in addition, the draft would allow users to opt out of targeted advertising, and would permit individuals to sue over certain prohibited data uses. While it would also overrule many state privacy provisions, the draft bill would dramatically increase the Federal Trade Commission’s power to make rules in certain areas of privacy.
The text, known as the American Data Privacy and Protection Act, represents a bipartisan, bicameral agreement after years of stalled talks on data protection. It also lays out compromises on issues, such as lawsuits, that had stymied lawmakers even as industry, consumer groups and political leadership pushed Congress to act.
Despite the existing bipartisan agreement, the proposal still faces significant hurdles to becoming law this year. Foremost among them: It does not have sign-on from Democratic Sen. Maria Cantwell, who chairs the Senate Commerce Committee and is the most powerful legislator in the process. Although Cantwell reportedly is aiming to hold a hearing on privacy legislation in coming weeks, she dismissed the draft on Friday as doing too little to ensure companies “act in consumers’ best interests,” according to the Washington Post.
Congress also is trying to tackle major hot-button issues such as guns and abortion, while also moving forward with tech antitrust legislation. Lawmakers are also running against the clock, hoping to finish much of that work in the dwindling number of days left before the unofficial kickoff of the midterm campaign season in August and the election itself in November.
In addition, while some tech industry groups welcomed the progress, they also hinted they hoped for further concessions. And the U.S. Chamber of Commerce, the most powerful business lobby, said earlier this week it would use its firepower to oppose a text with “a blanket private right of action” allowing consumers to sue.
“In the coming weeks, we will be working with our colleagues on both sides of the aisle to build support and finalize this standard to give Americans more control over their personal data,” said a statement from Reps. Frank Pallone and Cathy McMorris Rodgers and Sen. Roger Wicker. Pallone chairs the House Energy and Commerce Committee, while McMorris Rodgers serves as its top ranking Republican member. Wicker is the highest-ranking Republican on the Senate Commerce panel.
The proposed bill would also offer consumers rights to access, correct, delete and move their data, and to opt out of its transfer to third parties — abilities that have become increasingly common under international or state privacy statutes. It would also put greater transparency requirements on companies, although some critics say those notices induce fatigue with consumers more than they empower consumer choices.
The bill includes a long list of provisions — such as those on data minimization and the handling of teens’ information — that could alter the workings of tech giants as well as data brokers, smaller firms in the industry and brick-and-mortar companies that use data and algorithms, whether public-facing or B2B.
The measure, for instance, would designate categories of sensitive data to receive heightened protections, including information on health, finances, location and biometrics. The sensitive category would also include “information revealing” race, religion, union membership and sexual orientation, among other classifications that are sometimes evident not just from users’ direct statements about themselves but also through an easy analysis of their interests, home addresses, travel patterns and more.
In addition to the civil rights assessments for big companies’ algorithms, the draft forbids data uses that discriminate “on the basis of race, color, religion, national origin, gender, sexual orientation, or disability.”
The text would also require companies to obtain express consent to collect and use most biometric and genetic information, and ban most handling of revenge porn. It would also require reasonable security practices and force CEOs of big companies to certify their firms have procedures in place to comply with the law, which could potentially put them on the hook personally for lapses.
