Lawmakers have proposed a new bill granting consumers rights to control how tech companies use personal data in the US. The drafted bipartisan legislation marks a crucial step towards making greater national online privacy protections following years of debate.

The American Privacy Rights Act aims to establish a national standard for data collection between Silicon Valley and the White House. It gives consumers the option to opt out of certain data practices including targeted advertising which utilises data to build profiles, but does not ban them entirely. This will also instruct businesses to only collect data that is absolutely necessary for companies to provide their services.

The agreement was signed between Maria Cantwell, the Democratic senator who chairs the Commerce Committee, and house energy and commerce committee chair Cath McMorris Rodgers. In a joint statement, the lawmakers said: “This bipartisan, bicameral draft legislation is the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information.”

Rodgers added that the legislation draft “reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent”.

The drafted legislation would enable consumers to opt out of data processing if a company should change its privacy policy, requiring “affirmative express consent before sensitive data can be transferred to a third party”.

The new legislation draft will suggest that data will only be collected if absolutely necessary for companies to provide services. (Photo by Jevanto Productions via Shutterstock)

Protecting data privacy in Big Tech

The bill gives the Federal Trade Commission (FTC) and state attorneys overarching authority on consumer privacy issues, establishing “robust enforcement mechanisms to hold violators accountable, including a private right of action for individuals”.

Consumers would be entitled to sue “bad actors who violate their privacy rights – and recover money for damages when they’ve been harmed” and stop “companies from using people’s personal information to discriminate against them”.

There is also an acknowledgment of the need to keep pace with changes in shifts within the tech landscape. The law would require “annual reviews of algorithms to ensure they do not put individuals, including our youth, at risk of harm, including discrimination”.

Data privacy an ongoing debate

Federal government have been discussing the need for guidelines in online privacy protections amid multiple cases of data breach by social media companies such as Meta and TikTok.

In 2019, Facebook paid a $5 billion fine to the FTC to resolve a case around its privacy practices from 2012. That same year, Google and its Youtube arm paid $170 million in a fine to the FTC after it collected personal information about children. In 2021, ByteDance paid $92 million in a settlement following data privacy claims from TikTok consumers in the US.

Rep Frank Pallone Jr, a top Democrat on McMorris Rodgers’ committee, called the draft of the bill “a very strong discussion draft”, but also said there are “key areas” for further improvement, including more stringent terms on children’s privacy.

It remains unclear how supported the bill will be, but the lawmakers aim to move the bill through regular order on Energy and Commerce later this month.

Read more: US government criticises Microsoft security after “preventable” hack