A bipartisan consumer privacy bill released by two key members of Congress would provide the broad, comprehensive protections businesses and Americans have called for, according to its sponsors.
On Sunday, Sen. Maria Cantwell (D-Wash.), chair of the Senate Committee on Commerce, Science, and Transportation, and Rep. Cathy McMorris Rodgers (R-Wash.), chair of the House Committee on Energy and Commerce, unveiled the “American Privacy Rights Act.” The bill would “[eliminate] the existing patchwork” of state privacy laws and include strong enforcement measures, according to a press release.
Among other provisions, the bill would seek to hold executives accountable if the law’s consumer protections were not followed.
The bill, which must be approved by the House and Senate before heading to the president’s desk to become law, is the “best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information,” said Cantwell and Rodgers in the release.
The lawmakers said they are hopeful their colleagues will step up and support the bill, which has been a stalling point for other similar legislation in recent years.
Fourteen states have approved comprehensive data privacy laws, as tracked by the International Association of Privacy Professionals. The most recent was New Hampshire, whose law was signed by the governor in March.
All the laws are different, with the California Consumer Privacy Act out front as the most robust and far-reaching. Multistate businesses have scrambled to stay in compliance with the varying provisions.
The American Privacy Rights Act would limit the data companies can collect and use to only information that is necessary for the company to provide products and services.
Businesses would have to abide by data security standards to reduce the chance personal data could be stolen or accessed.
The bill would also allow people to prohibit the sharing and selling of their personal data. Highly sensitive data would have stricter limits and not be allowed to be shared unless a person gives their consent.
Companies that violate the law could face suits from individuals or state attorneys general, with the Federal Trade Commission also involved in enforcement of large cases.
Companies would be prohibited from requiring arbitration in privacy disputes.
People would have the right to opt out of having artificial intelligence systems used to make decisions about housing, employment, healthcare, credit, education, or insurance.
No comments yet