A top House panel unveiled long-awaited draft privacy legislation that calls for limits on sharing consumers’ information and would allow users to correct their personal data.
The draft, which also calls for the Federal Trade Commission to establish a new privacy bureau, could become the basis for the country’s first federal privacy law. However, unless and until it’s adopted, a strict California rule, which takes effect Jan. 1, could become the de facto national standard.
The initiative, which staff from the Energy and Commerce Committee circulated last Wednesday, comes after a year of talks among members and is the highest-level proposal to emerge from the House. The language may not represent the policy positions of all members, the staff said in a note.
The proposal would require companies to get consent from consumers before sharing data with third parties and would require that those businesses have agreements in place limiting how they can use that information. Such third-party sharing underlies much of the online advertising industry.
If adopted, the measure would also require companies to have easy-to-read privacy policies, clamp down on how long they can hold data and prohibit using data to discriminate against groups that are protected by federal law.
The draft highlights still-unresolved divisions between Republicans and Democrats on key issues including consumer lawsuits and overruling state privacy statutes, known as federal preemption.
“We want to see what kind of bill we get,” Democratic Representative Jan Schakowsky of Illinois, who chairs the consumer protection subcommittee, said in an interview. “If we get a really, really robust one, then we have a serious conversation about preemption.”
Business groups had hoped lawmakers would pass a federal statute before California’s rules take effect. Companies have also been pushing for legislation that overrides state rules to simplify compliance and that bars consumers from suing over privacy violations.
The industry groups have objected to the breadth of data that is regulated in the California rules and what they say is a lack of clarity about companies’ obligations to customers.
Companies in specific sectors have also voiced concerns about the California law. For example, retail groups worry that the law imperils rewards programs because of provisions that might limit discounts in exchange for customers’ data, such as emails and other information.
Alphabet Inc.’s Google has tried to water down the California law and carve out exemptions for digital advertising to protect its massively profitable online advertising business, which is powered by the data it collects on users.
Because of California’s size, economic power and status as home to many big tech companies, some privacy advocates expect firms will have to extend its protections to everyone in the U.S., making the law a unofficial standard at least until other states pass their own measures.
With the Democratic push to impeach President Donald Trump fueling a sharply divided political climate ahead of the 2020 presidential elections, many observers see the opportunities to pass a privacy law before 2021 narrowing.
“I don’t know if the United States Senate has the will to dedicate floor time to any major policy,” Senator Maria Cantwell of Washington, who leads the Democrats’ privacy effort in that chamber, told reporters on Wednesday.
Schakowsky was in agreement with the panel’s top Republican, Representative Cathy McMorris Rodgers, on much of the draft, which left brackets in the text to mark the lack of clear consensus over two key points: whether consumers can sue if a company violates the law and whether states can maintain their own privacy rules.
The draft issued by House lawmakers “will serve as an important step in the process for us to solicit feedback,” McMorris Rodgers said in a statement, adding that she is “committed to continue working with Schakowsky towards a bipartisan privacy bill.”
Schakowsky said she’s optimistic that Congress could pass a law next year. She says she’s working with the California attorney general and House Speaker Nancy Pelosi.
“There is a consumer demand out there too,” she said. “And I think all the companies know it’s coming.”
The House initiative comes after leaders of the Senate Commerce Committee issued dueling partisan proposals in November.
The Senate versions also split over the issues of lawsuits and state pre-emption, although that committee’s chairman, Republican Senator Roger Wicker, has said he might be open to granting consumers a narrow right to sue over privacy violations, but not to recover damages.
Both Senate proposals would give consumers more control over their data, allowing them to access, correct, delete and transport personal data that is held by technology companies. Many of these rights also appear in California’s law, although it remains to be seen how the measures would compare.
Cantwell said she and Wicker are still working together on their separate bills, and are currently meeting with outside stakeholders to get feedback.
Schakowsky and others will likely seek changes to the House measure circulated Wednesday. Other lawmakers have taken their different approaches, such as the Online Privacy Act proposed by Democratic Representatives Anna Eshoo and Zoe Lofgren of California, which would allow consumers to sue companies for privacy violations. House lawmakers could also have trouble reconciling the text with any bill that passes the Republican Senate.
The U.S. has lagged behind the European Union, where a sweeping new privacy rule known as the General Data Protection Regulation went into effect in 2018, requiring “unambiguous” consent to collect data and granting consumers rights to access information about them and delete some of it.
Was this article valuable?
Here are more articles you may enjoy.