House Republicans on the Energy and Commerce Committee on have unveiled a discussion draft of a privacy bill that would override more stringent state laws.
“Privacy does not end at state lines and Americans deserve better than a patchwork of different and conflicting state laws,” Reps. Cathy McMorris Rodgers (Washington) and Gus Bilirakis (Florida) stated Wednesday, when they publicly released the discussion draft.
The "Control Our Data Act" would require companies to disclose their policies regarding the collection and sharing consumers' “personal information.”
The measure would allow consumers to access, correct and delete that information, as well as opt out of its collection, use or sharing.
The draft bill defines personal information as data that's “linked or reasonably linkable to a specific individual,” but specifically excludes pseudonymized data from that definition.
The lawmakers didn't provide any examples of pseudonymized data in the draft, but the ad industry has often argued that the data relied on for ad targeting -- including cookies and device identifiers -- is pseudonymous.
By contrast, a bill introduced in July by Republican Senators Roger Wicker (Mississippi) and Marsha Blackburn (Tennessee) would require companies to allow people to opt out of the collection, processing or transfer of any data that identifies or is “reasonably linkable” to an individual or device -- including the type of data used for ad targeting.
The “Control Our Data Act” draft bill would also require companies to obtain consumers' explicit consent before collecting their sensitive information -- including not only financial account numbers and other data that could be used for identity theft, but also health data, biometric information, geolocation information, and “contents and parties” to communications.
The measure would task the Federal Trade Commission with enforcement, and allow the agency to fine first-time violators.