Digital Privacy Legislation Proposals
Consumer Data Protection Act
Data Care Act
- Introduced on December 12, 2018, by Senator Brian Schatz of Hawaii, the Data Care Act of 2018 aims at holding large technology companies, in particular, “online service providers”, responsible for the "protection of personal information" just like how "banks, lawyers and hospitals are held responsible."
- Some personal data under covered in the bill includes an individual's "social security number, driver’s license number,
passport or military identification number, financial account number," etc.
- The impact of the Data Care Act of 2018 includes protecting consumers' personal information from being shared and sold to third-party companies without the end users' permissions. It would also protect users' information online and punish tech companies that go against the bill, by failing to properly safeguard users' data.
- The bill imposes multiple duties on online service providers, including the duty to secure personal data from unauthorized access, the duty against using consumers' data in a way that it harms them, and the duty not to disclose consumers' identifying data to interested third-parties unless they meet the specifications under this bill.
- The Data Care Act is currently being heard in the Senate, specifically under the Committee on Commerce, Science, and Transportation.
Information Transparency & Personal Data Control Act
- Proposed by Representative Suzan DelBene, the Information Transparency & Personal Data Control Act mandates the FTC to set requirements for organizations offering services to the public that "collect, store, process, use, or otherwise control sensitive" consumers' information.
- Sensitive information includes any data relating to an identifiable person; however, information that is publicly available is not regarded sensitive.
- According to the FTC, controllers of sensitive consumer information must offer consumers a "privacy and data use policy," obtain positive consent to gather and use individuals' sensitive data, and must be audited annually to ascertain their data privacy and security controls.
- The impact of the act includes giving consumers control over their data, providing stronger enforcement for organizations that go against the bill, defining data worth protecting, and creating a national standard.
- The proposed bill is currently being heard in the House Committee on Energy and Commerce; therefore, it is in the first stage (introduction) of the legislation process.
A thorough examination of government websites, in particular, Congress.gov, Senate.gov, and delbene.house.gov
along with publications in major law review sites like the National Law Review provided the requested details on the three bills analyzed above. Both information used comes from reputable government websites and credible organizations like the National Law Review, a group of in-house attorneys committed to establishing a simple resource to gather and publish legal trends and news as they emerge.
Digital Privacy Legislation Proposals Part 1
The Innovative and Ethical Data Use Act of 2018, the CDT Federal Baseline Privacy Legislation Discussion Draft, and the Consumer Rights, Integrity, Safety, and Privacy in Information (CRISPI) Act are three additional new legislative proposals made by lawmakers to regulate FAANGS in the area of privacy. Covered in the next section are insights into the three draft proposals, including their expected impact.
Innovative and Ethical Data Use Act of 2018
- On January 28, 2019, Intel Corporation released a revised draft of its Innovative and Ethical Data Use Act, with a final version released in May 2019. The proposed bill features both oral and written testimonies of David Hoffman, Intel's global privacy and security policy chief.
- The proposed bill seeks to improve the protection of personal privacy and data by establishing nationwide requirements governing how for-profit and non-profit private sector organizations collect, use, and share consumers' data following the Fair Information Practice Principles.
- Non-compliance with the proposed draft, if enacted, would result in penalties not exceeding $1 million and a maximum sentence of ten years. Likewise, civil penalties of $16,500 per individual with a limit of $1 million shall also be imposed on organizations violating the privacy policies the draft is advocating.
- On June 21, 2019, Intel released the final version of its proposed Innovative and Ethical Data Use Act; thereby, implying that the draft proposal is in its first stage of the legislative process.
CDT Federal Baseline Privacy Legislation Discussion Draft
- The final draft proposal of the CDT Federal Baseline Privacy Legislation Discussion Draft was published on December 5, 2018, seeks to set reasonable limits regarding the "use, collection, and sharing of personal information." The draft also provides individual rights to "access, correct, delete, and port data."
- The draft discussion seeks to elicit views from the public by encouraging participation, feedback, and collaboration from all parties involved. The discussion draft also serves as a resource key decision-makers can rely on to rebalance the current policies around the privacy ecosystem to favor consumers.
