Earlier this month, US Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a privacy “bill of rights” to protect American consumers’ personal data. The Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act would require the Federal Trade Commission (FTC) to establish privacy protections for customers of online edge providers like Facebook and Google.
In 2014, the Federal Communications Commission (FCC) proposed rules that defined an edge provider as an “individual or entity that provides any content, application, or service over the Internet, and any individual or entity that provides a device used for accessing any content, application, or service over the Internet.”
The proposed legislation was put forth in advance of next month’s deadline for compliance with the European Union’s General Data Protection Regulation (GDPR), which governs how entities handle EU citizens’ data.
And to hammer home its significance, the senators introduced the bill while Facebook Chief Executive Mark Zuckerberg was testifying in front of Congress about the revelation that data firm Cambridge Analytica used Facebook data to target more than 87 million users in the 2018 US election.
The CONSENT Act draws from GDPR, particularly in how it seeks to protect customer data. The act mandates that the FTC require edge providers to:
- Obtain opt-in consent from users to use, share or sell users’ personal information.
- Develop reasonable data security practices.
- Notify users about all collection, use and sharing of users’ personal information.
- Notify users in the event of a breach.
Is the US adopting EU privacy practices?
European regulators have long tangled with Facebook over its data privacy practices, but US law has stayed mostly silent, with no federally mandated laws governing the general collection and use of consumer data on the books at this time. But there is some legislation, like the Children’s Online Privacy Protection Act (COPPA), which protects the privacy of children under 13.
And American companies that handle any European citizens’ data are bound to comply with laws governing that data, including the GDPR.
“The startling consumer abuses by Facebook and other tech giants necessitate swift legislative action rather than overdue apologies and hand-wringing,” Blumenthal said in a post announcing the move. “Our privacy bill of rights is built on a simple philosophy that will return autonomy to consumers: affirmative informed consent. Consumers deserve the opportunity to opt in to services that might mine and sell their data — not to find out their personal information has been exploited years later.”