Lately, big companies like Google, Amazon, Facebook and few others have come under the light for their data privacy issues. Users blindly accept the current structure of most of the privacy policies, which in turn affects users’ privacy and data. The U.S. lacks a national law that regulates the collection and use of personal data. Yesterday, Marco Rubio (R-Fla.), U.S. Senator introduced a bill titled ‘American Data Dissemination (ADD) Act’ for creating federal standards of privacy protection for big companies like Google, Amazon, and Facebook.
ADD act uses Privacy Act of 1974 as its framework and thus provides transparency and accountability from the tech industry while protecting small businesses and start-ups. The Federal Trade Commission (FTC) is yet to make suggestions for regulations based on the Privacy Act of 1974. The FTC needs to give detailed privacy requirements within six months that would be similar to the requirements under the 1974 Privacy Act. This bill requires Congress to pass legislation within two years or the FTC will write the rules itself. In a statement to The Hill, Rubio said, “If Congress does not act on the FTC’s recommendations within two years, my bill gives the FTC authority to issue a final rulemaking based on the Privacy Act framework.”
The American Data Dissemination (ADD) Act would let the FTC write recommendations to Congress regarding what privacy rules should look like for commercial services like Facebook, Amazon, Google based on a 1974 law which created rules for federal agencies. According to Rubio, the smaller companies should be exempted from new rules and they are finding a way out. One year after the date on which the Commission has submitted recommendations, the FTC will submit proposed regulations to the appropriate Congress Committees for imposing privacy requirements. If the Congress fails to enact a law based on the recommendations provided by two years then FTC will pass a final rule within 27 months after the date of enactment for imposing privacy requirements.
Rubio believes that these recommendations will give Congress a direction for drafting legislation that will protect consumers and capabilities of the internet economy. According to him, any national privacy law must provide clear and consistent protections that consumers and companies can understand, and also the FTC can enforce. He clearly states, “we also cannot tolerate inaction.”
According to a post by Axios, Congressional Democrats have given an indication that they will only agree to preempt state laws, and new rules will come into effect in 2020, in California.
In a press release, Rubio stated, “There has been a growing consensus that Congress must take action to address consumer data privacy. However, I believe that any efforts to address consumer privacy must also balance the need to protect the innovative capabilities of the digital economy that have enabled new entrants and small businesses to succeed in the marketplace. That is why I am introducing the American Data Dissemination Act, which will protect small businesses and startups while ensuring that consumers are provided with overdue rights and protections.
It is critical that we do not create a regulatory environment that entrenches big tech corporations. Congress must act, but it is even more important that Congress act responsibly to create a transparent, digital environment that maximizes consumer welfare over corporate welfare.”
According to Rubio, big companies like Facebook, Apple, Amazon, Netflix, Google, and others would welcome regulations that will prevent start-ups and smaller competitors from challenging their dominance.
Rubio said in a statement to The Hill, “While we may have disagreements on the best path forward, no one believes a privacy law that only bolsters the largest companies with the resources to comply and stifles our start-up marketplace is the right approach.”
The American Data Dissemination (ADD) Act aims to exempt smaller organizations from the new rules which act against the proposed Grand Bargain on Data Privacy Legislation for America which states, “Do not exempt organizations based on size.” The Grand Bargain on Data Privacy Legislation for America bill states, “Include a limited right to rectification for sensitive data collected by critical services.” Even this goes against the ADD act as it stands for consumer data privacy and doesn’t leave any space for sensitive data being accessed. The Grand Bargain on Data Privacy Legislation for America states, “Create data protection rules based on both the type of data and the type of entity collecting the data.” The data is categorized as sensitive and non-sensitive data. But this again works against the ADD act as the bill doesn’t compromise on consumer data.