data protection

The SAFE DATA Act is “safe” in name only

On September 17, 2020, U.S. Senator Wicker introduced a comprehensive privacy bill, the ‘‘Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act’’ or the ‘‘SAFE DATA Act” (full legislation summarized here). This bill is an update from draft legislation the Senator circulated in November 2019, which we similarly opposed

This bill is problematic for many reasons. For one, with its focus on transparency and consent, it provides few protections beyond current law. At the same time, it preempts all state laws on data practices and simultaneously fails to meaningfully improve enforcement of privacy protections.The bill includes no civil rights protections and its data minimization section requires no actual data minimization.

“The SAFE DATA Act would do almost nothing to improve privacy protections in the United States,” said Eric Null, U.S. Policy Manager at Access Now. “It would, however, broadly undermine civil rights and privacy protections that exist at the state level because of its preemption provision. This means it would preempt the California Consumer Privacy Act, Illinois’ Biometric Information Privacy Act, and Maine’s broadband privacy law, among others, even though parts of the bill are weaker than these state laws. What is more, the bill’s enforcement provisions lack a significant increase in FTC authority or funding, and it does not create a private right of action. It might as well be called the Unsafe Data Act.”

The SAFE DATA Act will likely be one focus of this week’s privacy hearing, to be held on September 23. The hearing will feature four former Federal Trade Commissioners, two of whom represent the industry-backed 21st Century Privacy Coalition. In advance of the hearing, Access Now joined public interest partners in sending a letter to Senate Commerce Committee leadership that outlines the shortcomings of the SAFE DATA Act.