The House Energy and Commerce Committee published a draft of the discourse regarding a new bipartisan data privacy bill. The draft bill was about the national criteria for privacy and security and the recommendations to set limitations on U.S. organizations that collect, utilize, and hold on to consumer information.
The draft legislation calls for the creation of a privacy program by all companies and the introduction of a privacy policy, written using simple language, which makes clear what data the company collects, how long it is utilized and kept, and who gets access to the information.
There must likewise be data security measures put in place, which are best suited to the size of the business and the nature of its data activities. In case of a breach of consumer information, businesses ought to submit a report to the Federal Trade Commission (FTC).
The FTC will create a Bureau of Privacy to make rules, provide guidance, and execute compliance. The FTC will put a data retention time frame and create regulations that deal with the disclosure of personal data to third parties.
The bill will give consumers more control over their private data and the way it is used by businesses. Consumers could exercise their right to data access and correction; right to control who is able to access their personal information, and right to tell businesses to remove their personal information.
So that consumers would know which organizations have their personal information, the draft bill calls for the creation of a consolidated repository of data brokers. Consumers can access this repository to know who holds a copy of their data and know how to access that data, make changes, and demand the removal of their personal data.
An Energy and Commerce Committee representative said that the purpose of this draft is to take care of consumers and make transparent rules for data collectors. It took a few months of hard work and close collaboration between the Democratic and Republican Committee staff.
The draft release became available after hearing of the Senate Commerce Committee on the two data privacy bills proposed by Senate Commerce Committee Chairman, Roger Wicker (R-Miss) and Senator Maria Cantwell (D-Wash). There’s no agreement yet on what to put in the bill, but a bipartisan legislation was agreed upon.
The two vital points from the rival bills are the following:
- Should the federal privacy bill preempt state regulations
- Should there be a private cause of action
Sen. Cantwell’s bill recommended a private cause of action allowing consumers to sue companies that violate their privacy. Congressman Wicker does not agree with this. Wicker’s bill recommended the replacement of state laws with the new federal privacy law. Sen. Cantwell proposed to maintain the state laws to give consumers more protection. The bill discussion draft moves away from tackling the two concerns.
Industry stakeholders can submit their feedback on the draft legislation until mid-January 2020.