Core US Privacy Principles
On 18th November Democratic Senators issued a set of core principles that should underpin any proposed Federal Privacy legislation.
The principles cover several issues across four categories to protect consumer privacy: (1) establish data safeguards, (2) invigorate competition, (3) strengthen consumer and civil rights, and (4) impose real accountability.
New US Privacy Bill
Then on November 26, 2019, the senators unveiled a new comprehensive federal privacy bill entitled the Consumer Online Privacy Rights Act (“COPRA”).
The bill would create a new bureau within the Federal Trade Commission. The bureau would promote data security and strengthen the law at State level.
COPPRA would amongst other measures:
- grant citizens new privacy rights, including the rights to access, delete and correct their data, as well as a right to data portability;
- require organisations to obtain express, affirmative consent for the collection and use of sensitive data
- prohibit the use of certain types of personal data including race, ethnicity and gender from being used to discriminate in decisions on employment, credit, housing or education.
- require organisations using algorithms to take decisions to undertake an algorithmic decision-making impact assessment.
Interestingly COPPRA seeks to exclude small businesses with annual revenue of less than $25 million from its requirements, as long as they process the data of fewer than 100,000 individuals or households annually.
If enacted the legislation is likely to impact businesses handling data of US citizens. It should ease the transfer and processing of personal data for companies operating in different US States.
Gareth Evans, 2nd December 2019