Beware the federal privacy bill.
“Although there are key differences, the two [federal privacy] bills also have important similarities:
- a set of individual rights combined with boundaries on how businesses collect, use, and share information.
- individual rights including access, correction, deletion and portability for personal information, along with rights to give “affirmative express consent” before the collection and processing of “sensitive” categories of information and to opt out of the sale or transfer of personal data.
- business obligations including data minimization, use limitations, data security, and the responsibility to bind other companies that receive personal information to the same obligations. “
- expanded FTC enforcement authority, with state attorney general enforcement authority as force multipliers, and give the agency power to interpret specific provisions by adopting rules and expanded legal authority.
- concepts from the California Consumer Privacy Act (CCPA) and European Union GDPR, which provide benchmarks for federal enactment.
Read the full piece from the Brookings Institution below.