TR Daily Klobuchar, Kennedy Offer Data Privacy, Breach Notification Bill
Monday, January 21, 2019

Klobuchar, Kennedy Offer Data Privacy, Breach Notification Bill

Sens. Amy Klobuchar (D., Minn.) and John Kennedy (R., La.) have introduced a bill that would set data breach notification obligations, require online platforms that collect data from users to have a privacy or security program and a published privacy policy — thus exposing them to Federal Trade Commission enforcement action if they do not adhere to their own privacy policies — and give consumers more control over the collection and use of their data.

The proposed Social Media Privacy and Consumer Rights Act (S 189), introduced yesterday, would require entities to notify consumers within 72 hours of becoming aware of data breaches affecting their information and would establish breach remedies available to consumers, including the right to require the platform to “erase all personal data of the user tracked by the operator” and to “cease further dissemination of personal data of the user tracked by the operator.” The platform operator must also offer the user a copy of all the personal data of the user that it has processed and “a list of each person that received the personal data from the operator, whether through sale or other means.”

The bill would establish a public safety exception to the requirement to erase personal data in the event of a breach at the user’s request.

The bill would impose a biennial compliance audit requirement on all online platform operators.

It would give consumers the right to opt out of data tracking and collection, give them greater access to collected and shared data, and require that the terms of service agreements be in plain language.

Online platforms would have to give users the opportunity to opt out of data collection before they create accounts or start using the site. However, if opting-out “creates inoperability in the online platform, the operator of the online platform may deny certain services or completely deny access to the user,” the bill says.

Consumers must be informed if any new products or changes in the platform privacy or security program override their privacy preferences and given a fresh opportunity to opt out. Platforms must also make the withdrawal of consent as easy as the grant of consent, and must ensure that access to the users’ data is not available more than 30 days after the withdrawal of consent, except as required by law.

The bill would authorize both the Federal Trade Commission and state attorneys general to enforce its provisions.

In a statement, Sen. Klobuchar said, “Every day, companies profit off of the data they’re collecting from Americans, yet leave consumers completely in the dark about how their personal information, online behavior, and private messages are being used. Consumers should have the right to control their personal data. Our legislation would ensure that companies use plain language to explain to consumers how their data is being used, allow consumers to opt out of certain data tracking and collection , and require companies to notify consumers of privacy violations within 72 hours of a breach.”

Sen. Kennedy said, “I don’t want to regulate Facebook or any private social media company, but these platforms continue to compromise their users’ private data. Our legislation reinforces data privacy standards and requires these companies to be transparent with how they are using our private information. In today’s world, private data is the equivalent of our personal identities, and companies need to know that they’ll be held accountable when they violate the public’s trust and compromise our private information. Our legislation does just that.”

The bill has been referred to the Commerce, Science, and Transportation Committee. —Lynn Stanton, [email protected]


Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More