In theory, creating laws that help protect American citizens’ online privacy is a good idea. But a new bill would create an agency that would only further grow our already bloated federal government.
The Online Privacy Act, offered by California Reps. Anna Eshoo and Zoe Lofgren, calls for a new federal office called the Digital Privacy Agency (DPA), which would be in charge of enforcing online privacy rights.
The legislation would allow Americans to obtain, correct and delete data collected about them by any entity that collects, processes or maintains and transmits personal information over an electronic network. This is where the DPA would come in, as individuals would have the right to request a “human review” of automated decisions. The DPA would serve as a general traffic cop to enforce online privacy rights.
“Every American is vulnerable to privacy violations with few tools to defend themselves. Too often, our private information online is stolen, abused, used for profits or grossly mishandled,” Eshoo said in a statement. “Our legislation ensures that every American has control over their own data, companies are held accountable and the government provides tough but fair oversight.”
The creation of DPA would not come cheaply. The Democrats’ bill would authorize the agency to hire up to 1,600 full-time employees and authorizes an annual budget of $550 million through 2024.
The Online Privacy Act (H.R. 4978) was referred to the Subcommittee on Antitrust, Commercial and Administrative Law in the House Energy and Commerce Committee on Dec. 18.
ArsTechnica pointed out that current privacy laws in the U.S. are a patchwork of regulation with limited federal protection. Some states, such as Illinois, have implemented laws that limit the collection of biometric data, which led to a class-action lawsuit with Facebook over that website’s use of facial recognition.
California passed a broad privacy law in 2018 that went into effect this year that provides more control to state residents on how their personal data is collected, used and sold.
Privacy legislation is a bipartisan issue as Senate Republicans have pushed the United States Consumer Data Privacy Act and have worked with Democrats to draft new language for the Consumer Online Privacy Rights Act. Both pieces of legislation would require covered entities to, among other provisions, offer transparent privacy policies and obtain express consent prior to processing sensitive data.
Sen. Marco Rubio of Florida introduced the American Data Dissemination Act, which would create a timeline for the Federal Trade Commission to establish privacy rules.
All of that legislation was introduced in 2019 and awaits consideration in 2020.
Daniel Barber, CEO and co-founder of DataGrail, a privacy management platform for businesses, wrote that until everyone agrees on one data privacy law, “businesses will suffer.”
“While I generally favor the states’ role in being the so-called laboratories of democracy, only a uniform federal piece of legislation will solve the problem and create order,” he wrote.
Barber said he has concerns the Online Privacy Act will favor businesses over the rights of consumers.
We have concerns the bill would create an agency that would unnecessarily grow the size of the federal government yet again. Congress should look to protect the online privacy rights of American citizens, but not by creating an office with 1,600 employees.