Finally! A U.S. data protection bill we can get behind

Last week Congresswoman Anna Eshoo and Congresswoman Zoe Lofgren, both of California, introduced game-changing data protection legislation in the United States. In terms of protecting data privacy, the Online Privacy Act of 2019 goes far beyond their home state’s laudable and groundbreaking Consumer Privacy Act, set to take effect in California on January 1, 2020. It is also more robust than any of the pending federal data privacy bills on Capitol Hill. 

Responding to the U.S. Federal Trade Commission’s failure to protect our right to privacy, the Eshoo-Lofgren legislation creates a sorely needed U.S. Digital Privacy Agency (DPA), similar in mandate to European Data Protection Agencies. The DPA would investigate privacy violations and enforce the law.

The bill would also provide for the private right of action — that is, it would enable users (that’s you and me) to sue companies for data protection violations. This private right of action is an essential component of any strong data privacy bill, as it provides victims recourse when the government fails to act. 

In addition, among other user rights, the Online Privacy Act would empower people to opt in to certain kinds of data collection, correct or delete data about themselves, and limit the amount of time companies hold their information. 

An important note: while it is critical to reduce the amount of data the private sector collects, the bill could have gone further, to limit what public authorities can obtain. Governments that are given free rein can weaponize data just as easily as private companies.

That said, this is important and necessary legislation that helps reframe the debate in the U.S. by placing our human rights, not companies’ bottom line, at the center of the discussion on data privacy. Access Now applauds Representatives Eshoo and Lofgren for taking this bold step towards a rights-respecting future.