With CCPA Looming, Politicians Pitch Last Minute Data Privacy Bills
One privacy bill would override state laws already on the books - like the CCPA - another would only pre-empt laws that conflict with certain provisions.
Even with the country’s most rigid data privacy bill to date, the California Consumer Privacy Act ("CCPA"), scheduled to go into effect in four weeks, politicians are still attempting to rally support around a national privacy law, one that would supersede California from carrying out legislation of its own.
The latest last-ditch effort came last week when Sen. Roger Wicker (R., Miss.) announced plans for a privacy bill of his own, the Consumer Data Privacy Act of 2019,
According to Reuters, which talked to the Senator in advance of the bill’s release, the bill is 25 pages and focuses on online consumer privacy, including consumer protections, requirements for companies that collect personal data.
Wicker, chairman of the Senate Committee on Commerce, Science, and Transportation, circulated a staff discussion draft of the bill shortly before Thanksgiving.
The full text of the bill hasn't been released but according to Reuters it largely mirrors legislation released by Senator Maria Cantwell (D-WA) last week – the Consumer Online Privacy Rights Act (“COPRA”). It would pertain to any company that does business across state lines, expand the definition of sensitive data to include biometric information, require organizations to have clear and present privacy policies, and allow consumers the right to ask companies to correct inaccurate data they have on them.
The big rift between Wicker and Cantwell and Democrats and Republicans for that matter is whether or not a national privacy bill would override state laws. Democrats are highly unlikely to support preemption language; Republicans meanwhile are looking to avoid having a patchwork of laws on the books, even if it means weakening California's new law.
Cantwell's bill, (.PDF) which she filed alongside Senators Brian Schatz (HI), Amy Klobuchar (MN) and Ed Markey (MA), on Tuesday last week would enact a new division within the Federal Trade Commission to look at privacy and data security from a rules and regulations standpoint. It would only pre-empt state laws that "directly conflict with the provisions of the Act."
California's law, passed and signed into law last year, goes into effect on January 1, 2020 but the California Attorney General's Office won't start enforcing it until July 1, 2020. The CCPA – viewed by many in the industry as a landmark bill - will give consumers more control over their information online, including how large corporations collect and use their personal data.
The CCPA gives consumers more control over their information online, including how large corporations collect and use their information. While the state can fine corporations for failing to keep data secure, if an internet user's unencrypted or nonredacted personal information winds up accessed and taken as a result of the company's failure to maintain reasonable security procedures, an individual could sue.
Both Cantwell and Wicker presided over a U.S. Senate Committee hearing Wednesday morning with officials from Microsoft, Walmart, and Georgetown to further discuss how legislative proposals could better enable consumers to control how their personal information is handled.