New Republican privacy bill may be ‘worse than no standard at all’

Congress is once again trying to pass a national data privacy law. But while it would provide new protections in some countries, it would weaken privacy rights in others, and miss many elements that privacy advocates find essential.

the Secure Data Act It is the product of a Republican data privacy working group led by Rep. John Joyce (R-Pa.), who introduced the bill alongside House Energy and Commerce Committee Chairman Brett Guthrie (R-Ky.). The proposal would require companies to collect only the user data they really need to perform the tasks they promise, let users know what information websites contain about them and request its deletion, and require explicit opt-in to the collection of sensitive data such as location or sexual orientation.

The Federal Trade Commission and state attorneys general will be able to take legal action against companies accused of violating the law. A separate bill, Financial data protection lawdeals specifically with consumer financial data.

This is the latest attempt in a years-long effort to pass federal privacy protections for digital consumers, after several previous iterations He failed to convince key congressional leaders to participate. In 2024, a meeting will be planned to discuss the last major bipartisan privacy proposal It was suddenly cancelled The bill reportedly faced opposition from the Republican leadership in the House of Representatives. In a joint statement, Guthrie and Joyce said the working group aims to “reset the debate around comprehensive data privacy.”

The Safe Data Act will provide some new protections for many Americans. Only about 20 states To date, there are comprehensive data privacy laws, and many have them He got bad grades From external defenders. The Safe Data Act would also create additional protections for data related to teens ages 13 to 15, requiring parental consent to process their information.

But the bill does not allow individuals to sue for alleged privacy violations. It does not require familiarity with the sites Global withdrawal mechanismsso users will need to proactively and continuously restrict the collection process. It also exempts pseudonymous data from some protections, which some groups warn will create a loophole for targeted advertising.

Furthermore, the bill seeks to preempt state laws that already provide equal or stronger protection — such as California’s law, which created a new privacy agency and allows consumers to take legal action against companies for certain data breaches, or Maryland’s law, which Selling is prohibited Sensitive data and deliver targeted advertising to teens under 18 years of age. Future of Privacy Forum (FPF), whose members include technology platforms But he says Its work is independent of individual stakeholders, Writes that bill “It selects certain narrow methods that only a small group of countries use.”

The FPF (which neither supports nor opposes the bill) says that while the proposal goes beyond some of the state’s narrowest laws, it is “consistently narrower and less directive” than California’s privacy requirements. Some of the definitions in the bill are also more limited than many state laws, such as the definition of “biometric data,” which does not include data from audio or video recordings, the group wrote.

Oregon, Delaware, Maryland, and Minnesota allow consumers to request the identity of the third party receiving their personal information, according to the FPF, and in Minnesota and Connecticut, users can “object to certain adverse profiling decisions” — which will also likely be preempted.

The Electronic Privacy Information Center (EPIC), which closely monitors privacy law, opposed the plan. “This bill would erase a wealth of privacy, security, online safety, and civil rights laws without providing any meaningful protections for Americans,” EPIC Deputy Director and Policy Director Caitriona Fitzgerald said in a statement. “A weak federal standard is worse than no standard at all.”

RJ Cross, director of the Public Interest Research Group (PIRG)’s Our Lives on the Internet, describes it as “essentially a green light for the tech industry to keep collecting whatever data they want from you and doing whatever they want with it. Then it makes sure that no pesky country that might want to regulate what companies actually do can get in the way.” Eric Noll, director of the Data and Privacy Project at the Center for Democracy and Technology, warns that this “will reinforce the harmful online data practices that Americans need and want privacy law to fix, leading to more data breaches, more intrusive data collection, more creepy advertising practices, and more business for data brokers.” (The group receives funding from several large tech platforms But he says Its supporters have no influence on its priorities.)

Conversely, business groups praised the law, including its pre-emption element. But also, said Rob Retzlaff, executive director of the Connected Commerce Council, which advocates for small businesses Got funding from big tech platforms Like Amazon and Google. Several major industry groups, including the U.S. Chamber of Commerce, the National Retail Federation, and NetChoice, have expressed their support. “The bill would end a confusing patchwork that hurts consumers and small businesses,” they said in a joint statement.

Democrats have historically opposed broad preemption of state privacy laws and supported a private right of action, and none currently support such action. Its sponsors hope to recruit them later, after the plan was passed from the committee via a party vote, according to what the British newspaper “Daily Mail” reported. CNBC. The FPF says many of the things left out of the bill are “likely intended to create margin for negotiations” at that stage.

If the bill passes, FPF says states will likely fight to keep their laws in place, arguing that their standards are not directly “linked” to the federal standard and should remain stand-alone. California’s privacy law, for example, “may be difficult to fully preempt because it covers employee data, B2B data, and applicant data — categories that the federal bill excludes,” FPF says.

With the midterm elections approaching, the bill faces a difficult road forward. On paper, the federal privacy law is an important and necessary step, but many fear this bill will not go far.