- While the bill is yet to be passed, it calls for stringent civic penalties, including a fine of not more than $16,500 per covered person. The penalties shall be calculated based on the number of individuals affected.
- On February 26, 2019, Nuala O’Connor, President and CEO
— Center for Democracy & Technology testified before the House of Representatives. In this regard, the draft proposal is currently in the House of Representatives stage, in the legislation process.
The CRISPI Act
- The Consumer Rights, Integrity, Safety, and Privacy in Information (CRISPI) Act proposed by Castilleja School during its global week seeks to strike a balance between users’ privacy rights and progressive economic growth. The proposed draft allows users to check their data and to understand how the company uses the data.
- According to the proposals, companies must explicitly state how they will use consumers' data before starting to collect the data. On that note, consumers will have the option to opt-out of data tracking, while still retaining the ability to use most of the company's application or services online.
- The proposed law would allow companies a two-year compliance period and offer a supportive transition. However, the proposed draft pushes for more transparency around companies' use of consumers' data. These consumers would be granted rights to sue companies that violate the law.
- Another likely impact is that the proposed draft seeks to increase data rights for individuals, such as the ability to "access, correct, and delete their data." Consumers can also ask how companies intend to use their data.
- There has not been any other publication regarding this proposed draft since early 2019, an indicator that the draft might have been dropped or is dead.
A review of a research report by the Brookings Institution on proposed drafts for data and security privacy featured several examples of proposed laws, including all the examples examined above. However, additional searches on each proposal were conducted to uncover more in-depth data regarding these proposals, including details about their impacts on both the consumers and the industry as a whole. Overall, the three proposed drafts above feature a quick summary of what each proposal entails and its expected impact on consumers and the industry.
Digital Privacy Legislation Proposals Part 2
The American Data Dissemination (ADD) Act, the Internet Bill of Rights, and the Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data Act, are three additional examples of digital privacy legislation proposals that are currently in different stages of the legislation process. Overviews of each proposed bill are discussed below, including the impacts of each proposed bill if enacted.
The American Data Dissemination (ADD) Act
- The American Data Dissemination (ADD) Act
proposed by Senator Marco Rubio on January 16, 2019, seeks to provide a "national consumer data privacy law" to protect
both the consumers and the internet economy.
- The bill, which is anchored on the Privacy
Act of 1974, aims at offering consumers protections against unlawful invasions from highly developed players in the private sector.
- The proposed draft also provides consumers with the rights to access and correct any of their personal information kept by a covered provider and those that are inaccurate, irrelevant, untimely, or incomplete as per the specifications set forth by the FTC (Federal Trade Commission).
- The draft proposal is currently in the Senate Committee on Commerce, Science, and Transportation, according to the latest later by Senator Marco Rubio, to the committee urging them to consider the draft.
The Internet Bill of Rights
The Designing Accounting Safeguards to Help Broaden Oversight and Regulations on Data Act
- The Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data Act bill was introduced on Jun 25, 2019, by Sen. Mark Warner and Sen. Josh Hawley, R-M.O.
- The bill, also dubbed the Dashboard Act, would demand tech and data-driven giants like Facebook and Google, disclose to consumers and financial regulators the data they collect, how they use it, and its worth.
- Companies would be forced to provide 90-day updates to consumers, who will receive their copy as well. The Dashboard Act aims at regulating big data-driven advertising companies like Twitter, Amazon, and Snapchat, which have come under increased scrutiny in the recent past
- The bill is currently in its first phase of the legislation process. If enacted, it will affect big tech giants with over 100 million monthly active users.
An examination of recent posts on leading national newspapers and magazines, along with reports published by leading institutions such as the Brookings Institution, contained examples of digital privacy legislation proposals examined above. Equally, your research team relied on government data to find more examples of proposed bills aimed at regulating FAANGS (Facebook, Apple, Amazon, Netflix, and Alphabet's Google), especially in the area of privacy. Some third-party resources utilized in the search include GeekWire and Vox.com. Overall, insights into the proposed bills examined above are provided and the impacts these bills will have on the consumers and the internet economy.