Skip to main content

 

Rep Anna Eshoo

Silicon Valley Congresswomen Reintroduce Comprehensive Privacy Legislation

April 19, 2023

WASHINGTON, D.C. – Today, U.S. Reps. Anna G. Eshoo (D-CA-16) and Zoe Lofgren (D-CA-18) reintroduced the Online Privacy Act (OPA), comprehensive privacy legislation that creates user data rights, places limitations and obligations on the ability of companies to collect and use user data, and establishes a Digital Privacy Agency (DPA) to enforce privacy laws.

The updated legislation includes several improved provisions and additional privacy protections, including a section that sets the OPA as the federal floor, allowing states to legislate only when state action would provide greater protection than what is in the OPA. The updated legislation also contains a new title that creates a privacy risk management framework and supports privacy education, research, and development.

“Americans' right to privacy is being grossly disregarded in the digital age. Too often, our private information online is stolen, abused, used for profit, or terribly mishandled,” said Rep. Eshoo. “Our legislation will restore and protect the American people's right to privacy by ensuring every person has control over their own data, companies are held accountable for privacy intrusions, and the government provides tough but fair enforcement.”

“The Online Privacy Act solves problems by protecting the data of users and setting clear, firm standards for online companies. The bill has received widespread support from consumer rights advocates, civil rights groups, public interest groups, privacy coalitions, nonprofits, think tanks, and academics because it goes to the heart of tech policy issues by disallowing the harmful collection and retention of personal information online. If companies can’t collect data, they can’t use that data to manipulate Americans for profit,” said Rep. Lofgren.

The Online Privacy Act protects individuals, encourages innovation, and restores trust in technology companies by:

  • Creating User Rights – The bill grants every American the right to access, correct, or delete their data. It also creates new rights, such as the right to impermanence, which lets users decide how long companies can keep their data.
  • Placing Clear Limits and Obligations on Companies – The bill minimizes the amount of data companies collect, process, disclose, and maintain, and bars companies from using data in discriminatory ways. Additionally, companies must receive consent from users in plain, simple language.
  • Establishing a Digital Privacy Agency (DPA) – The bill establishes an independent agency led by a Director who is appointed by the President and confirmed by the Senate for a six-year term. The DPA will enforce privacy protections and investigate abuses.
  • Strengthening Enforcement – The bill empowers state attorneys general to enforce violations of the bill and allows individuals to appoint nonprofits to represent them in private class action lawsuits.
  • Setting a Federal Floor – The bill establishes a federal floor of privacy protections for all Americans, allowing states to increase protections or respond to changes in technology and public policy.
  • Supporting Privacy Research and Development – The bill directs NIST to establish a privacy risk management framework and carry out research associated with mitigating privacy risk. Additionally, it directs NIST to make competitive awards to institutes of higher education or non-profit organizations to support research around privacy-preserving technologies.

The bill text can be found HERE.

A one-page summary of the Online Privacy Act can be found HERE.

A section-by-section summary of the Online Privacy Act can be found HERE.

Eshoo and Lofgren first introduced the Online Privacy Act on November 5, 2019.

"It's past time for Congress to enact a comprehensive federal privacy law that uproots the exploitative surveillance economy and its many downstream harms, puts Americans in control of their own personal data and online experiences, and ensures civil rights protections are enforced throughout the digital world – all of which has grown even more urgent with the fall of Roe and the onset of the generative AI arms race. The Online Privacy Act would do exactly that, setting the bar for what strong privacy legislation looks like,” said Jesse Lehrich, co-founder of Accountable Tech.

###