Governance & Risk Management , Government , Industry Specific

Key Lawmaker Heralds 'Landmark' Draft Federal Privacy Bill

Top Democrat Calls Draft Bill a 'Unique' Chance to Pass Federal Privacy Legislation
Key Lawmaker Heralds 'Landmark' Draft Federal Privacy Bill
A key U.S. lawmaker called a bipartisan policy proposal the best chance to enact privacy protections. (Image: Shutterstock)

A key U.S. congressional lawmaker hailed a bipartisan privacy proposal as a "landmark draft bill" that marks the nation's best chance in decades to enact a comprehensive national privacy law.

See Also: Managing Shadow IT Across Your Enterprise

During a Wednesday hearing on data privacy rights, Rep. Cathy McMorris Rodgers, R-Wa., chair of the House Energy and Commerce Committee and co-author of the American Privacy Rights Act discussion draft, said U.S. citizens are currently subjected to a "modern form of digital tyranny" in which "a handful of companies and bad actors are exploiting our personal information" for profit and manipulation.

"Congress has been trying to develop and pass comprehensive data privacy and security legislation for decades," Rodgers said. "With the American Privacy Rights Act, we are at a unique moment in history where we finally have the opportunity to imagine the internet as a force for prosperity and good."

The draft legislation comes amid calls for Congress to pass a privacy bill that would protect consumer rights and implement new cybersecurity mandates for vast swaths of the American economy (see: US Bipartisan Privacy Bill Contains Cybersecurity Mandates). Sen. Maria Cantwell, D-Wa., chair of the Senate Commerce Committee and a discussion draft co-author, said in a statement that the draft proposal "strikes a meaningful balance on issues that are critical to moving comprehensive data privacy legislation through Congress."

Cantwell, who has declined to support previous compromise proposals throughout her three-year tenure as committee chair, could be the endorsement needed to finally pass comprehensive data privacy legislation. Although Cantwell and Rodgers have previously introduced competing data privacy bills over the years, the support of both committee chairs marks a rare moment of strong support.

Under the draft proposal, companies would limit their collection of data to information necessary to provide a product or service, with some exceptions, including an allowance for "market research." The bill also requires virtually any corporation that collects data to implement "reasonable data security practices." This does not apply to small businesses.

Companies involved in data collection and processing would be required to adequately safeguard data against unauthorized access and cyberattacks. Instead of including a sweeping list of cybersecurity regulations, the proposal details high-level best practices for organizations to better secure customer data - such as conducting routine vulnerability assessments and taking preventative actions to mitigate risks. Companies that generate a minimum of $250 million in annual revenues will also be required to regularly assess their decision-making algorithms for potential biases and share those evaluations with the public and the Federal Trade Commission.

Despite its bipartisan and bicameral underpinnings, the bill is far from a guaranteed success. Texas Sen. Ted Cruz, the senior Senate Commerce Committee Republican, has tied the bill to conservative hot-button issues, stating that he cannot support a privacy bill that "gives unprecedented power to the FTC to become referees of internet speech and DEI compliance." He also took issue with any proposal that "empowers trial lawyers." The proposal allows individuals to sue companies for violations of most sections of the act, a measure that has been a key Democratic demand.

The bill preempts recent state data privacy laws, prompting the head of the nascent California agency created through a Golden State privacy statute on Tuesday to say that "a federal privacy law with sweeping preemption language could freeze protections for the next thirty years." California Privacy Protection Agency Executive Director Ashkan Soltani also criticized the bill for lacking "critical protections with respect to sexual orientation, union membership, and immigration status because it does not include these categories in the definition of sensitive covered data."

New Jersey Rep. Frank Pallone, the ranking Democrat on the House Energy and Commerce Committee, has called the proposal "a very strong discussion draft" but faulted it for lacking measures specifically targeted at safeguarding minors' privacy. "To start, we should explicitly prohibit targeted advertising to children," he said at the onset of today's hearing. He also urged mandating privacy by design for products directed at children and obligatory "policies, practices, and procedures that take special care to identify, assess, and mitigate privacy risks with respect to children."

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.