, and religious beliefs. It also establishes protections for data belonging to children under the age of 13.
“Data privacy is a 21st Century issue of civil rights, civil liberties, and human rights, and the US has no policy to protect our most sensitive personal information from abuse, Delbene said in a statement.
“With states understandably advancing their own legislation in the absence of federal policy, Congress needs to prioritize creating a strong national standard to protect all Americans, she added. “This bill will create those critical protections.”
The proposed legislation requires companies to provide consumers with privacy policies in “plain English” and allow for individuals to opt-in to data sharing, before companies are allowed to share their private information.
The bill also requires companies to disclose any data sharing policies, including the entities and purpose for the data sharing. The aim is to increase transparency. A number of third-party health apps have recently come under fire for sharing consumer data without notifying the user.
The legislation also gives the FTC strong rulemaking authority, including the ability to penalize entities that fail to comply with the rules on the first offense. State attorneys general would also be authorized to pursue violations when the FTC chooses not to act on a violation.
Lastly, the proposed bill establishes the requirement that companies must submit to privacy audits every two years from a neutral third party.
Many of these provisions were previously introduced in several other proposed privacy bills and state privacy laws, such as the empowerment of the FTC.
The bill has already received support from industry stakeholders, including Carl Holshouser, senior vice president of TechNet, who lauded the need for a national privacy law to supersede the 22 state proposals or laws regulating consumer privacy.
“Keeping user data and privacy protected is a priority for technology companies and the need for a national privacy law has never been greater,” Holshouser said in a statement. “[The patchwork of laws] leaves consumers confused and unprotected… and hurts small- and medium-sized companies that don’t have the time, money, or resources to comply with 50 different state privacy regimes.”
“[Delbene’s] bill would lead to more transparency about data practices, more consumer control over how personal data is used, and more resources for the FTC to enforce privacy rights,” said Progressive Policy Institute President Will Marshall, in a statement. “It also offers a pragmatic alternative to Europe's unduly restrictive and poorly drafted GDPR, while preempting state laws that would force small businesses to run a gauntlet of conflicting rules.”