US House Privacy LegislationCongresswomen Anna G. Eshoo (CA-18) and Zoe Lofgren (CA-19) introduced HR 4978, Online Privacy Act of 2019. The legislation creates user rights, places obligations on companies to protect users’ data, establishes a new federal agency to enforce privacy protections, and strengthens enforcement of privacy law violations. Among other things the Act would:
- Establish Digital Privacy Agency (DPA), an independent agency led by a Director that would be appointed by the President and confirmed by the Senate for a five-year term. The DPA will enforce privacy protections and investigate abuses. It would have funding for up to 1,600 employees and would be authorized to implementing adopt rules and issue fines for violations.
- Grant every American the right to access, correct, or delete and transfer data. It also creates new rights, like the right to impermanence, which lets users decide how long companies can keep their data.
- Minimize the amount of data companies collect, process, disclose, and maintain, and bar companies from using data in discriminatory ways. Additionally, companies must receive consent from users in plain, simple language and notify the DPA and users of breaches and data sharing abuses.
- Empowers state attorneys general to enforce violations of the bill and allows individuals to appoint nonprofits to represent them in private class action lawsuits.
- A one-page summary of the bill is available here. The full text is available here; a section by section analysis here.
Entities covered by the bill include both nonprofits and common carriers that intentionally collects, processes, or maintains personal information AND transmits personal information over an electronic network. Natural persons acting noncommercially are not considered covered entities. In addition, there is a small business exemption for entities that: do not earn revenue from the sale of personal information, earn less than half of annual revenue from targeted adverting, have personal information of fewer than 250,000 individuals, have less than 200 employees, and have revenue under $10 million.
“Every American is vulnerable to privacy violations with few tools to defend themselves,” said Rep. Eshoo. “Too often, our private information online is stolen, abused, used for profit, or grossly mishandled. We’re proud to introduce the Online Privacy Act to restore and protect the American people’s right to privacy. Our legislation ensures that every American has control over their own data, companies are held accountable, and the government provides tough but fair oversight.”
“Our country urgently needs a legal framework to protect consumers from the ever-growing data-collection and data-sharing industries that make billions annually off Americans’ personal information,” said Rep. Lofgren. “Privacy for online consumers has been nonexistent – and we need to give users control of their personal data by making legitimate changes to business practices. The Online Privacy Act creates a robust framework that balances the actual needs of businesses with fair privacy rights and expectations for users.”
The Regulatory Mix Today: US House Privacy Legislation, FCC 911 Outage Settlements
FCC 911 Outage Settlements
The FCC announced it had entered into settlements with CenturyLink and West Safety Communications to conclude investigations into violations of FCC rules in connection with a multi-state 911 outage that took place on August 1, 2018. Under the settlements, formally known as Consent Decrees, CenturyLink has agreed to pay $400,000 and West Safety Communications has agreed to pay $175,000 to the U.S. Treasury. In addition, both companies have committed to compliance plans, which require them to identify risks of disruptions to 911 service, protect against those risks, ensure detection of outages, prepare to respond quickly and effectively to outages, and plan to restore services as quickly as possible. The companies have also agreed to report to the FCC on these compliance efforts for the next three years.
The problem arose when a technician mistakenly made a configuration change to the 911 routing network, resulting in the failure of both companies to route 911 calls to dozens of 911 call centers in multiple states. The outage lasted 65 minutes and led to many 911 calls failing to reach emergency operators. Carriers are responsible for complying with applicable FCC rules regarding the design and reliable operation of their 911 networks regardless of any failures by their subcontractors or affiliate.
The Regulatory Mix, Inteserra’s blog of telecom related regulatory activities, is a snapshot of PUC, FCC, legislative, and occasionally court issues that our regulatory monitoring team uncovers each day. Depending on their significance, some items may be the subject of an Inteserra Briefing.