Sen. Marco Rubio (R-Fla.) has introduced a bill, the American Data Dissemination Act, regulating the collection and use of personal data. It would apply the general outlines of the 1974 Privacy Act, which dealt with government record keeping, to private companies data practices.
It comes as the practices of edge behemoths are increasingly coming under scrutiny in Congress from both sides of the aisle.
That 1974 act established a code of fair information practices for information retained by federal agencies, including prohibition of disclosure of an individual's records without prior written consent, with some statutory exceptions. It also allows individuals to seek access and amend their records.
"[T]he bill provides overdue transparency and accountability from the tech industry while ensuring that small businesses and start-ups are still able to innovate and compete in the digital marketplace," Rubio's office said.
Rubio said the goal of the 1974 act was to balance the need of the government to retain information with protections against government intrusions into privacy. "A similar structure would provide consumers with protections against similar unwarranted intrusions from sophisticated actors in the private industry," the Senator said.
Specifically, the bill requires the Federal Trade Commission to submit recommendations for the privacy requirements Congress can impose on private actors, then submit proposed regulations to impose those requirements, then promulgate a final rule if Congress has not enacted a law based on those recommendations within two years' of the bill's enactment.
There are carveouts for smaller, newly formed, companies so that the bill does not "entrench" large incumbents who can more easily shoulder the financial load of new regs.
Mirroring the 1974 act, it also "provides consumers with rights to access and correct records maintained by a covered provider that are not accurate, relevant, timely or complete as defined by the FTC, and a process for deletion of a record."
"Without seeing the full Rubio language, his one-pager uses the pejorative 'patchwork' to dismiss innovative state law efforts such as the new California Consumer Privacy and Illinois Biometric Information Privacy Acts," said U.S.Pirg senior director, federal consumer programs, Ed Mierzwinski. "Any new comprehensive federal privacy law should provide baseline protections but continue to allow states to lead with stronger laws. No law can protect consumers unless it preserves future state action."
“While I appreciate Senator Rubio’s interest in privacy protection, this bill fails to adequately address the modern ecosystem of data collection and use and would nullify stronger state laws," said Susan Grant, director of consumer protection and privacy for Consumer Federation of America. "Furthermore, we need an independent data protection agency that can promulgate rules without having to submit them for Congressional approval.”