Congress once again meets with the nearly complete the lack of federal laws that cover the absolutely huge amount of data that companies now gather on each of us, which forms the backbone of basically the entire big tech era. .
Representatives Anna Eshoo and Zoe Lofgren, both Democrats from California, introduced the Privacy Act online. The act was to create a new federal agency, the Digital Privacy Agency, to enforce privacy rights. The act would also authorize the agency to employ up to 1[ads1],600 employees.
"Every American is vulnerable to privacy violations with few tools to defend himself. Too often, our private information online is stolen, abused, used for profit or grossly abused," Eshoo said in a statement. "Our legislation ensures that every American has control over their own data, companies are held accountable, and the government provides tough but fair oversight."
"Our country has an urgent need for a legal framework to protect consumers from the ever-growing data collection and data sharing industries that make billions of dollars on US personal data annually," added Rep. Praise to. "Online consumer privacy has not existed – and we need to give users control over their personal data by making legitimate changes to business practices."
Online Privacy Act
The provisions of the Bill (PDF) would apply to "any entity (including non-profit organizations and regular carriers) that intentionally collects, processes or maintains personal information AND transmits personal information over an electronic network."
Under the terms of the OPA, individuals would have the right to collect, correct, and delete data collected about them by covered entity, as well as request "a human review" of automated decisions. Users must also choose to use their personal information to train machine learning algorithms. They would be able to choose how long companies keep their data.
The Bill distinguishes between aggregated data and personal, identifiable data associated with an individual, and this places severe restrictions on the use of the latter. As outlined in a fact sheet on a page, OPA would:
- articulate the need for and minimize user data [covered entities] collect, process, disclose and maintain
- not minimize employee and contractor access to user data  nor disclose or sell personally information without explicit consent
- do not use third party data to identify individuals
- do not use private communications, (e.g., e-mail and network traffic) for advertisements or other invasive purposes
- in order not to process data in a way who violate civil rights, such as employment discrimination
- only processes genetic information under limited circumstances
- uses objectively understandable privacy rules and consent processes, and cannot use & # 39; dark patterns & # 39; to consent to
- Network Security Policy to protect user data, and
- notify the agency and users of data breaches and data breaches, e.g. Cambridge Analytica
The privacy laws of the United S Tates today are a patchwork of regulation, and the end result is basically a hot mess that leaves agencies with limited authority to investigate and punish serious personal data breaches.
The federal statutes each contain cover a specific limited type of data and specify a specific, limited type of entity that is committed to protecting that data. So, for example, while the doctor's office cannot sell information about your diagnoses to a third party, such a restriction does not apply to apps or portable devices that collect the same type of data.
A handful of states have supplementary laws on books. Illinois, for example, passed a prescient law back in 2008 that regulates the collection and use of individuals' biometric data. Facebook since 2015 has been embroiled in a lawsuit over class actions in that state for its use of face recognition.
The largest player at the state level is California, which in 2018 passed a sweeping privacy law that would give individuals more control over how their personal data is collected, used and sold. This law has survived several attempts by opponents to weaken its core provisions, and it comes into force on January 1.
Representatives Eshoo and Lofgren are far from the first to propose new federal legislation to deal with morass. In fact, they're not even the first ones this year. Senator Ron Wyden (D-Ore.) Last month introduced the Mind Your Own Business Act, which not only seeks to introduce new standards for user privacy and how data is handled, but also will impose penalties, including jail, on the management of non-compliant companies .
Sen. Marco Rubio (R-Fla.) Also introduced a privacy-related bill earlier this year. His US data disclosure law would create a process and timeline for the Federal Trade Commission to establish privacy rules, rather than actually establishing new rules. It will also prohibit any state from enforcing its own law related to the same type of data as the federal law, which many large tech companies strongly support.