Tag Archives: us privacy bill

US Privacy Bill

On October 11, 2019, California Governor Gavin Newsom signed the remaining amendments to the California Consumer Privacy Act (CCPA) into law.  The CCPA provides unprecedented privacy rights to California residents similar to those enjoyed by EU citizens since the implementation of GDPR. Most companies that do business with California will need to comply with the requirements of the new law.  The deadline for compliance with CCPA is 1st January 2020 though some commentators believe that this deadline may be extended.

Other US states are already considering introducing privacy legislation reflecting the measures taken by California. However, events are moving quickly…

On 5th November two Californian Democrat Congresswomen, Anna G. Eshoo and Zoe Lofgren, introduced an Online Privacy Bill to the US House of Representatives.  If successfully enacted the Act would create a federal Data Protection Agency (DPA) covering the whole of the US.

Corporate Data Privacy Obligations

The draft legislation imposes a raft of obligations on organisations, including:

  • disclose why they need to collect and process data
  • minimise employee and contractor access to personal data
  • not disclose or sell personal information without explicit consent
  • not use private communications such as email to target ads or for “other invasive purposes”

The legislation is attempting to tackle a range of abuse of privacy data. This is illustrated by the requirement for organisations to “notify the agency (the DPA) and users of breaches and data sharing abuses, e.g., Cambridge Analytica.”

Citizens Data Privacy Rights

The bill would give citizens the right to:

  • access, correct, delete, and transfer data about them;
  • request a human review of impactful automated decisions;
  • opt-in consent for using data for machine learning / A.I. algorithms;
  • be informed if a covered entity has collected your information; and to choose for how long their data can be kept   

Sound familiar?

If you have any questions about data protection, please contact us via email team@datacompliant.co.uk or call 01787 277742.You can find more of our blogs here.

Gareth Evans, 15th November 2019

New US Privacy Bill on the Way

Core US Privacy Principles

 On 18th November Democratic Senators issued a set of core principles that should underpin any proposed Federal Privacy legislation.

The principles cover several issues across four categories to protect consumer privacy: (1) establish data safeguards, (2) invigorate competition, (3) strengthen consumer and civil rights, and (4) impose real accountability.

New US Privacy Bill

Then on November 26, 2019, the senators unveiled a new comprehensive federal privacy bill entitled the Consumer Online Privacy Rights Act (“COPRA”).

The bill would create a new bureau within the Federal Trade Commission. The bureau would promote data security and strengthen the law at State level.

COPPRA would amongst other measures: 

  • grant citizens new privacy rights, including the rights to access, delete and correct their data, as well as a right to data portability;
  • require organisations to obtain express, affirmative consent for the collection and use of sensitive data
  • prohibit the use of certain types of personal data including race, ethnicity and gender from being used to discriminate in decisions on   employment, credit, housing or education.
  • require organisations using algorithms to take decisions to undertake an algorithmic decision-making impact assessment.

Interestingly COPPRA seeks to exclude small businesses with annual revenue of less than $25 million from its requirements, as long as they process the data of fewer than 100,000 individuals or households annually.

If enacted the legislation is likely to impact businesses handling data of US citizens.  It should ease the transfer and processing of personal data for companies operating in different US States.

If you have any questions about data protection, please contact us via email team@datacompliant.co.uk or call 01787 277742. You can find more of our blogs here.

Gareth Evans, 2nd December 2019