Bill would enact a unified federal law governing the use of citizens’ personal information


UPDATED Washington DC congresswoman Suzan DelBene has introduced legislation that would create a national data privacy law in the US.

With no federal law currently in place to protect the data of US citizens, a number of states have enacted their own legislation to do so instead.

The California Consumer Privacy Act (CCPA) was enacted in 2018, for instance, while Massachusetts has its own Data Breach Notification Act.

Patchwork confusion

DelBene this week (March 10) introduced her proposal for the Information Transparency and Personal Data Control Act that she argued would “will bring our laws into the 21st Century”.

Representative DelBene wrote in a statement: “In our digital world, a patchwork of different state laws will lead to confusion for people and businesses.

“A national standard is necessary to establish a uniform set of rights for consumers and create one set of rules for businesses to operate in.”

The proposed law would protect personal information related to finance, health, biometrics, geolocation, sexual orientation, religious beliefs, citizenship and immigration status, and social security numbers.


Read more of the latest cybersecurity news from the US


It will also govern how the information of citizens under the age of 13 is kept safe.

The bill will require organizations to provide privacy policies in what it deems ‘plain English’ and will mandate that consumers must opt-in before their data can be used.

Organizations will have to disclose when and how consumers’ personal information will be shared and undertake privacy audits, conducted by an independent third party, every two years.

Privacy isn’t just a tech issue

The bill draws inspiration from other data privacy laws, “the obvious one” being Europe’s GDPR, Representative DelBene told The Daily Swig.

“The Europeans have not been shy about their desire to have GDPR set the global standard for data protection.

“While there are parts of my proposal that would bring the US into harmony with GDPR, my legislation would not stifle innovation and potentially put our startup community at a competitive disadvantage. If we don’t have a clear domestic policy, we won’t be able to shape standards abroad and we risk letting others drive global policy.”


READ EU-US Privacy Shield data-sharing framework declared invalid by ECJ

DelBene added: “I came from a tech background, so I understand the issue but that’s pretty rare for a member of Congress.

“A lot of the conversations I have with other lawmakers is explaining how privacy isn’t just a siloed technology issue but impacts every aspect of our modern lives. We’ve made a lot of progress on this front since I first started having these conversations years ago.

“With Virginia now the second state to pass a comprehensive state law, this adds a level of urgency to the issue and I’m hopeful we will take up this legislation this year to avoid a confusing patchwork of state laws.”


This article has been updated to include comment from Representative DelBene.


YOU MAY LIKE Tsao vs. Captiva – How a US data breach court case could have major impact on the legal definition of ‘harm’