A sizable amount of congressional time this year has been spent on hearings regarding various investigations into the activities of the President and his close associates. While that carries a measure of importance, so too does the increasing vulnerability online of Americans who are being victimized by not only hackers, but by the businesses who manage the online applications harvesting some of our most critical private information.
Although the leaders of the Senate Commerce Committee have had several discussions regarding how to best address the issue of consumer privacy online, those talks have failed to yield a meaningful bipartisan proposal as of yet, with committee leaders having previously presenting dueling privacy bills instead.
At a hearing last week, the two primary bills being floated were discussed by members of the Senate Commerce Committee. One bill is being championed by Committee Chairman Roger Wicker (R-MS), while the opposing piece of legislation is supported by Ranking Member Maria Cantwell (D-WA). There are other proposed bills written to address certain aspects of online privacy with specificity, like requiring companies to clearly disclose their privacy policies, but the framework for a bill that can satisfy the leadership of both parties is thought to be contained in portions of the 2 main proposals.
An important matter related to the current online privacy debate, which is driving the urgency of the Commerce Committee, is the impending activation of a landmark California law which kicks into effect on January 1st, 2020. The California Consumer Privacy Act will affect businesses with at least $25 million in revenue, companies that hold personal information on at least 50,000 people, or other entities that earn at least half their money by selling consumers' personal information.
Under this new law, any resident of California will be able to demand that a company fully disclose what data it has collected on them, and if they are so inclined, can force the deletion of the information. Additionally, beginning in July 2020, Californians will be allowed to file litigation against businesses for certain types of data breaches, and the new law also grants broader power to the office of the California attorney general bring an enforcement action against businesses that fail to comply.
Some detractors of this legislation are concerned with the effect that this will have on businesses, as the costs associated with compliance may hurt profitability, while supporters are applauding its comprehensive consumer protection protocols, and the rights that citizens will retain that enables them to be the ultimate arbiter of the fate of their personal data.
The California law is also being perceived as the first pronounced step by America to institute legislation similar to Europe's General Data Protection Regulation (GDPR). Under GDPR, companies that process personal data must clearly disclose the point at which data on the individual is collected, while declaring any lawful basis and purpose for the processing of the data. They also must inform customers how long they intend to retain their data and whether or not it will be shared with any third parties or entities outside of Europe.
Customers also have the right to request a copy of the data collected by a processor, similar to the pending California law. Furthermore, public authorities and businesses whose core activities consist of regular processing of personal data, are required to employ a Data Protection Officer (DPO), who serves to ensure compliance with the GDPR.
Failure to comply comes with severe penalties, as violators of the GDPR may be fined up to the greater of either €20 million or up to 4% of the preceding financial year's profits.
The question many in the US are asking, is whether individual state laws should set precedent, or whether there should be a federal standard, which this 11th hour scramble by the Senate Commerce Committee is seeking to clarify.
In only the past few years, data breaches involving tech giants like Facebook and Yahoo and retail giants like Target and Macy's, have dominated the tech headlines. Furthermore, just recently, customers of American gun manufacturer Smith & Wesson were hit with an attack that compromised the payment details of shoppers using Magecart malware.
With only days left before Washington shuts down for the holidays, a measure of focus should be dedicated to shoring up the protection of online data related to all Americans. Whether our divided legislative branch is able to accomplish this important feat remains to be seen.
Julio Rivera is the Editorial Director for Reactionary Times, a Business Consultant and Political Strategist and a Columnist for several major news and opinion websites and newspapers.