Reps. Suzan DelBene (D-Wash.) and Hakeem Jeffries (D-N.Y.) are offering up the latest legislative effort to regulate online privacy, including by requiring web sites and online services to get opt-in permission for collecting and/or sharing web browsing data and requiring privacy policies to be delivered in 'plain English.'
They have introduced The Information Transparency and Personal Data Control Act, which would also require disclosure if, and with whom, they share behavioral data, and why, as well as require third-party audits of privacy protections submitted to the Federal Trade Commission annually, and give the FTC rulemaking authority and states the right to pursue violations.
In fact, it would be the FTC that promulgated the rules in the bill, which makes sense given that the FCC deeded the FTC authority over most broadband regulation when it reclassified ISPs as information service providers in the Restoring Internet Freedom order.
But the FTC has historically enforced its authority over anticompetitive, unfair or deceptive practices via filing suit, or seeking settlements, against alleged violators, rather than adopting regulations.
"As a former tech CEO, I know firsthand that consumers, policymakers and the private sector share responsibility for protecting personal information from potential bad actors," said Del Bene, who is a former Microsoft executive. "With Americans spending roughly 24 hours per week online, and a quarter of people saying they're on the internet almost constantly, it's our job to ensure consumers have a clear understanding of what happens to their data."
The bill's inclusion of an opt-in requirement for a broad category of "sensitive" information that includes web browsing history, and which gives states the ability to enforce it makes it unlikely to attract many Republicans, though both parties are eyeing edge providers with new concern, particularly how they do, or more to the point don't, protect user data.
The Facebook/Cambridge Analytica third-party data sharing fiasco has put a new Hill focus on the issue. At Hill hearings with tech execs over the past several months, both more user control of their data and more decipherable user and privacy policies have both been
on the agenda.