U.S. Consumer Data Privacy Legislation: Nationwide Law Coming Soon?
The Information Transparency and Personal Data Control Act, proposed by Suzan DelBene (D-WA), aims to give consumers control over how businesses are sharing or selling their personal information–spanning identifiers to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, social security number and religion–with or without their permission. The bill was initially introduced in 2018 in a previous session of Congress but did not come to floor vote.
Key elements of measure include:
- Requires companies to provide their privacy policies in plain English.
- Allows users to opt-in before companies can use their most sensitive private information in ways they might not expect.
- Increases transparency by requiring companies to disclose if and with whom their personal information will be shared and the purpose of sharing the information.
- Creates a unified national standard and avoids a patchwork of different privacy standards by preempting conflicting state laws.
- Gives the Federal Trade Commission strong rule making authority to keep up with evolving digital trends and the ability to fine bad actors on the first offense. Empowers state attorneys general to also pursue violations if the agency chooses not to act.
- Establishes strong privacy hygiene by requiring companies to submit privacy audits every two years from a neutral third party.
U.S. Personal Privacy Act: Building On California, Virginia Laws?
In the absence of a federal law for data privacy, first California and now Virginia have stepped into the void with strong statutes giving consumers substantial control over their personal information. Other states are also considering similar legislation, including New York, Oklahoma, Utah and Washington. DeleBene’s bill could help settle confusion among consumers and businesses by superseding state data privacy laws.
A national standard is necessary to establish a uniform set of rights for consumers and rules for businesses regarding how personal data is used, DelBene said. “Data privacy is a 21st Century issue of civil rights, civil liberties, and human rights and the U.S. has no policy to protect our most sensitive personal information from abuse,” she said. “With states understandably advancing their own legislation in the absence of federal policy, Congress needs to prioritize creating a strong national standard to protect all Americans. This bill will create those critical protections,” she said.
U.S. Personal Privacy Act: Early Advocates
The proposed legislation drew endorsement from a number of IT associations, including the Information Technology and Innovation Foundation, the U.S. Chamber Technology Engagement Center, the Information Technology Industry Council and others.
Here a sampling of the advocacy:
“By significantly strengthening the FTC’s enforcement capabilities, establishing uniform national rules for the digital economy, and ensuring businesses focus on protecting consumers’ most sensitive information, this legislation would boost consumer protection without sacrificing innovation,” said Daniel Castro, Information Technology and Innovation Foundation vice president.
Tom Quaadman, U.S. Chamber of Commerce Technology Engagement Center executive vice president, said now is the time to enact a national privacy law. “Every American [has] the right to control their privacy, no matter where they live, with a clear set of rules for all businesses, no matter where they operate,” he said.
Shannon Taylor, Information Technology Industry Council senior vice president, senior counsel, government affairs, called a national privacy law a “top policy priority to enable innovation while upholding the individual rights of citizens who entrust companies with their personal data. “
The bill has global implications, DelBene said. “If we do not have a clear domestic policy, we will not be able to shape standards abroad, and risk letting others, like the European Union, drive global policy,” she said.