U.S. Senators Introduce the Consumer Online Privacy Act

U.S. Senators unveiled comprehensive federal online privacy legislation to establish privacy rights, outlaw harmful and deceptive practices and improve data security safeguards for the record number of American consumers who now shop or conduct business online.

The Consumer Online Privacy Rights Act (COPRA) gives Americans control over their personal data; prohibits companies from using consumers’ data to harm or deceive them; establishes strict standards for the collection, use, sharing, and protection of consumer data; protects civil rights; and penalizes companies that fail to meet data protection standards. The legislation also codifies the rights of individuals to pursue claims against entities that violate their data privacy rights.

Former Director of the Federal Trade Commission’s Bureau of Consumer Protection and Georgetown Law Professor David Vladeck says, “The bill not only codifies privacy as a right —a measure long overdue —but it also recognizes that ‘rights’ that are unenforceable are empty gestures. For that reason, the bill not only restores control of personal information to consumers, but equally important, the bill gives consumers and the Federal Trade Commission real tools to hold companies accountable when they collect information without permission, when they fail to reasonably safeguard consumers' information, or when they misuse that information.”

“In the growing online world, consumers deserve two things: privacy rights and a strong law to enforce them,” Ranking Member Maria Cantwell said. “They should be like your Miranda rights—clear as a bell as to what they are and what constitutes a violation.”

“Companies continue to profit off of the personal data they collect from Americans, but they leave consumers completely in the dark about how their personal information is being used. Consumers have a right to know if their personal data is being sold and to easily see what data has already been distributed,” said Senator Amy Klobuchar. “Our legislation establishes digital rules of the road for companies, ensures that consumers have the right to access and control how their personal data is being used, and gives the Federal Trade Commission and state attorneys general the tools they need to hold big tech companies accountable. It’s time for Congress to pass comprehensive privacy legislation.”

This bill tackles teen privacy with new safeguards, recognizing the need to do more to protect children and young people’s online privacy, says a press release.

Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management, notes, “In much the same way as GDPR began a far reaching debate over the rights of the individual, so too is this piece of legislation continuing a similar conversation across America. What is clear is that privacy is becoming more of an issue in the United States and there is a very real need for a Federal law to avoid States introducing their own variations and interpretations on privacy which adds a further compliance burden to already overstretched businesses looking to understand and comply with their obligations across the various regions in which they are transacting business.”

Robert Cruz, information security expert, says, “This looks like a good step to provide a common privacy floor that could eliminate some of the major differences between states. In particular, the consent provisions for sharing data, the need to state the specific business purpose that data is collected for and the annual inspection of data protection controls are all areas where we see firms looking for a common set of rules to reconcile the various state jurisdictions. What is also useful in this proposal is allowing states to enforce their own laws, which will allow individual states to pursue more aggressive measures against companies whose business models are dependent on ad-driven revenue based upon how prevalent those firms are in those specific states.”

The full text of the Consumer Online Privacy Rights Act (COPRA) can be found HERE.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.