A Breakthrough Online Privacy Proposal Hits Congress (wired.com) 27
An anonymous reader quotes a report from Wired: Congress may be closer than ever to passing a comprehensive data privacy framework after key House and Senate committee leaders released a new proposal on Sunday. The bipartisan proposal, titled the American Privacy Rights Act, or APRA, would limit the types of consumer data that companies can collect, retain, and use, allowing solely what they'd need to operate their services. Users would also be allowed to opt out of targeted advertising, and have the ability to view, correct, delete, and download their data from online services. The proposal would also create a national registry of data brokers, and force those companies to allow users to opt out of having their data sold. [...] In an interview with The Spokesman Review on Sunday, [Cathy McMorris Rodgers, House Energy and Commerce Committee chair] claimed that the draft's language is stronger than any active laws, seemingly as an attempt to assuage the concerns of Democrats who have long fought attempts to preempt preexisting state-level protections. APRA does allow states to pass their own privacy laws related to civil rights and consumer protections, among other exceptions.
In the previous session of Congress, the leaders of the House Energy and Commerce Committees brokered a deal with Roger Wicker, the top Republican on the Senate Commerce Committee, on a bill that would preempt state laws with the exception of the California Consumer Privacy Act and the Biometric Information Privacy Act of Illinois. That measure, titled the American Data Privacy and Protection Act, also created a weaker private right of action than most Democrats were willing to support. Maria Cantwell, Senate Commerce Committee chair, refused to support the measure, instead circulating her own draft legislation. The ADPPA hasn't been reintroduced, but APRA was designed as a compromise. "I think we have threaded a very important needle here," Cantwell told The Spokesman Review. "We are preserving those standards that California and Illinois and Washington have."
APRA includes language from California's landmark privacy law allowing people to sue companies when they are harmed by a data breach. It also provides the Federal Trade Commission, state attorneys general, and private citizens the authority to sue companies when they violate the law. The categories of data that would be impacted by APRA include certain categories of "information that identifies or is linked or reasonably linkable to an individual or device," according to a Senate Commerce Committee summary of the legislation. Small businesses -- those with $40 million or less in annual revenue and limited data collection -- would be exempt under APRA, with enforcement focused on businesses with $250 million or more in yearly revenue. Governments and "entities working on behalf of governments" are excluded under the bill, as are the National Center for Missing and Exploited Children and, apart from certain cybersecurity provisions, "fraud-fighting" nonprofits. Frank Pallone, the top Democrat on the House Energy and Commerce Committee, called the draft "very strong" in a Sunday statement, but said he wanted to "strengthen" it with tighter child safety provisions.
In the previous session of Congress, the leaders of the House Energy and Commerce Committees brokered a deal with Roger Wicker, the top Republican on the Senate Commerce Committee, on a bill that would preempt state laws with the exception of the California Consumer Privacy Act and the Biometric Information Privacy Act of Illinois. That measure, titled the American Data Privacy and Protection Act, also created a weaker private right of action than most Democrats were willing to support. Maria Cantwell, Senate Commerce Committee chair, refused to support the measure, instead circulating her own draft legislation. The ADPPA hasn't been reintroduced, but APRA was designed as a compromise. "I think we have threaded a very important needle here," Cantwell told The Spokesman Review. "We are preserving those standards that California and Illinois and Washington have."
APRA includes language from California's landmark privacy law allowing people to sue companies when they are harmed by a data breach. It also provides the Federal Trade Commission, state attorneys general, and private citizens the authority to sue companies when they violate the law. The categories of data that would be impacted by APRA include certain categories of "information that identifies or is linked or reasonably linkable to an individual or device," according to a Senate Commerce Committee summary of the legislation. Small businesses -- those with $40 million or less in annual revenue and limited data collection -- would be exempt under APRA, with enforcement focused on businesses with $250 million or more in yearly revenue. Governments and "entities working on behalf of governments" are excluded under the bill, as are the National Center for Missing and Exploited Children and, apart from certain cybersecurity provisions, "fraud-fighting" nonprofits. Frank Pallone, the top Democrat on the House Energy and Commerce Committee, called the draft "very strong" in a Sunday statement, but said he wanted to "strengthen" it with tighter child safety provisions.
I hope it passes (Score:5, Insightful)
...but I expect it won't. Too many interests have financial stakes in an advertising economy monetizing the peasants' every thought or action.
But if it passes... it's a law that should have been on the books as soon as somebody came up with the idea of data mining. Probably long, long before the Internet even saw the beginning of the Eternal September.
Re: (Score:3)
Re: (Score:2)
If it passes it's because there are other methods of tracking you which aren't mentioned in the bill.
Exactly, this is just regulatory capture to make it difficult for new companies entering the field.
Re: (Score:2)
Tracking is only one small part of a comprehensive privacy bill. Access to your data is another important one. And the right to be forgotten.
Re: (Score:2)
If simple 'anonymization' of the data can avoid these restrictions it won't really help much as cross-comparing with other databases can often allow the data to be de-anonymized.
Re: (Score:2)
Even if it won't in that form... Can we please at LEAST ban companies from harvesting government records and brokered personal data about Individual persons, Such as Names, Addresses, Phone Numbers, and posting it En masse to public websites, or Posting it for sale online?
We should NOT have to pay companies like Incogni and DeleteMe. Just to keep our personal d
Will it impact profit? Yes? So no chance (Score:3)
And this is still way below the GDPR.
And quietly dies (Score:2)
National Registry (Score:5, Interesting)
A National Registry of data brokers will be as effective as CFPB's consumer reporting agencies [consumerfinance.gov], all of whom have to allow you to 'freeze' your reports and all of whom have to provide you a free copy of your report. It's all good on paper but there are hundreds of them. What's needed for data brokers (and CRAs) is some centralized registry, like the Do Not Call list, where you can one click opt yourself out, request copies, etc., otherwise it's just a phone book and you get to do an unlimited amount of legwork to exercise your rights.
Re: (Score:2)
Yes the first violation will be tough with all the lawyers and lobbyists, but once one goes down the others will take notice.
Re: (Score:2)
there there is no Constitutional requirements for privacy
Yes, there is. It's called the 9th Amendment as well as part of the 4th. As has been said an untold number of times, the Founding Fathers knew they couldn't list every single right imaginable, so they made broad strokes to cover most things with the 9th being the catch all. At the same time, they strove to limit the power of the government over the people, the exact opposite of the what the so-called "originalists" fail to acknowledge because that w
Re: (Score:1, Insightful)
Re: (Score:1)
It's election season (Score:1)
They are lying. (Score:3)
At the same time as this bill is moving through, the Section 702 renewal bill is also moving through...
They are full of shit.
Supercession clause... (Score:2)
Does it have a clause that says it supercedes all state laws?
If it does, it's evil.
Re: (Score:2)
Even if it did, state government and its contractors are exempt. Besides, corporations usually demand nation-wide legislation: This is exactly what they want. Okay, it's the exact opposite of what they want but since they're not going to demand the right to treat everyone else like a serf, this is the compromise.
The APRA (Not the ADPRA, keep up!) protects existing laws "that California and Illinois and Washington have."
So you agree, states should enforce gun-control and anti-abortion laws as they pleas
Re: (Score:2)
Re: (Score:2)
I'm thinking this:
State X says "The people shall have A, B, C, and D"
Bill says, "The people shall have A and B. This bill supercedes all state laws".
What happens to the people of State X who now no longer have access to C and D?
amazing how fast... (Score:1)
Ban sale of the data (Score:2)
They need to ban the SALE of the data collected.