Is digital privacy about to become a basic right in the United States?

Federal lawmakers in the U.S. have proposed bipartisan legislation that, for the first time, “sets clear, national data privacy rights and protections for Americans,” according to CNN. The American Privacy Rights Act would enshrine digital privacy as a basic, enforceable right and aim to give citizens’ more control over their biometric data and overall digital identity.

Much like the EU’s General Data Protection Regulation (GDPR), the law would bring the U.S.’s current approach to data privacy – what a government release calls “the existing patchwork of state comprehensive data privacy laws” – under a single piece of legislation for the first time. Significantly, it would also establish a private right of action for individuals to hold violators of the act accountable.

“This landmark legislation gives Americans the right to control where their information goes and who can sell it,” says Republican House Committee on Energy and Commerce Chair Cathy McMorris Rodgers, who drafted the law with Washington Sen. Maria Cantwell, the Democratic chair of the Senate Commerce Committee. “It reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent.”

Foundational uniform national data privacy rights would include rules and restrictions on what data companies can collect, where that data goes, who gets access, and the ability to opt out of targeted advertising and data processing in cases where a privacy policy has changed. It promises to set “one national privacy standard, stronger than any state” – notable given the tighter data protection laws in states like California.

Individuals could sue companies that violate data privacy laws

Emphasizing “robust enforcement mechanisms,” Cantwell says that “a federal data privacy law must do two things: it must make privacy a consumer right, and it must give consumers the ability to enforce that right.” Among the draft legislation’s more significant and potentially impactful promises is to give individuals “the right to sue bad actors who violate their privacy rights—and recover money for damages when they’ve been harmed.” It also bans companies from enforcing mandatory arbitration in cases of substantial privacy harm. These are significant developments in the ease of litigating companies who break data privacy laws, especially for individuals.

For corporations, it “makes executives take responsibility for ensuring that companies take all actions necessary to protect customer data as required by the law.”

In terms of civil rights, the bill allows people to say no to algorithms being applied to decisions about housing, employment, healthcare, credit, education, or insurance. It also requires algorithms to be reviewed annually to test for discrimination and bias.

Small businesses that do not sell customers’ personal information are exempt from the requirements of the bill.

The deal marks a breakthrough in negotiations between Republicans and Democrats over data privacy legislation, who have locked horns over the issue for years. Cantwell and Rodgers call it “the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information.”

Article Topics

biometric data  |  biometric identifiers  |  data privacy  |  digital identity  |  legislation  |  United States