Congresswoman Suzan DelBene (WA-01) introduced the Information Transparency and Personal Data Control Act, legislation that would create a national data privacy standard to protect the most personal information.
Currently there is no federal data privacy law, resulting in states pursuing their own consumer privacy policies. The bill protects personal information including data relating to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, Social Security Numbers, and religious beliefs. It also keeps information about children under 13 years of age safe.
“Data privacy is a 21st Century issue of civil rights, civil liberties, and human rights and the U.S. has no policy to protect our most sensitive personal information from abuse. With states understandably advancing their own legislation in the absence of federal policy, Congress needs to prioritize creating a strong national standard to protect all Americans. This bill will create those critical protections,” said DelBene. “This is an international issue as much as it is a domestic concern. If we do not have a clear domestic policy, we will not be able to shape standards abroad, and risk letting others, like the European Union, drive global policy.”
Key elements of the Information Transparency and Personal Data Control Act include:
- Plain English: Requires companies to provide their privacy policies in “plain English.”
- Opt-in: Allows users to “opt-in” before companies can use their most sensitive private information in ways they might not expect.
- Disclosure: Increases transparency by requiring companies to disclose if and with whom their personal information will be shared and the purpose of sharing the information.
- Preemption: Creates a unified national standard and avoids a patchwork of different privacy standards by preempting conflicting state laws.
- Enforcement: Gives the Federal Trade Commission (FTC) strong rulemaking authority to keep up with evolving digital trends and the ability to fine bad actors on the first offense. Empowers state attorneys general to also pursue violations if the FTC chooses not to act.
- Audits: Establishes strong “privacy hygiene” by requiring companies to submit privacy audits every 2 years from a neutral third party.
Many of these provisions are adapted from state privacy laws and proposals.
A national data privacy standard would support consumer confidence when using technology. Research shows 70% of Americans believe that their personal data is less secure now than it was five years ago. Similarly, 45 percent of Americans have had their personal information compromised in a data breach in the last five years with limited to no accountability for those responsible.
“This bill shows that it is possible to craft a data protection law that protects consumers without imposing unnecessary costs on businesses. By significantly strengthening the FTC’s enforcement capabilities, establishing uniform national rules for the digital economy, and ensuring businesses focus on protecting consumers’ most sensitive information, this legislation would boost consumer protection without sacrificing innovation. We encourage Congress to use this as a roadmap for how it should move forward in the digital economy to provide certainty to consumers and business alike,” said Daniel Castro, Vice President of the Information Technology and Innovation Foundation.
“The Main Street Privacy Coalition strongly endorses the Information Transparency and Personal Data Control Act and appreciates its thoughtful approach to federal privacy legislation,” said Doug Kantor, Counsel to the Main Street Privacy Coalition. “The Information Transparency and Personal Data Control Act embodies important principles that are essential to effective and fair privacy legislation designed to protect consumers comprehensively.”
A summary of the Information Transparency and Personal Data Control Act can be found here and the bill text is available here.
Source: https://www.securitymagazine.com/articles/94796-national-consumer-data-privacy-legislation-introduced