The measure, a copy of which was reviewed by The Washington Post, would set a national framework for how companies can collect, use and transmit data over the Internet. Dubbed the American Privacy Rights Act, it will also give consumers the right to opt out of certain data practices, including targeted advertising. And it would require companies to collect only as much information as they need to offer specific products to consumers, while giving people the ability to access and delete their data and move it between digital services. Must do.
Importantly, the agreement – That marks one of Washington’s most significant efforts to achieve privacy protections adopted in Europe nearly a decade ago. – would resolve two issues that have dogged negotiations for years: whether federal law should override relevant state laws and whether consumers should be allowed to sue companies that violate the rules. are
The bill would achieve a Republican goal by prioritizing more than a dozen “comprehensive” state privacy laws that have emerged amid congressional inaction — including the Watershed California initiative — while protecting more targeted ones like health or financial data. Allows state rules on issues to stand. Meanwhile, it would allow for an enforcement mechanism championed by Democrats: civil lawsuits that would let individuals seek financial damages if companies comply with requests to delete data or clear sensitive data before they are collected. Fail to obtain consent.
“We have to have a bright line here where we’re catching bad actors and policing the information age,” Cantwell told The Post in an interview Sunday.
The Post and other news outlets reported the expected deal on Friday, but details of the proposal did not become public until Sunday. A spokeswoman for McMorris Rogers had no immediate comment. In an interview Sunday with The Spokesman-Review of Spokane, Wash., McMorris Rogers called it a “historic piece of legislation” that would “establish privacy protections that are stronger than any state law on the books.” “
Even with the support of Cantwell and McMorris-Rogers, whose committees bear primary responsibility for privacy legislation, the initiative faces uncertain prospects. It’s currently a “discussion draft,” meaning the two committee chairs will seek input from other lawmakers and outside groups before formally introducing it.
And the window to pass any legislation — much less a complicated online privacy bill — is closing fast before the November election. With McMorris Rogers stepping down from Congress in January, the need for action becomes even more urgent. But, Cantwell said: “Deadlines are a good thing.”
Over the past half-decade, Congress has held dozens of hearings on data privacy as political scrutiny of alleged privacy violations by technology companies has intensified, with lawmakers unveiling a wave of proposals to address those concerns. . But no broad privacy legislation has been enacted by either chamber of Congress, and few initiatives have gained significant traction.
During the last Congress, House lawmakers, including McMorris Rogers, have introduced a sweeping privacy bill aimed at breaking the impasse. But key leaders — including Cantwell and former House Speaker Nancy Pelosi (D-Calif.) — spoke out against it.
At the time, Cantwell said the House measure would delay by several years when consumers could file their lawsuits, criticizing the provision as one of the bill’s “big enforcement holes.” are He also expressed concern that companies could undermine the law by forcing consumers to go to arbitration, a process that could require parties to resolve privacy disputes without going to court.
After the House bill stalled, privacy talks picked up in December, Cantwell said, when McMorris Rogers approached him about reviving direct negotiations between the two.
The new legislation mirrors the House proposal in several ways: It would force companies to reduce and disclose their collection practices and allow consumers to correct or delete their data. It will also prevent companies from using the data collected to discriminate against protected classes. And it will appoint executive officers responsible for ensuring their compliance with the law.
But the compromise measure also includes key differences: for example, it would not delay when people can file lawsuits and it would prevent most arbitration agreements from interfering with legislative intent. – Changes requested by Cantwell, who called it “night”. and days” compared to the house version.
A senior aide to the Senate Commerce Committee, who spoke on condition of anonymity to review the legislation, said Cantwell and McMorris-Rogers preferred to address those issues, his Along with Republican concerns about the ability of small businesses to comply. Measurement provisions.
To that end, the proposal would exempt from its requirements companies with less than $40 million in annual gross revenue and “big data holders” with more than $250 million in annual gross revenue — to conduct regular privacy reviews. Will impose more responsibilities, including necessity. Income.
This move will not meet some other priorities. For example, it would not prohibit companies from targeting minors with advertising, as President Biden called for during his State of the Union address. Nor would it create a “youth privacy and marketing division” at the Federal Trade Commission, as previous House legislation had proposed.
While the proposal aims to offer “comprehensive” privacy protections, a senior Commerce Committee aide said it is seen as “complementary” to other child protection and privacy bills that have passed the Senate. It is expected. That includes an initiative by Sen. Edward J. Markey (D-Mass.) that would expand federal children’s privacy laws and another led by Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.) will. New child protection obligations for digital platforms.
The measure would “terminate” the FTC’s efforts to create new regulations on privacy, though the agency — along with state attorneys general — would be responsible for enforcing the measure. It would also largely strip the Federal Communications Commission of any privacy oversight in the telecommunications sector, and bring those matters under the purview of the FTC — a wrinkle that has vexed consumer advocates in the past. .
The privacy compromise is part of a recent surge of activity over new Internet policies. In February, Blumenthal and Blackburn announced they had secured enough support for online child safety legislation to clear the Senate, eliminating a possible vote this year. In March, the House passed legislation to sell TikTok through its Chinese parent or ban it in the United States, taking the matter to the Senate. A week later, the House passed another narrow privacy bill aimed at preventing data brokers from selling American user information to “foreign adversaries.”
“It’s going to be a very busy few months,” Cantwell said.
He said lawmakers will try to attach child privacy and safety bills to an upcoming must-pass legislative package, and his committee plans to take up the House data broker bill. As for the broader privacy bill, Cantwell said she plans to reach out to other lawmakers on Monday.
It was not immediately clear whether Rep. Frank Pallon Jr. (DN.J.) and Sen. Ted Cruz (R-Texas), the minority leaders on the Cantwell and McMorris-Rogers committees, would support the push. Nor was it clear whether state leaders whose laws would be covered by the measure would rally against it — something that has complicated discussions on privacy on Capitol Hill in the past.
“I think people think a comprehensive policy is better as long as it can reach a strong, beautiful standard,” Cantwell said, “which I think it does.”