Safe Data Act Falls Short of Providing Consumers With Comprehensive Privacy ProtectionsSeptember 18, 2020
Yesterday, Senate Commerce Chairman Roger Wicker (R-MS), with co-sponsors Sens. John Thune (R-SD), Marsha Blackburn (R-TN), and Deb Fischer (R-NE), introduced a comprehensive federal privacy bill, “Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act’’ (SAFE DATA Act). Public Knowledge welcomes efforts to improve privacy online and observes that the bill demonstrates that there are a number of areas of agreement on both sides of the aisle. Unfortunately, the bill ultimately falls short of providing sufficient consumer protections, accountability for companies that violate the law, and enforcement of consumer privacy rights.
The following can be attributed to Sara Collins, Policy Counsel at Public Knowledge:
“While it is encouraging to see the presence of important consumer privacy rights in Sen. Wicker’s bill, it falls well short of providing comprehensive protections of individual privacy rights that are needed in the digital age. Further, the SAFE DATA Act requires transparency instead of mandating accountability for the ways companies handle, and mishandle, personal data. Consumers need and deserve better than a federal ‘ceiling’ of lax privacy protections.
“Critically, the SAFE DATA Act does not have adequate controls to prevent companies from invasively tracking each internet user’s every move online and lacks provisions that give users meaningful control over the data collected on them, and how that data is used, and does not go far enough to protect civil rights online. These shortcomings are compounded by the fact the SAFE DATA Act would broadly preempt not just California’s ‘Consumer Privacy Act,’ but any current or future state laws or regulations related to data privacy — including important tort and other consumer protection laws. As a result, consumers are left with insufficient protections, and states would be prohibited from stepping in to fill the gap.
“The SAFE DATA Act also affords businesses with too many opportunities to self-regulate. Recent history has demonstrated that, left to their own devices, companies that make money by collecting user data will prioritize profits over user privacy concerns. Under the bill, companies would determine in their privacy policies how much data they can collect, and de-identified data is fully excluded from the bill’s rules, so long as there is a ‘public commitment’ not to re-identify. If a company breaks the law, individuals can’t bring lawsuits to seek redress for the violation of their privacy rights. Without this important enforcement mechanism, the bill is unlikely to change companies’ behavior.
“Comprehensive federal privacy legislation needs robust accountability and enforcement. We look forward to working with all stakeholders to forge bipartisan consensus around a strong and comprehensive federal privacy law that protects consumers’ fundamental right to privacy in the digital age.”