{"id":5980,"date":"2019-01-22T22:58:35","date_gmt":"2019-01-23T02:58:35","guid":{"rendered":"http:\/\/ncjolt.org\/?p=5980"},"modified":"2020-06-04T20:52:28","modified_gmt":"2020-06-04T20:52:28","slug":"a-national-approach-to-data-privacy-competing-proposals-for-a-federal-privacy-bill","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/a-national-approach-to-data-privacy-competing-proposals-for-a-federal-privacy-bill\/","title":{"rendered":"A National Approach to Data Privacy? Competing Proposals for a Federal Privacy Bill"},"content":{"rendered":"\n<p>On\nJanuary 16, 2019, Senator Rubio introduced a bill, entitled the <a href=\"https:\/\/www.rubio.senate.gov\/public\/_cache\/files\/3859c1d4-fd09-47c1-afa1-c1684e2f8df9\/A9470F75C36C8115D756746340CC1E55.american-data-dissemination-act.pdf\">American\nData Dissemination Act<\/a> (ADDA), that proposes a national standard to\nregulate the way private companies handle consumer data. The bill uses the\nPrivacy Act of 1974, which applies solely to data handling by governmental\nagencies, as a <a href=\"https:\/\/www.rubio.senate.gov\/public\/index.cfm\/2019\/1\/rubio-introduces-privacy-bill-to-protect-consumers-while-promoting-innovation\">framework<\/a>\nfor a broader national standard. However, the bill would preempt stronger state\nprivacy regulations, such as <a href=\"https:\/\/www.theverge.com\/2018\/6\/28\/17509720\/california-consumer-privacy-act-legislation-law-vote\">California\u2019s\nrecently-enacted privacy statute<\/a>, causing concern that, if enacted,\nthe bill would entrench lenient privacy standards nationally. While a national\nprivacy statute is a laudable goal, legislators should be careful not to set\nthe bar for national data privacy too low. Because the ADDA is the <a href=\"https:\/\/www.theverge.com\/2019\/1\/16\/18185167\/facebook-google-data-privacy-marco-rubio-congress-american-dissemination-act\">first\nnational data privacy bill<\/a> to be introduced in 2019, but exists\nalongside several competing proposals, it merits discussion. In evaluating\nmultiple federal privacy bill proposals, Congress should ensure optimal\nprotections for consumers in order to align the United States with\ninternational standards after the passage of <a href=\"https:\/\/money.cnn.com\/2018\/05\/21\/technology\/gdpr-explained-europe-privacy\/index.html\">Europe\u2019s\nGDPR<\/a>. <\/p>\n\n\n<blockquote class=\"wp-block-quote\"><p>You have a bipartisan sense that <a href=\"https:\/\/www.wired.com\/story\/privacy-law-showdown-congress-2019\/\">some type of privacy legislation needs to happen<\/a>, and at the same time, you have industry pushing for it. We\u2019re certainly in a moment that\u2019s been different from moments in the past. <\/p><cite><br \/>Neema Singh Guliani, Senior Legislative Counsel, ACLU<\/cite><\/blockquote>\n\n\n<p>The Privacy Act of 1974, on which the ADDA bill is based, limits the way federal agencies can gather and use personal data, creating a baseline for individual privacy in the government records context. The <a href=\"https:\/\/epic.org\/privacy\/1974act\/\">1974 Act<\/a> mandates that a federal agency: show an individual what records the agency has on the individual; follow the <a href=\"https:\/\/www.epic.org\/privacy\/consumer\/code_fair_info.html\">Fair Information Practices<\/a> (FIPs) when processing individual data; and limit sharing of individual data among agencies. The 1974 Act also creates a right for individuals to bring suit for violations. <\/p>\n\n\n<p>While adapting the 1974 Act to\ncover private companies would be a good first step in forming a national data\nprivacy system, the ADDA bill\u2019s relatively weak data protections and preemption\nclause could be interpreted as a means to <a href=\"https:\/\/www.engadget.com\/2019\/01\/16\/marco-rubio-american-data-dissemination-act\/\">prevent\nstronger privacy protections<\/a>, such as California\u2019s privacy statute,\nfrom taking effect. The California Consumer Privacy Act, set to take effect in\nJanuary 2020, is the most comprehensive consumer data privacy protection law in\nthe United States. <a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/08\/how-improve-california-consumer-privacy-act-2018\">The\nCalifornia Act allows<\/a>: consumers to discover what personal\ninformation a business has on them; consumers to request deletion of personal\ninformation collected from them; consumers to opt-out of having their personal\ninformation sold; and, with some exceptions, the ability to continue receiving\nequal service from the business after consumers exercise these rights.