GDPR-type Law in the US: Congress
Government officials, academia, and advocacy groups say it’s time for the US to get its own GDPR-type law.
An independent report authored by a US government auditing agency has recommended that Congress develop internet data privacy legislation to enhance consumer protections, similar to the EU’s General Data Protection Regulation.
The 56-page report was put together by the US Government Accountability Office, a bi-partisan government agency that provides auditing, evaluation, and investigative services for Congress. Its reports are used for hearings and drafting legislation.
The House Energy and Commerce Committee, which requested the GAO report two years ago, has scheduled a hearing for February 26, during which it plans to discuss GAO’s findings and the possibility in drafting the US’ first federal-level internet privacy law.
If the committee’s members would be to follow GAO’s conclusions, a GDPR-like legislation should be coming to the US.
“Recent developments regarding Internet privacy suggest that this is an appropriate time for Congress to consider comprehensive Internet privacy legislation,” GAO officials said.
They recommended that the Federal Trade Commission be put in charge of overseeing internet privacy enforcement.
The FTC has already been doing this, but its authority and enforcement abilities have been limited, intervening in only 101 internet privacy-related cases in its entire history, despite rampant abuse reported by users and media. The new law should give the FTC more teeth in hunting user privacy abusers, GAO argued.
Supporting its conclusions for a though internet privacy law, GAO investigators cited the Facebook Cambridge Analytica scandal, but also its own previous reports about:
- The dangers to user privacy due to the lack of regulation and oversight in the ever-growing Internet of Things sector where devices collect massive amounts of information without users’ knowledge.
- Automakers collecting data from smart cars owners.
- The lack of federal oversight over companies that collect and resell user information.
- The lack of protections for mobile users against secret data collection practices.
For its report, GAO analyzed the FTC’s previous 101 user internet privacy investigations but also took into consideration feedback from the private sector, academia, advocacy groups, other government agencies, and nine former FTC and FCC top-ranking officials, including seven former commissioners.
“This detailed GAO report makes clear now is the time for comprehensive congressional action on privacy that should include ensuring any agency that oversees consumer privacy has the tools to protect consumers,” said House Energy and Commerce Chairman Frank Pallone, Jr. (D-NJ), the official who requested the report in 2017.
“These recommendations and findings will be helpful as we look to develop privacy legislation in the coming months,” he said.
The GAO report came just one day before news broke that the FTC is mulling a multi-billion dollar fine against Facebook for a series of privacy violations, including the Cambridge Analytica scandal named in the GAO report.
Last year, Apple CEO Tim Cook urged the US to copy the EU’s user data privacy regulation, the GDPR. Also last year, Oregon Democrat Senator Ron Wyden also introduced a bill that would jail company execs for lying or not reporting privacy violations.