Lawmakers in Silicon Valley propose federal privacy agency
Privacy bill would require tech giants to make some changes
Two congresswomen from Silicon Valley are proposing a new federal agency to help protect Americans’ privacy in the age of the internet.
Democratic Reps. Anna Eshoo and Zoe Lofgren on Tuesday proposed the Digital Privacy Agency as part of a new federal privacy bill they introduced. They pointed out that European countries have similar agencies and that such an agency is also being proposed in California. The DPA would be independent, have rule-making and enforcement authority, and would have funding for up to 1,600 employees.
“We think American consumers deserve an advocate to protect them,” Eshoo, who represents Palo Alto, said during a call with reporters Tuesday. She said the United States need a dedicated agency because the Federal Trade Commission “lacks the staff, expertise and culture to take on the monumental task of protecting privacy.”
HR 4978, the Online Privacy Act, would establish user rights, including being able to access, correct, delete and transfer their data. It would also create a new right, giving users a say in how long companies
can keep their information. In addition, the bill would require companies to not disclose or sell personal information without explicit consent, and prohibit them from using private communications like emails for advertising purposes.
Lofgren acknowledged that the bill would require companies such as Facebook and Google — whose opinions the lawmakers solicited — to change the way they do business.
“Retention, targeting of data, information provided for consent, all of that would need to be adjusted,” Lofgren said during the call. “It would be a marked change.”
But the congresswomen said they consulted with more than 100 academics,
businesses, regulators and advocacy groups during the months they spent drafting the legislation, and they believe the bill is bold and comprehensive but fair, balancing companies’ needs and users’ well-being. It would not pre-empt state laws but in some cases would call for tougher regulations.
The new agency would be able to fine companies like the FTC can, with the maximum damage amount being the same as under the FTC Act ($42,530 an incident). In addition, state attorneys general could bring civil cases, and individuals and nonprofits could bring legal actions, against companies for violations.
After online data breaches and privacy scandals such as political data consulting firm Cambridge Analytica accessing the user data of tens of millions of Facebook users,
lawmakers around the nation are introducing different versions of privacy legislation. The California Consumer Privacy Act was signed last year and will take effect in 2020.
“The bill by Reps. Eshoo and Lofgren sets out strong rights for internet users, promotes innovation, and establishes a data protection agency,” said Caitriona Fitzgerald, policy director for the Electronic Privacy Information Center in a statement. After EPIC reviewed other pending privacy bills, she said “this is the bill that Congress should enact.”
The U.S. Chamber of Commerce disagreed, saying Tuesday that the bill “compounds the problem of a confusing patchwork of state and federal privacy laws aimed at protecting consumers’ rights.” The Chamber’s model legislation “gives consumers the assurance they need
that personal information is respected while providing businesses with clear and consistent rules of the road across the country,” said Tim Day, senior vice president of the Chamber’s Technology Engagement Center.
The bill also:
• Criminalizes doxing, the publishing of a person’s personal information on the internet.
• Prohibits companies’ use of people’s genetic informatio,n except for research, medical or criminal-investigative purposes, and any other approved uses.
• Requires opt-in consent for use of information for machine learning/ in artificial intelligence algorithms.
•Exempts small businesses from some requirements.