\nUnsurprisingly, the California Act has faced strong opposition from industry\ngroups that seek to <a href=\"https:\/\/www.wired.com\/story\/california-privacy-bill-tech-lobbying\/\">weaken\nits protections for consumers<\/a>. <\/p>\n\n\n<p>Although the Federal Trade\nCommission (FTC) has <a href=\"https:\/\/www.nytimes.com\/2018\/12\/30\/technology\/facebook-data-privacy-ftc.html\">faced\nrecent criticism for being too lenient<\/a> in enforcing patchwork\nfederal privacy laws, most notably in the recurring Facebook scandals, the FTC\nplays a prominent role in the ADDA bill.&nbsp;\nThe ADDA bill instructs the FTC to provide Congress with a set of\nprivacy standards adapted from the Privacy Act of 1974. Congress would then\nhave up to two years to pass the final national privacy standard, which would\nbe based on the FTC\u2019s recommendations. Only if Congress failed to pass a final\nversion within two years would the FTC gain <a href=\"https:\/\/arstechnica.com\/tech-policy\/2019\/01\/sen-marco-rubio-wants-to-ban-states-from-protecting-consumer-privacy\/\">independent\nrulemaking authority<\/a> over national privacy standards.<\/p>\n\n\n<p>By way of contrast, a coalition of consumer advocacy groups recently <a href=\"https:\/\/www.citizen.org\/sites\/default\/files\/privacy-and-digital-rights-for-all-framework.pdf\">published a proposal<\/a> to, among other reforms, form a federal data protection agency. Rather than rely on the FTC to enforce data privacy among its plethora of tasks, the proposed data protection agency would <a href=\"https:\/\/www.nytimes.com\/aponline\/2019\/01\/17\/us\/ap-us-privacy-law-battle-lines.html\">focus solely on data regulation and protection<\/a>. Other proposals, such as a November 2018 bill introduced by Senator Wyden, would keep the FTC at the center of a <a href=\"https:\/\/arstechnica.com\/tech-policy\/2018\/11\/proposed-data-privacy-law-could-send-company-execs-to-prison-for-20-years\/\">more robust system of privacy regulation<\/a> that would include increased fines and potential prison sentences for violators. Meanwhile, <a href=\"https:\/\/thehill.com\/policy\/technology\/421137-push-for-privacy-bill-gains-new-momentum\">multiple congressional committees<\/a>, including a <a href=\"https:\/\/www.reuters.com\/article\/us-usa-ftc-congress\/u-s-senator-says-privacy-bill-draft-could-come-early-next-year-idUSKCN1NX041\">subcommittee<\/a> of the Senate Commerce, Science and Transportation Committee, are working on federal privacy bill proposals. Given the range of proposals and increased activity in the area, it will be interesting to see where efforts to enact a federal privacy bill lead in 2019.   <\/p>\n\n\n<p>Aaron Dalton, 21 January 2019<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On January 16, 2019, Senator Rubio introduced a bill, entitled the American Data Dissemination Act (ADDA), that proposes a national standard to regulate the way private companies handle consumer data. The bill uses the Privacy Act of 1974, which applies solely to data handling by governmental agencies, as a framework for a broader national standard. <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/a-national-approach-to-data-privacy-competing-proposals-for-a-federal-privacy-bill\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":5981,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5980"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=5980"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5980\/revisions"}],"predecessor-version":[{"id":6873,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5980\/revisions\/6873"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5981"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=5980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=5980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=5980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}