The need for a federal privacy law has long been obvious to most, but implementing it in practice is a completely different matter. However, a compromise could potentially be unveiled by the end of the year.
Apple has been calling on Congress to pass a GDPR-style privacy law since at least 2018, but little progress has been made since then. . However, all this can change …
Europe led the way in 2018
The world's toughest privacy law is the EU's General Data Protection Regulation (GDPR), which came into force almost six years ago.
Even Apple, a company known for its respect for customer privacy, has had to strengthen its security measures to meet the extremely high standards set by the GDPR.
Four key obligations that the GDPR imposes on companies when collecting your personal data:
- There must be a specific legitimate reason for processing the data.
- Personal data must be encrypted
- You have the right to a copy. your data.
- You can ask to delete your data.
Apple has long called for a federal privacy law in the US
Later that year, Apple CEO Tim Cook gave a speech on why privacy is a key issue for the technology industry, as well as society at large. He called for a GDPR-style federal privacy law in the United States that replicates each of these four elements.
At Apple, we fully support a comprehensive federal privacy law in USA. There and everywhere it must be based on four fundamental rights:
Firstly, the right to minimize personal data. Companies should make it a point to anonymize customer data or not collect it at all. Secondly, the right to knowledge. Users should always be aware of what data is collected and why it is collected. This is the only way to give users the ability to decide which collection is legal and which is not. Anything less is deception. Thirdly, the right of access. Companies need to recognize that data belongs to users, and we all need to make it easier for users to get a copy… correct… and delete their personal data. And fourthly, the right to security.
General agreement, but conflicting proposals
By the following year, such legislation had bipartisan support, but there was no consensus on exactly what protections it should provide. Since then, a lack of agreement on specific issues has prevented meaningful progress.
This has led to a number of US states passing their own privacy laws. The California Consumer Privacy Act is the strictest of these, although even it failed to address the first point: requiring companies to have a compelling reason for collecting personal data.
One of the obstacles to federal law. there were conflicting proposals put forward by Sen. Maria Cantwell (D) and Rep. Cathy McMorris Rodgers, with neither side willing to compromise. Cantwell wanted tougher enforcement, including giving individuals the legal right to sue companies that broke the law. Now Rogers has agreed to it.
Cantwell and Rogers agree to compromise
However, they have now agreed on a compromise bill known as the American Privacy Rights Act (APRA).
“This bipartisan, bicameral bill is the best opportunity that We have had, over the past decades, established a national standard for privacy and data security that gives people the right to control their personal information,”Chairman Rogers and Cantwellstate. .
“This landmark legislation represents years of good faith efforts by both the House and Senate. It strikes a meaningful balance on issues that are critical to moving comprehensive data privacy legislation through Congress. Americans deserve the right to control their data, and we hope our colleagues in the House and Senate will join us in signing this legislation into law.”
One of the areas where Rogers, appears to have given grounds concerns an issue missing from California law—requiring companies to have a compelling reason to collect data in the first place—according to a spokesperson.
The project The legislation, obtained exclusively by The Spokesman-Review, would limit the data companies can collect, store and use to only what they need to provide their products and services. This would be a major change from the current consent-based system, which forces users to scroll through lengthy privacy agreements and bombards them with pop-ups asking for permission to be tracked online.
Currently American companies can collect and store any personal data they like about you, as long as they disclose this fact in their privacy policies, which can be stated in extremely general terms.
The key compromise on the Democrats' side is that small businesses are exempt from the law as long as they do not sell customer data to third parties.
Photo by Jason Dent on Unsplash
