Ahead of a consumer data privacy hearing, scheduled for today, Epic and eleven other consumer and privacy organizations submitted a data protection framework to the Senate Commerce Committee, yesterday.
The Framework outlines issues that should be addressed to implement effective baseline privacy protections in the United States.
“Core principles include: user control, transparency about business practices, collection and use limitations, data minimization and deletion, and security.“Personal data” should be broadly defined to include information that identifies, or could identify, a particular person”
This hearing titled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act,” will take place on Wednesday, October 10, 2018. It will be presided by U.S. Sen. John Thune, chairman of the Committee on Commerce, Science, and Transportation. This hearing will discuss the new privacy laws in Europe and California and ponder on the types of consumer protections to consider in future legislation.
The Data protection framework proposed by the consumer protection organizations lays basic rules for the Congress to act on in the U.S. This includes:
- Enact baseline federal data protection legislation: “Baseline federal legislation should be based on familiar Fair Information Practices, such as the widely followed OECD Privacy Guidelines. This framework creates obligations for companies that collect personal data and rights for individuals whose personal data is collected.”
- Limit government access to personal data: “US companies should not disclose user data in bulk to the government agencies, particularly after the recent Carpenter ruling that established that individuals have a constitutional privacy interest in the personal data held by third parties.”
- Establish algorithmic transparency and end discriminatory profiling: “Algorithmic transparency, to promote fairness and to remove bias, is now a core element of modern privacy law and should be included in US privacy law.”
- Prohibit “take it or leave it” and other unfair terms: “Requiring individuals to pay more or providing them with lower quality goods or services if they do not agree to waive their privacy rights is unfair and discriminates against those with less means.”
- Ensure robust enforcement: “Companies should be required by law to implement and maintain robust security measures. Furthermore, consumers should be able to pursue a private right of action that produces meaningful penalties.”
- Promote privacy innovation: “Federal privacy law should make privacy innovation an affirmative obligation for all companies that collect and use personal data.”
- Establish a data protection: “The US needs a federal agency focused primarily on identifying emerging privacy challenges, ensuring compliance with data protection obligation and identifying emerging privacy challenges”
Epic.org has also submitted a statement to the Committee regarding the recent security and data breaches at Google and Facebook. Their statement also highlights the Federal Trade Commission’s failure to take necessary action on these incidents.
Per their statement, “The FTC’s failure to enforce consumer privacy safeguards has led not only to diminished data protection in the United States but also to less innovation and less competition among Internet services.
The FTC’s failure to enforce the original privacy rights of WhatsApp allowed Facebook to acquire user data and undermine one of the best messaging services. Even the founders of WhatsApp know this. But the FTC has said nothing.”
Read the full proposed data protection framework, to know more.