New Bill Could Cost US Companies Data

Written by

A new online privacy bill put forward by senators in the US proposes granting citizens the right to request that their personal data be deleted from companies' records. 

The Consumer Online Privacy Rights Act (COPRA) would provide consumers with foundational data privacy rights and force companies to be transparent in their use of users' personal information.

The bill was introduced today by Washington senator and Senate Commerce Committee member Maria Cantwell and sponsored by Senators Ed Markey, Amy Klobuchar, and Brian Schatz.

Cantwell's proposal would allow users to request details of what personal information a company is holding on them, along with the name of any third party to whom their data has been transferred. 

Under section 103 of the bill, a company, upon receiving a verified data-deletion request from an individual user, would have to delete (or let the individual delete) any personal information that had been gathered. The company would also have to inform any service provider or third party of the individual's deletion request. 

Companies would not be allowed to collect additional information beyond what they reasonably require if the bill becomes law. And companies would be required to get permission before collecting and sharing sensitive data, including precise locations and biometric information. 

If the bill is passed, users would gain the right to request corrections to any inaccurate data held by companies. 

Companies would be required to make available and readily accessible a privacy policy that provides a detailed and accurate representation of their data processing and data transfer activities.

Under the proposal, states would continue to issue their own privacy laws, and citizens would still have the private right of action to bring their own lawsuits.

Cantwell’s legislation also proposes the creation of a new bureau within the Federal Trade Commission to handle digital privacy enforcement. The bill mandates that the bureau be fully staffed and operational within two years of its enactment.

The privacy legislation proposals are due to be discussed at a hearing of the Commerce Committee in December. 

Steve Durbin, managing director of the Information Security Forum, commented: "There is a very real need for a Federal law to avoid States introducing their own variations and interpretations on privacy which adds a further compliance burden to already overstretched businesses looking to understand and comply with their obligations across the various regions in which they are transacting business."

What’s hot on Infosecurity Magazine?