US Senator Maria Cantwell (D-WA) and US Representative Cathy McMorris Rodgers (R-WA) announced on Sunday draft legislation to “establish a national data privacy and security standard.” In the joint statement, the two lawmakers said that they plan to submit the bill, which will eliminate the “patchwork” of state regulation in favor of a federal law capable of “robust enforcement … to hold violators accountable.”
The proposed American Privacy Rights Act limits consumer data companies from collecting, using, and storing. The act also allows individuals to prevent the sale of their personal data from one company to another. “Expressed consent” would be required for a transfer of personal data to take place.
Importantly, the act provides for the enforcement of data privacy rights. Currently, there is no federal data privacy law protecting consumers or a law that outlines an enforcement mechanism for data breaches. The majority of individuals affected by data breaches or hacks are unable to access federal courts due to a lack of standing. This leads to federal courts excluding these cases because most individuals whose data has been sold, stolen or hacked can not show a personal injury or harm suffered. This has left individuals to seek relief in state courts. As of June 2022, only five states have enacted comprehensive consumer data privacy laws.
Rodgers stated that the act would prevent “Big Tech … from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent.” She also stated that Americans “overwhelmingly want these rights.”
Tech companies already face strict privacy laws in other markets. In the EU, the Right to Be Forgotten allows individuals to erase their personal data after a transaction has been completed or was “unlawfully” obtained. Companies that have violated EU privacy rules have received hefty fines.