Congress revealed a bipartisan federal privacy bill, called the American Data Privacy and Protection Act. However, the U.S. Chamber of Commerce has major issues with the draft of the bill. Although the Chamber has objections to the draft, the feedback from the organization shows a willingness to negotiate the terms of a federal privacy law.
The Chamber declared in a letter that the draft of the federal privacy bill “is unworkable at this time.” The Chamber wants a “true national standard” and is concerned with the bill’s preemption of state laws. Also, the Chamber does not want the bill to include a private right of action, which would allow consumers the ability to sue over violations.
The federal privacy bill would offer consumers:
- Individual data ownership and control
- Data protections for children and minors
- The right to consent and object to processing sensitive covered data
The term “sensitive covered data” in the bill includes a list of data types, which includes:
|Genetic||Geolocation||Private messages||Log-in credentials|
|Race/Ethnicity/Union||Sexual orientation||Online activities||Calendar/Address|
|Private photos||Content access||Under 17 info||Identifying data|
Privacy by Design
The privacy bill would require a covered entity to “establish and implement reasonable policies, practices, and procedures regarding the collection, processing, and transfer of covered data.” The bill highlights the need to use a “privacy by design” approach by integrating technology and privacy practices into the business operations.
- Contact information
- Categories of covered data collected
- Processing purposes
- Transferring of covered data
- Data retention period
- Rights of consumers
- Data security practices
- Data transferred to certain countries
If enacted, the Federal Trade Commission (FTC) will enforce the privacy law and make consumers aware of the law. Shortly after passage, the FTC plans to publish a webpage that describes the provisions, rights, obligations, and requirements of the law. The webpage will contain “plain and concise language” that will be “easy-to-understand” for both individuals and covered entities.