Privacy for America: Principles For Privacy Legislation Dec 2019

Read the full Privacy for America breakdown here: Principles For Privacy Legislation Dec 2019

Introduction

Privacy for America has developed a new framework for nationwide privacy legislation that would fundamentally change the way personal data is protected and secured in this country. This framework is intended to provide a new option to policy makers for their consideration as they address this important issue. Unlike existing domestic and international approaches to privacy regulation, the framework would not rely on burdensome “notice and choice” schemes to protect personal data. Rather, it would clearly define and prohibit practices that put personal data at risk or undermine accountability, while preserving the benefits to individuals and our economy that result from the responsible use of data.

Notably, the new framework would shift the burden away from individuals to read hundreds of lengthy privacy policies to protect themselves and toward a common set of data privacy and security norms. To ensure widespread compliance and rigorous enforcement, the framework would significantly expand federal and state oversight of data practices, including by creating a new data protection bureau at the Federal Trade Commission (FTC), authorizing FTC rulemaking in certain key areas, and providing civil penalty authority to both the FTC and State Attorneys General (AGs).

Scope of the Framework

The framework would apply to virtually all personal information collected and used in the United States and virtually all companies doing business here. It would give the FTC expanded authority over nonprofits and common carriers for purposes of the new law. In addition, the framework would apply broadly to all personal information, whether collected or inferred, that is linked or can reasonably be linked to a particular individual or device.