On Nov. 5, California Congresswomen Anna G. Eshoo and Zoe Lofgren introduced the Online Privacy Act of 2019, H.R. 4978, to balance the actual needs of businesses with users’ fair privacy rights and expectations. The proposed privacy bill seeks for the United States to adopt many of the requirements of the California Consumer Privacy Act (CCPA), which is effective Jan. 1, 2020, and that exist under the EU’s General Data Protection Regulation (GDPR). Below is a brief summary of the main components of the Act. A copy of the Online Privacy Act can be found here, and a section-by-section analysis by the Congresswomen can be viewed here.

  • Digital Privacy Agency. The Online Privacy Act seeks the establishment of a new federal agency, the Digital Privacy Agency (DPA), with funding for 1,600 employees, to enforce privacy protection and investigate abuses. The DPA could impose maximum damages of $42,540 per incident, consistent with the Federal Trade Commission Act. The proposed legislation would allow state attorneys general to bring civil actions for violations of the Act; individuals to file suit for injunctive or declaratory relief and seek damages individually; and nonprofits to bring class actions on behalf of users.
  • Privacy and Security Requirements for Companies. The proposed bill seeks for companies to adopt various privacy and security requirements, such as: (a) minimizing the data they collect, and employee and contractor access to such data; (b) articulating the reasons for collection, processing, and maintenance of the data; (c) obtaining an individual’s explicit consent to disclose or sell the individual’s personal information; (d) not using private communication such as emails or web traffic for ads or other invasive purposes; (e) having transparent, easy to understand privacy policies and consent processes; and (f) employing reasonable cybersecurity policies.
  • Individual Rights. The proposed federal legislation seeks to provide every American the right to access, correct, delete, and port their personal information. Similar to the GDPR, the bill also seeks for companies to inform individuals of any automated decisions that could have a significant privacy harm on the individual, and permits individuals to request human review of such decision. In addition, a company would need to obtain express affirmative consent from an individual before it would be permitted to use the individual’s personal information for behavioral personalization.

GT will keep you updated on all developments relating to the Online Privacy Act and other proposed state and federal privacy legislation. For more information, please contact Gretchen Ramos or Jonathan Becker.

Print:
EmailTweetLikeLinkedIn
Photo of Gretchen A. Ramos Gretchen A. Ramos

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact…

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact that she works in a service industry. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach to client service, including her bullet-pointed emails, snapshot executive summaries, and creativity in finding ways to streamline communications for in-house counsel with dozens of other projects—and little time—on their hands.

Gretchen’s clients come from diverse industries, including technology (SaaS), health care and life sciences, consumer products, manufacturing, academic institutions, and non-profits. She provides clients with practical business advice on compliance with state and federal U.S. laws, GDPR, APEC, and other global privacy laws in relation to their external and internal privacy and security procedures, product and app development, and advertising practices. Gretchen also regularly drafts and negotiates contracts concerning data-related vendors, assists clients in assessing privacy risks in corporate transactions, and provides guidance on and conducts privacy and security assessments. She has managed dozens of data breaches, and helps clients prepare for and immediately respond to security incidents and breaches.

Photo of Jonathan H. Becker Jonathan H. Becker

Jonathan Becker is a Shareholder in the firm’s Government Law & Policy practice. He has nearly two decades of experience working at the intersection of law, policy, and politics. With a deep understanding of privacy and antitrust policy, Jonathan helps his clients develop…

Jonathan Becker is a Shareholder in the firm’s Government Law & Policy practice. He has nearly two decades of experience working at the intersection of law, policy, and politics. With a deep understanding of privacy and antitrust policy, Jonathan helps his clients develop and execute complex public policy advocacy strategies in Congress and in executive branch agencies including the FCC, the FTC, and the Department of Justice. He also guides clients through congressional investigations and the process of testifying before congressional committees.