A new comprehensive federal privacy bill, the Consumer Online Privacy Rights Act (COPRA), has been introduced by Senate Commerce Committee Ranking Member Maria Cantwell (D-Wash.) and Senators Ed Markey (D-Mass.) Brian Schatz (D-Hawaii) and Amy Klobuchar (D-Minn.).

Key novel provisions per International Association of Privacy Professionals (IAPP) Research Director Caitlin Fennessy:

  • individual consent for data processing, including express affirmative consent for processing sensitive data
  • “duty of loyalty,” prohibiting covered entities from engaging in deceptive or harmful practices
  • right to correct and delete covered data
  • include retention timelines, and the identity of each third party to which covered data is transferred in privacy notices
  • entities may only process covered data for specific purposes, subject to necessity and proportionality standards
  • annual impact assessment for accuracy, fairness, bias and discrimination for some algorithmic decision making
  • mandatory appointment of qualified privacy and security officers
  • enforcement authority for Federal Trade Commission and state attorneys general, as well as private citizens
  • preempt state laws that directly conflict with COPRA but not state laws that create separate and more onerous requirements

Details from the IAPP.

Read about competing federal privacy legislation in Bloomberg Law.