The measure, a copy of which is being reviewed by The Washington Post, would set national standards for how a wide range of companies collect, use and transfer data over the internet. The law, known as the U.S. Privacy Rights Act, also gives users the right to opt out of certain data practices, such as targeted advertising. It also requires companies to collect only the information they need to offer consumers a particular product, while giving people the ability to access and delete their data or transfer it between digital services. You will be able to
Importantly, this agreement— This marks one of Washington's most significant efforts to catch up with privacy protections adopted in Europe nearly a decade ago. — This resolves two issues that have stalled negotiations for years: whether federal law should override related state laws, and whether consumers should be allowed to sue companies that violate the rules. That will happen.
The bill preempts a dozen “comprehensive” state privacy laws that have sprung up amid Congressional inaction (including California's watershed measure), while providing more targeted protections, such as health and financial data. It would accomplish Republican goals by keeping state rules on the issue in place. On the other hand, there is an enforcement method favored by Democrats, a civil action that allows individuals to seek economic damages if a company fails to honor data deletion requests or does not obtain explicit consent before collecting sensitive data. The lawsuit will be allowed.
“We have to draw a clear line in the sand when it comes to catching the bad guys and cracking down on the information age,” Cantwell said in an interview with the Sunday Post.
The Post and other news outlets reported on the expected agreement on Friday, but details of the proposal were not made public until Sunday. A spokesperson for McMorris Rogers had no immediate comment. In an interview with The Spokesman-Review newspaper in Spokane, Washington, on Sunday, McMorris Rodgers said the bill is a “historic piece of legislation” that would “establish the strongest privacy protections of any state law.” He said there is.
Even with support from Cantwell and McMorris Rodgers, the committee with primary responsibility for privacy laws, the bill faces uncertain prospects. It is currently a “debate draft”, meaning the committee chairs are likely to seek input from other MPs and external groups before formally introducing it.
And the window for passing any legislation, let alone a complex online privacy bill, is rapidly closing before the November election. McMorris Rodgers is set to resign from Congress in January, making the need for his action even more urgent. But Cantwell said, “It's good to have deadlines.”
As political scrutiny of alleged privacy violations by technology companies intensifies, Congress has held dozens of hearings on data privacy over the past five years, and lawmakers have floated a flurry of proposals aimed at addressing these concerns. Announced. However, no sweeping privacy laws have been adopted by either Congress, and few measures have received much attention.
At the last parliament, Members of Congress, including McMorris Rodgers, have pushed a major privacy bill aimed at breaking the impasse. But key leaders, including Cantwell and former House Speaker Nancy Pelosi (D-Calif.), voiced opposition.
Cantwell said at the time that the House bill would delay by several years the time when consumers can sue on their own, calling the provision one of the bill's “major enforcement holes.” criticized. He also expressed concern that companies could undermine the law by forcing users to arbitrate. Arbitration is a process that requires parties to resolve privacy disputes without going to court.
Cantwell said privacy negotiations resumed in earnest in December after the House bill stalled, and McMorris Rodgers approached him about resuming direct negotiations between the two sides.
The new law mirrors the House proposal in several ways. It forces companies to minimize and disclose their collection practices and allows users to correct or delete their data. It would also prohibit companies from using the data they collect to distinguish between protected classes. They are also required to appoint an executive officer who will be responsible for ensuring compliance with the law.
However, this compromise also includes important differences. For example, there would be no delay imposed on when individuals can file a lawsuit, and most arbitration agreements would be prohibited from interfering with the intent of the law. Mr Cantwell is calling for a change which he called “nighttime”. And That Day” was compared with the house version.
Cantwell and McMorris Rodgers are raising these issues, along with Republican concerns about whether small businesses will be able to comply with the bill, said a senior aide on the Senate Commerce Committee who previewed the bill on condition of anonymity. He said his priority was to resolve the issue. Provision of measures.
To this end, the proposal would exempt companies with less than $40 million in annual gross revenue from that requirement, and “large data holders” with more than $250 million in annual gross revenue. will impose enhanced obligations, including requirements to conduct periodic privacy reviews. Revenue.
This measure fails to achieve several other priorities. For example, it would not prohibit companies from targeting minors with ads, as President Biden called for in his State of the Union address. Nor would it create a “Juvenile Privacy and Marketing Division” at the Federal Trade Commission, as an earlier House bill proposed.
The proposal aims to provide “comprehensive” privacy protections, but a senior Commerce Committee aide said it would “complement” other child safety and privacy bills scheduled for consideration in the Senate. He said that it is considered a thing. These include a bill by Sen. Edward J. Markey (D-Mass.) that would expand federal child privacy laws, as well as a bill by Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Conn.). , Tennessee). New child safety obligations for digital platforms.
The action would “end” the FTC's efforts to develop new privacy regulations, but the FTC would be responsible for enforcing the action, along with state attorneys general. It would also significantly strip the Federal Communications Commission of its privacy oversight in the telecommunications sector, placing these issues under the jurisdiction of the FTC, which has troubled consumer advocates in the past. That's a problem.
The privacy breach is part of a recent flurry of activity surrounding new internet policies. Blumenthal and Blackburn announced in February that their online child safety bill had secured enough support to pass the Senate, increasing the likelihood of a vote this year. In March, the House of Representatives passed a bill that would force TikTok to be sold to its Chinese parent company or banned in the United States, and the issue moved to the Senate. A week later, the House of Representatives passed a more restrictive privacy bill aimed at stopping data brokers from selling U.S. user information to “foreign adversaries.”
“It's going to be a very busy few months,” Cantwell said.
He said lawmakers are considering adding child privacy and safety legislation to future must-pass legislation, and that his committee will take up the House data broker bill. Regarding the broader privacy bill, Cantwell said he plans to communicate “in earnest” with other lawmakers on Monday.
Will Cantwell and McMorris Rodgers' committee minority leaders, Rep. Frank Pallone Jr. (D.N.J.) and Sen. Ted Cruz (R-Texas), support the push? It is not clear at this point. It was also unclear whether state leaders, who would be preempted by the bill, would mount protests. This has disrupted discussions over privacy on Capitol Hill in the past.
“I think people think, and I agree, that comprehensive policies are better as long as you can achieve strong, robust standards,” Cantwell said.