Skip to main content

New Federal Data Privacy Bill Introduced

Capitol Hill
(Image credit: Gary Arlen)

Rep. Suzan DelBene (D-Wash.) has introduced the Information Transparency and Personal Data Control Act, which would create a federal data privacy law enforced by the Federal Trade Commission. 

Also Read: Senate Commerce Tees Up Federal Privacy Bills

DelBene said a patchwork of different state laws only leads to confusion and that a national standard is necessary to create a uniform set of rights, something various legislators have been trying to do for years.

The FCC, under former Democratic chairman Tom Wheeler, passed privacy rules but Republicans in Congress nullified them.

The DelBene bill would require a user's consent (opt-in) for any collection, storage or sharing of sensitive personal information, and a user could opt out of that collection, storage and sharing of non-sensitive information as well. 

Other bill highlights:

1. Plain English: Requires companies to provide their privacy policies in "plain English." 

2. Disclosure: Increases transparency by requiring companies to disclose if and with whom their personal information will be shared and the purpose of sharing the information. 

3. Preemption: Creates a unified national standard and avoids a patchwork of different privacy standards by preempting conflicting state laws.

4. Enforcement: Gives the Federal Trade Commission (FTC) strong rulemaking authority to keep up with evolving digital trends and the ability to fine bad actors on the first offense. Empowers state attorneys general to also pursue violations if the FTC chooses not to act.

There would have to be at least a biennial third-party "privacy hygiene" audit of any party collecting or storing or sharing sensitive personal information, with a small business exemption from the audit for those collecting, storing, or sharing that information from 250,0000 or fewer individuals per year.

There would also be no opt-in requirement for the use of either sensitive or non-sensitive info to detect or prevent fraud, theft, other criminal activity; protecting the "vital interests" of a consumer; responding to a "valid legal process"; monitoring criminal activity if agreed to beforehand by the individual; protecting property against unauthorized access; advancing a substantial public interest including for archival or scientific or historical or public health reasons; authorized uses for credit reporting; completing a transaction to provide a good or service requested by a consumer; complying with federal, state or local laws; and conducting product recalls and servicing warranties.

Also Read: CCPA Enforcement Begins without Final Rules

The bill would give the Federal Trade Commission the authority to enforce the privacy laws irrespective of the limitations in the Federal Trade Commission Act on its authority over common carriers, to which the new law applies.