Skip to main content

Sen. Blumenthal Preps U.S. Version of EU Privacy Framework

Sen. Richard Blumenthal (D-Conn.) said Tuesday (June 19) that he is preparing to introduce a privacy "bill of rights."

Related: Senators Push Companies to Adopt EU Data Protections Here

That came at yet another hearing on the Facebook/Cambridge Analytica third-party data sharing issue, this one in the Senate Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security.

Blumenthal said his framework was based at least in part on the European Union's tough new General Data Protection Regulation (GDPR) online privacy framework taking effect May 25.

The EU framework includes an opt-in requirement for collecting or sharing data, as well as data security, breach notification and special protection for children's information.

Related: Public Knowledge Opposes Grafting E.U. Regs on U.S.

Blumenthal said a first step toward stronger privacy protections was to alert the public to what the threats and challenges of data sharing are, what the national security threats might be, and what may be known to Facebook and other companies, but not to the general public.

Subcommittee chair Jerry Moran (R-Kan.), and Sen. John Thune (R-S.D.), chair of the full Commerce Committee, both also signaled they were willing to talk about fitting the best parts of GDPR privacy framework into a U.S. approach to privacy legislation.

Blumenthal said he was not happy with what he said was Facebook's continued lack of transparency about its data collection and sharing.

He said there were two Facebooks, (1) the idealistic company fueled by altruism and the desire to connect people with people they love -- exchanging pet pictures and Fathers Day greetings -- and build communities, and (2) the behemoth wielding powerful social and political tools via pervasive data collection that is largely hidden but used to advance the company's goal or allow data brokers to gather info on race and religions and income for commercial gain.

He said that Facebook was at a turning point and could either be totally transparent about and responsible for the data it collects and shares, or commit to a course of non-transparency about practices that may infringe on privacy.