Congresswomen Are Hopeful That Reintroducing An Online Privacy Bill Will Work This Time

November 22, 2021

Return to Learning Center

Will Congress care about privacy for real this time?

House Representatives Ann Eshoo and Zoe Lofgren, both from the Silicon Valley area that controls many of the largest social media networks, reintroduced the Online Privacy Act this week. This is a draft bill whose creators tout by saying that it creates user data rights, limits companies data collection and use of user data, and establishes the Digital Privacy Agency (DPA) to enforce privacy laws. Will this help online digital privacy for Americans? Will it limit the large amount of data that brokers know about you? Will this gain any traction in the public square like the Net Neutrality discussion received years ago?

These two Democratic Congresswomen previously introduced the Online Privacy Act in 2019. The revised bill keeps prior provisions for data subject rights. The bill grants users the right to access, correct, or delete their data and it creates the right for users to decide how long companies can keep their data. The bill also places clear limits on the amount of data companies collect, process, disclose and maintain. Companies are prohibited from using data in discriminatory ways, and consent must be received from users in plain, simple language.

The revised bill also keeps prior provisions for the creation of the Data Privacy Agency (DPA) to enforce users’ privacy rights and to ensure companies follow the law. The DPA would be an independent federal agency with funding for as many as 1,600 employees and would contain an Office of Civil Rights within the DPA. The DPA could impose damages up to the same maximum amount as the Federal Trade Commission (FTC). When commenting on why another Federal bureaucracy needs to be created, the Congresswomen said that the FTC lacks the expertise, staff, and culture to try and engage in this arena. State Attorneys General would also be allowed to enforce violations of the bill alongside the agency. Individuals are allowed to appoint nonprofits to represent them in private class action lawsuits.

On the surface, many of these provisions in the bill sound great for people concerned about their privacy. Setting unambiguous standards for data retention and many other contentious topics could be a great step for online data privacy. Of course, as always, the devil is in a lot of nuanced details that are cloaked in complicated legal language that non-attorneys would struggle to work out. And of course, you have to wonder if different companies might effectively be treated differently in the bill? We hope that privacy activists such as the EFF would use their expertise to examine all of the tiny nuanced details in the bill's language that makes or breaks it. Additionally, many Americans would probably be skeptical about the necessity for the creation of another bureaucracy as part of this bill. Does privacy require a new Federal Agency and collection of bureaucrats? Given time and resources, is there any danger of unintended consequences or abuse or mission creep from this proposed DPA and any other provision within the bill? Nobody can know the future for certain, but we hope for public debate and discussion to emerge in the wake of this bill being re-introduced so more people are aware of the practices of Big Tech, search engines, and data-brokers and the extreme importance of privacy to peoples' lives in preventing identity theft, spam, harassment, abuse, fraud, threats, and many other problems that are a natural consequence of personal data being bought and sold.

We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.