In late September, a few Republican members of the Senate Committee on Commerce, Science and Transportation (“Commerce Committee”) introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act, adding to the slew of federal data privacy bills before the Committee.
The Safe Data Act would enhance the Federal Trade Commission’s (FTC) authority and provide additional enforcement resources. The Safe Data Act contains some measures captured in other bills before the Commerce Committee, including the Deceptive Experiences to Online Users Reduction Act (Detour Act), the Balancing the Rights of Web Surfers Equally and Responsibly Act (Browser Act), and the Consumer Online Privacy Rights Act (COPRA). It provides consumers with more control over their data and strengthens the FTC’s ability to respond to changes or advancements in technology.
If enacted, the Safe Data Act would prohibit businesses from processing or transferring sensitive consumer data without their consent. The Safe Data Act would also minimize the amount of consumer data businesses can collect, process, and retain, and would limit secondary uses of consumer data without consumer consent.
The Safe Data Act attempts to create a national standard that would preempt or supersede state privacy laws. A federal standard could, in theory, ease the burden on businesses that currently need to comply with a complicated patchwork of state and local privacy laws. This preemption issue captured a lot of attention during Committee testimony on September 23rd, particularly from California Attorney General Xavier Becerra, who argued that a federal standard should be the floor rather than the ceiling for privacy standards. Earlier this year, Becerra oversaw the implementation of California Consumer Privacy Act—the nation’s most comprehensive state data protection statute to date—which, he said would be heavily dismantled by Federal preemption. Another issue that has captured attention during the Committee hearing is whether federal legislation should include a private right of action, which would allow consumers to pursue legal remedies themselves.
The bottom line? There are several approaches being considered and little agreement on the path forward. Though we expect the conversation to continue into Lame Duck, we do not anticipate consensus on a unified approach to data privacy until the 117th Congress in January 2021.
Octillo continues to monitor this evolving landscape and provide updates on important topics such as data privacy, which have a very real impact on business operations. Regardless of the legislative landscape, a robust data security and privacy program that can stand the test of time is a wise investment. Our team is available to assist your team evaluate legal implications of current requirements and legislative changes in the data privacy field.
*Attorney Advertising. Prior results do not guarantee future outcomes.
Subscribe to our Newsletter.
