Businesses have raised concerns about their ability to comply with California’s law.
A consumer advocacy group backed by large American technology companies on Thursday unveiled a US privacy bill that strictly limits collection of biometric and location information and calls for punishment by fines, as Congress weighs nationwide regulation to supersede new California rules.
The Washington-based Center for Democracy and Technology (CDT) said it hopes members of Congress incorporate its proposal into a number of draft privacy bills they have begun to discuss in recent weeks.
Many business groups, along with individual companies such as big CDT donors Alphabet Inc and Apple Inc, are pushing for a national privacy law before the California Consumer Privacy Act goes into effect Jan. 1, 2020.
Businesses have raised concerns about their ability to comply with California’s law, which enables fines of up to USD 7,500 for intentional failure to disclose data collection or selling others’ data without permission.
The CDT draft contains similar provisions, though it does not give consumers the right to opt out of a sale of data. Under the proposal, any company not currently regulated by industry-specific privacy laws would have to publish annual reports about how they use and secure data.
Biometric information such as fingerprints and precise location could not be collected unless required for the specific service being provided. The Federal Trade Commission would be the law’s enforcer, with fines tied to the regulator’s inflation-adjusted maximum, currently set at about USD 41,500.
CDT Chief Executive Nuala O’Connor, who once ran the privacy operations at Amazon.com Inc and General Electric Co, said her organisation began meeting with businesses and other privacy advocates a year ago to craft the bill.
The effort accelerated in the spring after Facebook Inc drew political scrutiny for allowing a maker of a quiz app on its service to transfer user data to political consulting firm Cambridge Analytica.
“It was the tipping point in individual consumers seeing a real big risk,” O’Connor said in an interview. Lawmakers began calling her asking for ideas for legislation, she said.
Last month, Intel Corp began seeking public comment on a bill it drafted that would shield companies from fines if they attest to the FTC that they have strong data protection measures.
Several senators have recently introduced privacy law proposals, including a group of 15 Democrats on Wednesday. Congress is not expected to debate such bills until new members are sworn in next month. Privacy legislation is seen as one of the areas where the new divided Congress, with Republicans controlling the Senate and Democrats controlling the House of Representatives, might have a chance of success.