Legislators Introduce U.S. GDPR with the Federal Online Privacy Act

Legislators Introduce U.S. GDPR with Federal Online Privacy Act


Federal lawmakers have introduced HR 4978, the Online Privacy Act (OPA), which is intended to bring the U.S. in line with the rest of the Internet-connected world. It would also establish the Federal Digital Privacy Agency (DPA).

While all of the EU countries have GDPR, the U.S. has always been in the pockets of the marketing lobbies, who have lots of money, and a vested interest in not protecting the privacy of your personal information, because they profit from selling it.

Although some individual states have passed or introduced online privacy laws, such as Colorado, California, Washington, Massachusetts, New York, Maryland, Rhode Island, and Hawaii, even in states where these laws have passed, enforcement will be problematic given the national and international nature of the Internet. That’s why a national law is needed.

In short, the OPA, which is authored and sponsored by California congresswomen Anna Eshoo and Zoe Lofgren, is intended to address the appalling lack of digital privacy rights that is currently the status quo in the U.S.. The bill, as introduced, seeks to create and bolster individual rights as they relate to the collection and storage of that personal information referred to as personally identifiable information, or PII, as well as to create requirements to which organizations must adhere relating to the privacy and security of the PII which they collect.

Get notified of new Internet Patrol articles for free!

The Online Privacy Act would also establish the United States Digital Privacy Agency “to enforce such rights and requirements, and for other purposes”.

Here is the summary of the OPA from Congresswoman Eshoo’s announcement of the Online Privacy Act. You can also read the full text of HR 4978, The Online Privacy Act, as well as a section by section summary of the Online Privacy Act.

Full Text of the Online Privacy Act Summary

“The ubiquity of the internet has led to educational, social,and entrepreneurial opportunities. But it has also created a new scale of privacy issues that outmatch existing laws. Cambridge Analytica and the Equifax data breach are but two symptoms of a much larger problem. Other countries and many states have taken important steps, but Congress must act. Reps.Anna Eshoo and Zoe Lofgren, who represent Silicon Valley, have introduced comprehensive privacy legislation that protects individuals, encourages innovation, and restores trust in technology companies.

Key Provisions

Digital Privacy Agency (DPA). The bill creates a new federal agency to enforce users’ privacy rights and ensure companies follow the law. While unique for the U.S., this would be not the only privacy agency in existence. Every E.U.country has a privacy agency, and a California ballot initiative is proposing a new state agency. The DPA would be an independent agency with funding for up to 1,600 employees.

User Rights. The bill gives users the right to: access, correct, delete, and transfer data about them; request a human review of impactful automated decisions; opt-in consent for using data for machine learning/A.I.algorithms; be informed if a covered entity has collected your information; and choose for how long their data can be kept.

Company Obligations. Companies must: articulate the need for and minimize the user data they collect, process, disclose, and maintain; minimize employee and contractor access to user data; not disclose or sell personal information without explicit consent; not use third-party data to reidentify individuals; not use private communications, (e.g., emails and web traffic) for ads or other invasive purposes; not process data in a way that violates civil rights, e.g., employment discrimination; only process genetic information in limited circumstances; use objectively understandable privacy policies and consent processes, and may not use ‘dark patterns’ to obtain consent; employ reasonable cybersecurity policies to protect user data; and notify the agency and users of breaches and data sharing abuses, e.g., Cambridge Analytica.

Enforcement The DPA can issue regulations to implement this bill and issue fines for violations. The max money damage is the same as the FTC Act’s max ($42,530 per incident). State attorneys general may also bring civil actions for violations of this bill. Individuals may sue for declaratory or injunctive relief; individuals (not acting collectively) may sue for damages.Harmed individuals and States may appoint nonprofits to bring collective, private civil actions for damages on behalf of users.

Protections for Journalists. Expressly allows journalists to use or disclose personal information for investigative journalism no differently than they do today. This applies so long as there are safeguards against using the information for non-journalistic

Additional Provisions. The bill criminalizes doxxing; limits companies from using data to build behavioral profiles without consent; exempts small businesses from the most onerous requirements; prohibits the sale of government records with personal data without consent,and creates an Open Source Machine Learning Training Data Grant Program.”


So what do you think? Will it pass? Would that be good? Bad?

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

Legislators Introduce U.S. GDPR with the Federal Online Privacy Act

Get notified of new Internet Patrol articles!
People also searched for unchain emails gmail, HR 4978 online privacy act, are there laws against sending mail to a deceased person, nevada sb 220

Leave a Reply

Your email address will not be published. Required fields are marked *