The legislation would require companies to write their privacy policies in plain English.
The House will soon consider legislation that would create the federal government’s first data privacy standard and force companies to write their privacy policies “in plain English.”
Rep. Suzan DelBene, D-Wash., a former tech executive who once worked for Microsoft, introduced the Information Privacy and Data Transparency Act Wednesday. A previous iteration of the legislation in 2019 stalled out, but DelBene said data privacy has become an “international issue” that requires preemptive privacy legislation.
“Data privacy is a 21st Century issue of civil rights, civil liberties, and human rights and the U.S. has no policy to protect our most sensitive personal information from abuse. With states understandably advancing their own legislation in the absence of federal policy, Congress needs to prioritize creating a strong national standard to protect all Americans,” DelBene said in a statement. “This bill will create those critical protections. This is an international issue as much as it is a domestic concern. If we do not have a clear domestic policy, we will not be able to shape standards abroad, and risk letting others, like the European Union, drive global policy.”
There is currently no federal data privacy law, which has allowed states, including California and Virginia, to pass their own privacy bills. DelBene’s legislation pertains to several kinds of consumer data, including financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, religious beliefs and Social Security information.
The legislation would give consumers an element of control over information they share with industry, allowing them to “opt-in” before companies could use their private information. It would also force companies to disclose publicly if, how and why they share user information.
Beyond user control, the legislation would strengthen the Federal Trade Commission, which has jurisdiction over tech companies. The bill boosts FTC’s rule-making authority to keep pace with rapidly evolving digital trends, and would allow the regulatory agency to fine companies on their first violation of the law. It also allows state attorneys general to pursue violations in scenarios where the FTC does not. Finally, the bill requires companies to submit to “privacy audits” every two years by a neutral third party and further demands companies provide their privacy policies to users in “plain English.”
DelBene’s bill is one of several privacy-related bills expected from House lawmakers in the coming months. While no Republicans have yet voiced support for the law, it does have support from several tech-related organizations, including the Information Technology and Innovation Foundation, a nonpartisan think tank.
“This bill shows that it is possible to craft a data protection law that protects consumers without imposing unnecessary costs on businesses,” said Daniel Castro, vice president of ITIF. “By significantly strengthening the FTC’s enforcement capabilities, establishing uniform national rules for the digital economy, and ensuring businesses focus on protecting consumers’ most sensitive information, this legislation would boost consumer protection without sacrificing innovation. We encourage Congress to use this as a roadmap for how it should move forward in the digital economy to provide certainty to consumers and business alike.”