Broad federal data privacy legislation should include provisions on transparency and accountability, as well as “meaningful enforcement” authority, a leading House Democrat said.
U.S. Rep. Jan Schakowsky (D-Ill.) said she would propose creating a division within the Federal Trade Commission to police data privacy, rather than establishing a separate agency. She said she would push to “beef up” the FTC in legislation “to make sure there is real capacity and the resources to do that.”
House and Senate lawmakers are weighing whether to give the FTC broad or targeted new rulemaking authority, and more resources, to enforce privacy and data security obligations. They also are discussing whether federal legislation should override state privacy laws, including California’s sweeping privacy law, the California Consumer Protection Act, taking effect in January.
Schakowsky, the House Energy and Commerce Consumer Protection and Commerce Subcommittee chairwoman, said she hopes to have a draft bill before Congress takes its August recess.
“We are absolutely moving ahead and beginning serious dialogue with the Republicans as well,” she told reporters after an event hosted by the Transatlantic Consumer Dialogue.
A bipartisan Senate Commerce, Science and Transportation Committee working group has been drafting its own bill. Schakowsky said she “feels a sense of urgency” and the House is “going to move ahead as fast as we can.”
Waiting on Preemption
State law preemption shouldn’t be part of the conversation “until we have legislation we agree on,” Schakowsky said, noting that she doesn’t oppose preemption in principle. Republican members of her subcommittee, including ranking member Cathy McMorris Rodgers (R-Wash.), are backing state privacy law preemption.
The prospective bill also must address the use of data for discriminatory purposes, and allow individuals to erase, amend, complete, and correct information that entities hold on them, Schakowsky said. She said lawmakers are discussing whether to include language about a private right of action, which gives individuals the right to sue companies for mishandling data.
To read more from Privacy & Data Security Law News pleaseOR Request Trial