Digital Privacy Bill Proposed in Congress

Laura BednarCybersecurityLeave a Comment

Congress Online Privacy Act

Democratic representatives Anna Eshoo and Zoe Lofgren of California recently proposed the Online Privacy Act, which would authorize the creation of a federal agency devoted exclusively to the protection of online privacy rights defined by the bill. The legislation would authorize the new agency to hire 1,600 employees and give them the authority to impose fines for transgressions.

Overview of the law

The Online Privacy Act is an attempt to secure digital privacy after a series of similar bills failed. Numerous states have implemented their own legislation in the meantime, including California. The California Consumer Privacy Act, which goes into effect in January of 2020, was partially inspired by the European Union’s General Data Protection Regulation (GDPR). The new federal law will not preempt state laws.

The newly proposed Online Privacy Act would allow consumers to know about, edit, and delete data third parties obtained about them. It would also require that consumers give opt-in consent to their data being used for machine learning and AI algorithms. If companies fail to abide by the law, consumers will be authorized to bring suit.

Details of the Act

Under the act, companies would further be required to disclose their objectives in obtaining data while minimizing employee and vendor data access. They would be prevented from using data for targeted emails and required to seek consent when disclosing or selling information. Access to genetic information would also be severely curtailed.

The bill’s sponsors noted that data gathering and data sharing had become huge, multimillion-dollar industries by progressively infringing on the privacy of the American people. As Lofgren put it, “Privacy for online consumers has been non-existent – and we need to give users control of their personal data by making legitimate changes to business practices.”

Struggling with privacy

As noted, there have been a number of efforts already made to legislate privacy at the federal level. Senator Ron Wyden (D-Oregon) proposed legislation that would have established criminal penalties, including jail time, for CEOs that breached its privacy requirements. Senator Marco Rubio (R-Florida) proposed a more moderate measure that would have authorized and mandated the FTC to protect consumer privacy.

More and more political leaders and pundits are calling for the U.S. government to adopt a digital privacy law similar to the European model. The GDPR stipulates that companies:

  • seek the consent of those they collect data from
  • keep collected data remain anonymous
  • issue data breach notifications
  • appoint a company official to oversee compliance
  • take extreme care when transmitting data over national borders

The GDPR applies to every company marketing products and services to EU residents, and establishes stiff fines and penalties for noncompliance.

The increasing talk of America introducing legislation roughly on the model of the GDPR, and the need to sell to the European market, has already caused many American companies to begin tightening their data security protocols.

Data protection in a Technology-Driven World

Secure Data makes data privacy their number one priority. We maintain a slew of industry certifications and hire a third-party auditor to make sure we live up to them. In addition to our SSAE 18 privacy certification, we are a GSA-approved contractor and approved by all leading manufacturers. Our PCI-DSS certifies that we process billing information securely, and we are the only company in our industry to abide by FIPS 140-2 Level 3 validated data handling practices.

These data handling practices are made secure through our line of hardware encrypted SecureDrives. Our secure storage solutions completely eliminate data leaks to protect information from unauthorized parties. Call us at 1-800-388-1266 to learn more about our data security solutions.