Skip to main content

Senators Push Companies to Adopt EU Data Protections Here

Only hours after privacy groups said they were pushing U.S. companies to adopt EU privacy protections going into effect May 25, a quarted of Democratic senators added their shove to the issue.\

Sens. Ed Markey (D-Mass.), Dick Durbin (D-Ill.), Richard Blumenthal (D-Conn.), and Bernie Sanders (I-Vt.) joined to co-sponsor a congressional resolution calling on those companies to "provide Americans with privacy protections included in the European law. The robust EU privacy protections," including the EU's opt-in requirement for using information that Democrats in this country have been advocating for years, particularly Markey, both in the House and now the Senate.

The EU framework also includes data security, breach notification and special protection for children's information, also all on Democrats' privacy wish lists.

“When the European privacy law takes effect, the American people are going to wonder why they are getting second-class privacy protections,” said Markey. “If companies can afford to protect Europeans’ privacy, they can also afford to do so for their American customers and users. Under the European rules, privacy is not an afterthought, and consumers, not corporations, are in charge of personal information. The American people want and deserve a comprehensive privacy bill of rights, and it is time Congress acts to protect this important 21st century right.”

The resolution is not a mandate, but simply a "sense of the Senate" encouragement to apply the EU standards here and an explanation of why that is important.

Per Markey's office, the following are some of the EU provisions they particularly want to see in the U.S.

1. "The requirement that data processors have a legal basis for using individuals’ data, including opt-in consent

2. "The requirement that data processors design their systems in a way that minimizes the processing of data to only what is necessary for the specific purpose stated to the individual, and the requirement that data processors, by default, protect personal information from being used for other purposes

3."The requirement that entities processing children’s data institute special protections, particularly with reference to the use of children’s data for marketing purposes

4. "The individual’s right to know who has access to her/his data

5. "The individual’s right to revoke permission to use her/his data at any time

6. "The individual’s right to not be subject to automated decision making, including profiling, without human intervention that has legal or otherwise significant effects on the individual."