Congress is All Talk And No Action When It Comes To Data Privacy

Written by: Richard Sheinis, Esq.

In the last fifteen (15) months, no less than six (6) data privacy Bills have been introduced in the Senate.  Two of these Bills are specifically related to data collection and use in response to COVID-19.  This does not include the Data Accountability and Transparency Act of 2020, announced by Senator Sherrod Brown on his website on June 18, 2020, but which has not yet been officially introduced.  The six (6) Bills are:

• Corporate Executive Accountability Act, introduced by Senator Warren on April 3, 2019
• Consumer Online Privacy Rights Act of 2019, introduced by Senator Maria Cantwell on December 3, 2019
• Data Protection Act, introduced by Senator Kirsten Gillibrand on February 13, 2020
• Consumer Data Privacy and Security Act of 2020, introduced by Senator Jerry Moran on March 12, 2020
• COVID-19 Consumer Data Protection Act of 2020, introduced by Senator Roger Wicker on May 7, 2020
• Equitable Data Collection and Disclosure on COVID-19 Act, introduced by Senator Elizabeth Warren on June 1, 2020.

Not a single one of these Bills have moved past the stage of being referred to committee.  Congress’ trumpeting the importance of the security and privacy of personal information has become a little like the boy who cried wolf.  How can we take Congress seriously when they introduce one privacy Bill after the other, but then take no action?  It seems Congress wants to do nothing but stand on its privacy soapbox.  In the meantime, privacy law is dominated and dictated by states like California, with its California Consumer Privacy Act, and soon to come, California Privacy Rights Act.

For what it’s worth, the best of the proposed Bills is the Consumer Data Privacy and Security Act of 2020, authored by Senator Moran.  It is the most reasonable, and most like the European General Data Protection Regulation.  It does not seek to demonize companies and their executives for the offense of being victimized by a hacker, which Senator Warren’s Corporate Executive Accountability Act seeks to do.  (Warren’s theory of liability is analogous to a homeowner having their home burglarized, and then the homeowner is arrested for not having enough security to keep the burglar out.)

I call upon Congress to stop paying lip service to the privacy and security of personal information and pass national legislation, so we all have one set of rules to play by.