US lawmakers will push for new privacy regulations – Washington Examiner

A significant privacy bill will be on Congress's agenda during the next two years, with privacy-focused Democrats holding thin majorities in both the House and the Senate.

While privacy legislation will take a back seat early this year because of the COVID-19 pandemic, lawmakers and privacy experts expect to see a significant push for legislation that would give consumers more control over how companies share their data, particularly over the internet.

Sen. Maria Cantwell, a Washington Democrat, introduced privacy legislation in late 2019. She will take over as chairwoman of the Senate Commerce, Science, and Transportation Committee, where privacy bills are debated. Her 2019 Consumer Online Privacy Rights Act would have given consumers the ability to prohibit companies from sharing their data with third parties. It would have required companies that hold personal data to check for security vulnerabilities and take preventive measures to protect that data.

Sen. Ron Wyden, an Oregon Democrat, plans to introduce two privacy bills, a spokesperson said. Wyden's Mind Your Own Business Act would create a national do-not-track list and allow for huge fines and, in some cases, prison terms for privacy violations. The Fourth Amendment is Not for Sale Act would prohibit government agencies, including law enforcement agencies, from purchasing personal information from data brokers.

Wyden's spokesperson said the senator plans to work closely with Cantwell to get privacy legislation passed.

With states passing privacy legislation and the European Union's General Data Protection Regulation in effect, privacy legislation in Congress will likely focus on the right for consumers to opt out of their information getting sold. They will also have the right to know what data is collected and the right for their data to be removed from company databases, said Cameron Call, a technical operations manager at Network Security Associates, an information technology services and regulatory compliance vendor.

Still, some of these regulations could have a significant impact on the technology industry, Call told the Washington Examiner. A lot of free online services "make their revenue on the data collected about you," he said. "If this gets taken away, how will they monetize? Will it mean more services will require a monthly subscription?"

It's also unclear whether United States consumers will pay attention if websites and companies are required to tell them what personal data they collect, he added. Because of the EU's GDPR, many websites now deliver a notice that they collect cookies. If web users get even more pop-ups, "will people actually read them?" he asked.

With California and other states passing privacy regulations, federal law seems likely, said Michael Williams, a partner at Clym, a data privacy law compliance platform. Many business leaders have pushed for a national law to avoid compliance with multiple state laws.

"To date, the U.S. has abdicated any true responsibility regarding federal data privacy regulation, and as such, many states have taken it upon themselves to enact or consider data privacy regulations for their residents," he told the Washington Examiner.

However, federal law may instead create baseline privacy regulations that states can build on, he added.

The impact of national privacy law will go beyond the tech sector, he said. Three of the highest five GDPR fines, for example, were imposed on companies outside the technology industry, with Swedish retail company H&M, British Airways, and Marriott International all receiving fines of over 20 million euros.

"In the modern economy, the flow of data informs operational decisions at every business, and companies of all shapes and sizes collect a massive amount of data, which, to this point, has gone unregulated in most areas of the U.S.," Williams said.

Still, some observers are less optimistic about a privacy bill passing. A major privacy bill seems unlikely unless the Senate eliminates the filibuster, said Kevin Coy, a partner and privacy group co-chairman with the Arnall Golden Gregory in Washington, D.C.

In some cases, Senate Republicans may block some comprehensive Democratic proposals, he noted.

"Privacy itself is not a partisan issue," he told the Washington Examiner. "However, some issues privacy legislation would need to address, such as whether the privacy legislation would preempt state law or whether there would be a private right of action for violations, are more likely to break down along partisan lines than many of the substantive requirements a major privacy law might include."

Read this article:
US lawmakers will push for new privacy regulations - Washington Examiner