S 1578 - Do Not Track Sen. Josh Hawley (R-MO)
        Bill requires the Commission to implement and enforce a Do Not Track System to protect consumers from unwanted
        online data harvesting and targeted advertising. As part of this system, the Commission is to designate a DNT signal that
        can be downloaded to any common connected device and is sent to every website, online service, or online application
        that the device connects to. The user can choose to exempt a website, service or application from receiving the signal. If
        a user is not sending a DNT signal, any website, service or application that is collecting more data than necessary to
        operate, shall inform the user via pop-up notification. Collection for the purpose of targeted advertising is considered
        more than is necessary. Data collected for the purpose of analytics can only be done so in a de-identified manner and
        cannot be used to create or contribute to a profile of the user, unless listed exemption requirements are met.

        S 1951 - The DASHBOARD Act Sen. Josh Hawley (R-MO)
        Bill requires data operators with over 100 million monthly users to disclose types of data collected and an assessment of
        its value. Operators will need to file an annual report on the aggregate value of the user data they've collected and must
        allow users to delete all or individual fields of what has been collected. Also gives authority to the SEC to develop
        methodologies for calculating data value.

        HR 4978 - Online Privacy Act of 2019 Rep. Anna Eshoo
        This bill is the most comprehensive legislation in the House at the point of introduction. The most concerning portion of
        the bill is its definition of personal information which is broad and applies to anything that can be reasonably connected
        to a consumer. It also has provisions that would create a Digital Privacy Agency (not supported by GOP), user rights that
        allows access to delete or move data, includes a number of provisions that apply specific responsibilities on companies,
        and creates a private right to action and no preemption of state legislation (both strongly opposed by GOP). It is not
        supported by E&C leadership, making its chance of passage fairly slim but the sponsors have significant influence so will
        have influence on any final bill that passes the House.

        S 2186 - Protecting Personal Information Act of 2019 Sen. Jeff Merkley
        A bill to require entities to provide consumers with the opportunity to prohibit the entity from collecting or using certain
        data concerning the consumer and to request deletion of such data.

        HR 4170 - Ensuring National Constitutional Rights for Your Private Telecommunications Act Rep. Ted Lieu (D-CA)
        The bill prohibits legislative requirements for any computer hardware or software, electronic device, or online service to
        be designed to allow for physical search or the ability to decrypt data. Prohibits a legislative ban on the selling of such a
        product or service due to its encryption/privacy capabilities.

        S 2342 - Data Broker List Act of 2019 Sen. Gary Peters
        The bill applies data brokers, entities that collect consumer personal information and sell it to another business who
        does not have a direct relationship with the consumer. Personal information is defined as related to any identified or
        identifiable individual. The bill requires that the information is acquired lawfully and imposes a responsibility on the data
        broker to not sell it to a third party that it knows is using the information illegally. The data broker must develop a
        information security program to protect against security breaches or other inadvertent or improper disclosure of
        personal information. It must annually register with the Commission and provide information about its location and
        whether it provides an opt out for the consumer. Oversight is by the Federal Trade Commission, which is granted
        authority to promulgate regulations necessary for implementation of the bill.

        S 2637 - Mind Your Own Business Act of 2019 Sen. Ron Wyden (D-OR)
        The bill is the latest and strongest bill with the stated purpose of ensuring data privacy and putting in place strict
        penalties, including jail time, for violations. The most problematic aspect of the bill is its definition for personal
        information: any information, regardless of how it is collected, inferred, or obtained that is reasonably linkable to a
        specific consumer or consumer device. This places a VIN solidly within the scope of the definition and the bill.