The American Data Dissemination (ADD) Act -- legislation intended to create a law that “protects both consumers and the innovative capabilities of the internet economy” -- was introduced by Senator Marco Rubio (R-FL) on Wednesday.
“Your data is incredibly valuable, and for the most part, it is not even yours. But use of your personal data is governed by antiquated laws that do not work in the modern economy. The time has come for Congress to address consumer data privacy in a candid, responsible and modern manner,” wrote Rubio in an op-ed piece for TheHill.
The bill rides on the back of the Privacy Act of 1974, a law designed to balance the government’s need to keep records about citizens with the rights of those citizens to be guarded against unnecessary violation of their data privacy -- in other words, back in the day when our computers were typewriters and our personal data was probably kept in a manila folder on some government worker’s desk.
Fast forward 45 years to the present when a consumer’s data is not only for sale, but a target of foreign countries. In Rubio’s perfect world, ADD would give consumers shelter from indefensible intrusions from “sophisticated actors in the private industry.”
“There has been a growing consensus that Congress must take action to address consumer data privacy,” Rubio said. “However, I believe that any efforts to address consumer privacy must also balance the need to protect the innovative capabilities of the digital economy that have enabled new entrants and small businesses to succeed in the marketplace.”
“It is critical that we do not create a regulatory environment that entrenches big tech corporations. Congress must act, but it is even more important that Congress act responsibly to create a transparent, digital environment that maximizes consumer welfare over corporate welfare.”
But don’t we already have a privacy law?
There are 11 states that do have their own consumer privacy laws, including Illinois and California. However, there’s nothing from sea to shining sea that regulates the collection and use of personal data.
The goal of ADD is to provide straightforward protections that consumers can understand and the Federal Trade Commission (FTC) can enforce.
To accomplish that goal, the bill does the following:
No later than 180 days after enactment of the ADD Act, the FTC will have to submit detailed recommendations for privacy requirements that Congress, in turn, can impose on covered providers.
No earlier than a year-and-a-half after the bill’s enactment, the FTC will publish and submit to the appropriate committees of Congress proposed regulations to impose privacy requirements on covered providers.
It’s a new day
The United States lags far behind Europe in protecting personal data. The European Union’s GDPR -- General Data Protection Regulation -- already gives control to individuals over their personal data and simplifies the regulatory environment for international business by unifying the regulation within the EU.
“Our country is ready for reforms to our national privacy law designed for the privacy challenges of today and tomorrow,” Rubio said.
“Changes that provide consumers with basic rights and increased transparency, but also ensures small businesses can continue to thrive. Tech industry leaders should encourage responsible legislation that provides clear rules for companies to operate under and prevents future scandals. While we may not have a consensus in Congress, we must begin to offer solutions. Because this is the only way we can regain the public’s trust.”