Page 27 - NCISS Your Advocate April 2020
P. 27
S 1578 - Do Not Track Sen. Josh Hawley (R-MO)
Bill requires the Commission to implement and enforce a Do Not Track System to protect consumers from unwanted
online data harvesting and targeted advertising. As part of this system, the Commission is to designate a DNT signal that
can be downloaded to any common connected device and is sent to every website, online service, or online application
that the device connects to. The user can choose to exempt a website, service or application from receiving the signal. If
a user is not sending a DNT signal, any website, service or application that is collecting more data than necessary to
operate, shall inform the user via pop-up notification. Collection for the purpose of targeted advertising is considered
more than is necessary. Data collected for the purpose of analytics can only be done so in a de-identified manner and
cannot be used to create or contribute to a profile of the user, unless listed exemption requirements are met.
S 1951 - The DASHBOARD Act Sen. Josh Hawley (R-MO)
Bill requires data operators with over 100 million monthly users to disclose types of data collected and an assessment of
its value. Operators will need to file an annual report on the aggregate value of the user data they've collected and must
allow users to delete all or individual fields of what has been collected. Also gives authority to the SEC to develop
methodologies for calculating data value.
HR 4978 - Online Privacy Act of 2019 Rep. Anna Eshoo
This bill is the most comprehensive legislation in the House at the point of introduction. The most concerning portion of
the bill is its definition of personal information which is broad and applies to anything that can be reasonably connected
to a consumer. It also has provisions that would create a Digital Privacy Agency (not supported by GOP), user rights that
allows access to delete or move data, includes a number of provisions that apply specific responsibilities on companies,
and creates a private right to action and no preemption of state legislation (both strongly opposed by GOP). It is not
supported by E&C leadership, making its chance of passage fairly slim but the sponsors have significant influence so will
have influence on any final bill that passes the House.
S 2186 - Protecting Personal Information Act of 2019 Sen. Jeff Merkley
A bill to require entities to provide consumers with the opportunity to prohibit the entity from collecting or using certain
data concerning the consumer and to request deletion of such data.
HR 4170 - Ensuring National Constitutional Rights for Your Private Telecommunications Act Rep. Ted Lieu (D-CA)
The bill prohibits legislative requirements for any computer hardware or software, electronic device, or online service to
be designed to allow for physical search or the ability to decrypt data. Prohibits a legislative ban on the selling of such a
product or service due to its encryption/privacy capabilities.
S 2342 - Data Broker List Act of 2019 Sen. Gary Peters
The bill applies data brokers, entities that collect consumer personal information and sell it to another business who
does not have a direct relationship with the consumer. Personal information is defined as related to any identified or
identifiable individual. The bill requires that the information is acquired lawfully and imposes a responsibility on the data
broker to not sell it to a third party that it knows is using the information illegally. The data broker must develop a
information security program to protect against security breaches or other inadvertent or improper disclosure of
personal information. It must annually register with the Commission and provide information about its location and
whether it provides an opt out for the consumer. Oversight is by the Federal Trade Commission, which is granted
authority to promulgate regulations necessary for implementation of the bill.
S 2637 - Mind Your Own Business Act of 2019 Sen. Ron Wyden (D-OR)
The bill is the latest and strongest bill with the stated purpose of ensuring data privacy and putting in place strict
penalties, including jail time, for violations. The most problematic aspect of the bill is its definition for personal
information: any information, regardless of how it is collected, inferred, or obtained that is reasonably linkable to a
specific consumer or consumer device. This places a VIN solidly within the scope of the definition and the bill.