New draft US federal privacy bill unveiled
- Author: Wolfgang von Sandersleben, DP-Dock GmbH
- Last updated: April 2024
- Category: Data Security
Since the dawn of the internet age, tech companies have developed increasingly sophisticated methods to collect and use large amounts of personal data – without extensive regulation at the state level. According to THE SPOKESMAN-REVIEW of April 7, 2024, two Washington state lawmakers have a bipartisan plan to overcome this impasse and establish a national standard for privacy. "This is a historic bill that we've been working on for several years," said Rep. McMorris Rodgers. "Internet privacy protections should not differ across state lines, this bill that Senator Cantwell and I will agree to create privacy protections that are stronger than any state law on the books." The bill would limit the data that companies can collect, store, and use to what they need to provide their products/services. That would be a big change from current consent-based system, which forces users to scroll through lengthy privacy agreements and with pop-ups asking for permission to be tracked online.
The American Privacy Rights Act (APRA) would allow Americans to opt out of targeted advertising and access, correct, export, or delete their data and stop its sale or transfer. It would create a national registry of data brokers who buy and sell personal data, and require these companies to give people the opportunity to opt out of having their data collected and sold.
Current state laws, such as a California law, do not provide for a way for individuals to sue a company for violations of the law, except in cases of data breaches. Under APRA, the Federal Trade Commission, state attorneys general, and private individuals would have the right to sue. This so-called "private right of action" was a sticking point between lawmakers in Washington. McMorris Rodgers was concerned that the ability to have individuals sue without first seeking the help of an attorney general or the FTC could lead to a spate of litigation that would burden businesses and stifle innovation. The provisions of the law don't apply to small businesses with less than US$40 million in annual revenue, as long as they don't sell data. We will closely monitor this. Source and more information: click here.
