A newly introduced privacy bill that would override state laws fails to “adequately protect privacy in the United States,” 20 watchdogs say in a new letter to lawmakers.
“The bill lacks adequate corporate obligations to prevent the invasive tracking of internet users and lacks provisions that give users meaningful control over their personal data and how that data is used,” the Campaign for a Commercial-Free Childhood, Center for Digital Democracy, Free Press, New America's Open Technology Institute and other groups say in a letter to Commerce Committee chair Roger Wicker (R-Mississippi) and ranking member Maria Cantwell (D-Washington).
The letter comes on the eve of a Senate Commerce Committee hearing about privacy.
“The Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act” (SAFE DATA Act), introduced last week by Wicker and three other Republicans, would require companies to allow consumers to access, edit and delete data about them.
The proposed law would require companies to obtain consumers' affirmative consent before transferring their “sensitive” information -- which the bill defines as including financial account numbers, persistent identifiers, precise geolocation data, and data revealing people's race, ethnic origin, religion and sexual orientation.
The measure would also require companies to allow people to opt out of the collection, processing or transfer of non-sensitive data that identifies or is “reasonably linkable” to an individual or device.
Should the bill pass, it would override state privacy laws -- including California's Consumer Protection Act, Illinois' biometric privacy bill and a new law in Maine that requires broadband providers to obtain consumers' explicit consent before tracking the for ad targeting purposes.
The groups opposing the bill say it falls short for several reasons, including that it relies on the “notice-and-consent” model for privacy -- meaning companies would be required to inform consumers about data collection and obtain their consent -- as opposed to prohibiting some forms of data collection.
The advocacy groups also criticize the bill's provisions overriding state privacy laws.
“Governments at all levels should play a role in protecting and enforcing privacy rights,” the opponents' letter states. “The bill includes an extremely broad preemption provision that would remove state legislatures completely from protecting privacy, which would have the effect of nullifying state consumer protection and civil rights laws as they relate to the sharing or use of personal information.”