Proposed US Data Privacy Legislation Aims to Regulate Big Tech

A new draft of US legislation seeks to limit the collection of personal data by companies and grant US citizens more control over the transfer and sale of their data.

US lawmakers are advocating for the implementation of new data privacy regulations to safeguard civil liberties and empower individuals with greater control over their personal data.

The proposed legislation, known as the American Privacy Rights Act, seeks to establish clear data privacy rights for US citizens, placing emphasis on putting individuals “in charge of their personal data”. Its primary objective is to restrict the collection of data by companies to only what is necessary for the provision of products and services.

Additionally, the legislation aims to grant individuals more authority over the dissemination of their personal data, enabling them to prevent its transfer or sale. Individuals would also have the option to opt out of data processing if a company alters its privacy policy.

Stricter protections surrounding sensitive data are included in the bill, requiring companies to obtain “affirmative express consent” before transferring an individual’s sensitive data to a third party. This category encompasses financial information, health data, private communications, and government-issued identifiers such as social security numbers.

The bill, introduced by US politicians Cathy McMorris Rodgers and Maria Cantwell, seeks to provide Americans with the right to control their data and eliminate the current assortment of state laws.

McMorris Rodgers commented, “This groundbreaking legislation empowers Americans to dictate the flow and commercialisation of their data. It curtails the influence of Big Tech by prohibiting the tracking, prediction, and manipulation of individuals’ behaviours for profit without their explicit consent.”

She added, “There is overwhelming public demand for these rights, and as elected representatives, it is incumbent upon us to take action.”

The proposed law appears to draw inspiration from the EU’s General Data Protection Regulation (GDPR), renowned as one of the most stringent privacy and security laws globally, resulting in substantial fines for Big Tech firms found to be non-compliant.