December 9, 2018

December 07, 2018

Subscribe to Latest Legal News and Analysis

National Privacy Legislation May Be on the Horizon

The recent passage of the California Consumer Privacy Act (CCPR) earlier this summer and the entry into force of the General Data Protection Regulation (GDPR) last May has put consumer privacy squarely on the national agenda. Now there are signs that government is responding. While a number of privacy bills have been introduced in Congress that never made it out of committee, Senator John Thune (R-SD), the ranking Republican on the Senate Commerce Committee, recently indicated this may be changing. Thune opened a recent hearing of the Committee at which Google, Amazon, Twitter and AT&T commented that both Republicans and Democrats support a national privacy law, but noted: “the question is what shape that law should take.” The companies testifying expressed support for preemptive federal legislation that gives consumers more control over their data and stresses transparency, but avoids a one-size-fits-all approach that might stifle innovation.

In the wake of the hearing, the U.S. Department of Commerce National Telecommunications and Information Administration (NTIA) is now seeking comments on several high-level goals that are intended to protect consumer privacy while encouraging innovation. The strategy outlined in the Request for Comments is “outcome-based” rather than prescriptive and offers seven key objectives:

  1. The collection, use, sharing and storage of personal data should be transparent;

  2. Users should be able to exercise reasonable control over the collection, use, storage, and disclosure of their personal data;

  3. Data minimization principles should apply;

  4. Organizations should ensure safeguards are in place to protect personal data from loss and unauthorized use;

  5. Consumers should have the right to rectify and delete their personal data;

  6. Privacy tools should be flexible enough to encourage innovation while also protecting consumer data;

  7. Organizations should be accountable for data processing activities.

Comments are due to NTIA by October 26, 2018.

A number of trade associations, fearing unduly prescriptive federal legislation or a patchwork of state privacy laws, have also weighed in. The Chamber of Commerce, The Internet Association and other organizations recently published privacy proposals that call for preemptive, process-driven rules, themes that were echoed during the recent Commerce committee hearing. Senator Thune stated that a second hearing will take place starting in early October at which Alastair Mactaggart, the driving force behind the California ballot initiative whose withdrawal resulted in enactment of the CCPA, and European Data Protection Board (EDPB) Chairwoman Andrea Jelinek will testify.

Privacy legislation will likely continue to be a hot topic for the rest of the year, and for the new Congress in January, and we anticipate that state legislatures will also be looking at privacy and data security in 2019.

© 2018 Keller and Heckman LLP

TRENDING LEGAL ANALYSIS


About this Author

Sheila Millar, Keller Heckman, advertising lawyer, privacy attorney
Partner

Sheila A. Millar counsels corporate and association clients on advertising, privacy, product safety, and other public policy and regulatory compliance issues.

Ms. Millar advises clients on an array of advertising and marketing issues.  She represents clients in legislative, rulemaking and self-regulatory actions, advises on claims, and assists in developing and evaluating substantiation for claims. She also has extensive experience in privacy, data security and cybersecurity matters.  She helps clients develop website and app privacy policies,...

202-434-4646
Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer
Partner

Tracy Marshall joined Keller and Heckman in 2002. She assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and commercial e-mail messages, contests and sweepstakes, endorsements and testimonials, marketing to children, and data breach notification. Ms. Marshall also helps clients establish best practices for collecting, storing, sharing, and disposing of data, and manage outsourcing arrangements and transborder data flows. In addition, she assists with drafting and implementing internal privacy, data security, and breach notification policies, as well as public privacy policies and website terms and conditions. 

202-434-4234