Lawmakers Move Forward on Data Privacy Bill
WASHINGTON — The heads of the House and Senate Commerce committees reached an agreement on a data privacy bill this week that would override state laws limiting what information corporations can gather on private individuals.
It also would give consumers a right to delete their private information from corporate databases and to sue when their privacy is invaded.
The American Privacy Rights Act would set a single national standard that replaces 15 state laws.
The bill results from an agreement between Sen. Maria Cantwell, D-Wash., who chairs the Commerce Committee, and Representative Cathy McMorris Rodgers, R-Wash., chair of the House Energy and Commerce Committee.
The planned bill “gives Americans the right to control where their information goes and who can sell it,” McMorris Rodgers said. “It reins in Big Tech by prohibiting them from tracking, predicting and manipulating people’s behaviors for profit without their knowledge and consent.”
Other provisions give consumers the ability to opt out of targeted advertising and require disclosure if their data is transferred to foreign adversaries.
Corporations would be allowed under the draft bill to gather only the data on businesses and individuals they “actually need to provide them products and services.”
Previous attempts in Congress to approve a data privacy law failed to win approval, largely because they would not have preempted state laws and lacked effective enforcement mechanisms.
Enforcement under the American Privacy Rights Act would be overseen by state attorneys general and a new bureau within the Federal Trade Commission. The FTC could issue fines for privacy violations.
The draft data privacy bill won an endorsement from J. Trevor Hughes, president of the International Association of Privacy Professionals.
“The U.S. is an outlier in the global economy” without a comprehensive privacy law, Hughes said. “That might change this year.”
The draft bill is in discussion among congressional committees that might seek to revise it before it is introduced.
Retailers and financial organizations are expected to be some of the primary targets of any new privacy enforcement. Telecommunications companies also would be required to comply.
The planned legislation is an outgrowth of congressional hearings into social media companies like Meta, Google, Twitter and TikTok.
They were accused of widespread privacy violations as they tracked use of their platforms by consumers. They would transfer the data to advertisers to help them target their ads to consumers most likely to purchase their products or services.
Social media executives, such as Meta chief executive Mark Zuckerberg, explained that they were trying only to operate an effective business plan, not to invade anyone’s privacy.
Meta’s Facebook paid a record $5 billion fine in 2019 following an FTC investigation of its consumer data collection practices.
The government agency is trying to place further restrictions on social media to prevent them from profiting on children’s data. The regulators also want to limit facial-recognition technology available through the internet.
Other suspicions are being cast on ByteDance, the Chinese government-influenced parent company of TikTok.
ByteDance paid a $92 million settlement in 2021 after data privacy complaints from U.S. TikTok users.
Now Congress is considering legislation that would force ByteDance to shut down or sell TikTok based on concerns its data collection is being used by the Chinese government to spy on Americans.
You can reach us at [email protected] and follow us on Facebook and Twitter