Key lawmakers propose new rules for personal data protection; The bill would make privacy a consumer right
WASHINGTON — Two influential lawmakers from opposing parties have struck a deal on legislation designed to strengthen privacy protections for Americans’ personal information.
The sweeping proposal announced Sunday night would define privacy as a consumer right and create new rules for companies that collect and use personal information. It comes from the offices of Democratic Senator Maria Cantwell and Republican Representative Cathy McMorris Rodgers, both from Washington state.
Cantwell chairs the Senate Commerce Committee, while McMorris Rodgers leads the House Energy and Commerce Committee. Although the proposal has not yet been formally introduced and is still in draft form, bipartisan support suggests the bill could receive serious consideration.
Congress has long discussed ways to protect the personal data that Americans regularly provide to a wide range of companies and services. But partisan disputes over the details have doomed previous proposals.
According to a one-page outline released Sunday, the bill drafted by McMorris Rodgers and Cantwell would strengthen rules that require consumer consent before a company can collect or transfer certain types of information. Companies should inform consumers of the details of the data collection and retention policies and obtain consumer consent for any material changes.
In addition, companies should ensure that the algorithms used to analyze personal data are not biased, and companies that buy and sell personal data should register with the Federal Trade Commission.
Under the measure, consumers would also have more control over the way their data is used. One provision of the proposal would give consumers the ability to opt out of targeted ads, that is, ads sent to them based on their personal information.
A new agency focused on data privacy would be created within the FTC, which would have the authority to issue new rules as technology changes. Enforcement of the law would be the responsibility of both the FTC and the attorneys general.
If adopted, the new standard would override most state privacy laws — although it would not affect some states’ laws that already cover the books that protect financial, health or employee data.