The budding move by the two sides to establish a federal data privacy bill began about two years ago, but was ultimately suspended due to the coronavirus pandemic and a particularly controversial election year. Under the combined effect of these two factors, Congress has begun to discuss this issue again.
The 2018 bill proposed by Sen. Amy Klobuchar (D-MN) and endorsed by the Republican Party has returned to the Senate. Since control of Congress has been transferred to the Democrats, their chances of moving forward may improve. One of the key points of the bill is to require that technology platforms allow users to opt out of data collection and tracking, but also allow them to deny services to these users.
Data Privacy Bill contains mixed clauses.
The Social Media Privacy Protection and Consumer Rights Act was initiated by Klobuchar and Joe Manchin (D-WV) and acquired by John Kennedy (R- LA) and Richard Burr (R-NC). However, the data privacy bill came to a standstill in 2019, in part because the bill didn’t garner much additional Republican support. There is not enough indication that this time the political rights will be more interested in this, but it may now be irrelevant, because the Democrats have a year and a half to pass it and at the same time they can control the House of Representatives with confidence. And the Senate. One of the key provisions of the Data Privacy Act
is that the platform writes its terms of service in “easily accessible language”, which is easy for ordinary people to understand. End users must also have the ability to opt out of data collection and tracking; however, in turn, the platform may reject the services for users who choose not to participate. The bill allows providers to prohibit “certain services” or “full access” if their exclusion could cause “inoperability” on the platform. However, the Data Privacy Act will provide some enhanced rights and protections for those who choose to participate. The bill requires users to be notified of a data breach within 72 hours, and notification of the breach must be accompanied by a full copy of the data collected by the service and a link to delete the data. The bill also requires service agencies to delete data collected from closed accounts within 30 days, unless they are forced to retain the data for some legal reason.
Platforms are needed to maintain a “privacy or security plan”, which is strange wording, because people want a responsible platform that has both aspects. However, the Data Privacy Act stipulates that the program must specify how the platform uses the collected personal data, how to resolve the expected security risks caused by the introduction of new products or services, and specify the access rights of internal employees and contractors who should collect personal data. When new products are introduced on the platform and excluded, users must also be notified. These plans should be reviewed at least every two years.