New legislation backed by Republican and Democrat lawmakers aims to create a single national data privacy standard to give Americans better control over how their private information is used.
The act minimizes how much individual data businesses can collect, retain, and use. Companies will only be able to collect data needed to provide products and services. Firms handling sensitive data must receive the “express consent” of customers before transferring such information to a third party.
Under the proposal, businesses are required to allow people to access, correct, delete, and export data. In addition, individuals can opt out of targeted advertising.
The act “gives individuals the right to sue bad actors who violate their privacy rights—and recover money for damages when they’ve been harmed.” It prohibits companies from enforcing mandatory arbitration against customers in case the individuals suffered “substantial privacy harm.”
“This landmark legislation gives Americans the right to control where their information goes and who can sell it,” Ms. Rodgers said.
“It reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent. Americans overwhelmingly want these rights, and they are looking to us, their elected representatives, to act.”
The bill prevents companies from using people’s private information to discriminate against them. Individuals can opt out of companies’ use of algorithms to make decisions in matters such as employment, credit opportunities, housing, insurance, and education. Companies have to conduct annual algorithm reviews to ensure they do not subject individuals to discrimination.
Businesses are obligated to implement “strong data security standards” so that there is limited chance of identity theft or harm. Company executives are responsible for making sure their business takes all the necessary actions to protect customer data.
“A federal data privacy law must do two things: It must make privacy a consumer right, and it must give consumers the ability to enforce that right,” Ms. Cantwell said.
Data Privacy Concerns
The new bill comes as multiple major companies have been involved in data safety breaches and privacy lawsuits in recent times.The dataset appeared to have been from 2019 or earlier, with information such as names, passcodes, email addresses, social security numbers, phone numbers, and home addresses potentially compromised. AT&T subsequently reset the passcodes of the 7.6 million current users.
The settlement ensures that “Google will collect less data from users’ private browsing sessions, and that Google will make less money from the data,” according to the plaintiff’s lawyers.
The updated rules require service carriers to notify the FCC, the FBI, and the U.S. Secret Service about data breaches.
“We require such notice to be made as soon as practicable, and in no event later than seven business days, after reasonable determination of the breach,” the rules read.
The FCC also eliminated the “mandatory waiting period for carriers to notify customers” about a data breach. Instead, the agency now requires carriers “to notify customers of breaches of covered data without unreasonable delay after notification to the Commission and law enforcement, and no later than 30 days after reasonable determination of a breach.”
The decision came as part of the broker’s settlement with the agency over allegations that the company “sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship, and domestic abuse shelters,” the FTC said.
