Two influential lawmakers from opposing parties have crafted a deal on legislation designed to strengthen privacy protections for Americans' personal data. The sweeping proposal announced Sunday evening would define privacy as a consumer right and create new rules for companies that collect and use personal information. It comes from the offices of Democratic Sen. Maria Cantwell and Republican Rep. Cathy McMorris Rodgers, both of Washington state.
Cantwell chairs the Senate Commerce Committee while McMorris Rodgers leads the House Energy and Commerce Committee. While the proposal has not been formally introduced and remains in draft form, the bipartisan support suggests the bill could get serious consideration.
Congress has long discussed ways to protect the personal data regularly submitted by Americans to a wide range of businesses and services. But partisan disputes over the details have doomed previous proposals.
According to a one-page outline released Sunday, the bill worked out by McMorris Rodgers and Cantwell would strengthen rules requiring consumer consent before a company can collect or transfer certain kinds of information. Companies would have to notify consumers about the details of data collection and retention policies and seek consumer permission for significant changes.
In addition, companies would have to ensure that any algorithms used to analyze personal data aren't biased, and companies that buy and sell personal data would have to register with the Federal Trade Commission.
Consumers would also have greater control over how their data is used under the measure. One provision of the proposal would allow consumers to opt out of targeted ads — i.e., advertisements sent to them based on their personal data.
A new bureau focused on data privacy would be created within the FTC, which would have the authority to enact new rules as technology changes. Enforcement of the law would fall to the FTC as well as state attorneys general.
If passed, the new standard would preempt most state privacy laws — though it wouldn't impact certain states' laws already on the books that protect financial, health or employee data.