Results for

Consumer Online Privacy Rights Act This bill places requirements on entities that process or transfer a consumer's data. Specifically, the bill requires such entities to * make their privacy policy publicly available and provide an individual with access to their personal data; * delete or correct, upon request, information in an individual's data; * export, upon request, an individual's data in a human-readable and machine-readable format; * establish data security practices to protect the confidentiality and accessibility of consumer data; and * designate a privacy officer and a data security officer to implement and conduct privacy and data security programs and risk assessments. Further, the bill prohibits such entities from * engaging in deceptive or harmful data practices; * transferring an individual's data to a third party if the individual objects; * processing or transferring an individual's sensitive data without affirmative express consent; * processing or transferring data beyond what is reasonably necessary or for which they have obtained affirmative express consent; * processing or transferring data on the basis of specified protected characteristics (e.g., race, religion, or gender); * conditioning the provision of a service or product on an individual's agreement to waive their privacy rights; and * retaliating against an employee who provides information about a potential violation of the bill's provisions, or who testifies or assists in an investigation or judicial proceeding concerning such a violation. The Federal Trade Commission must establish a new bureau to assist with enforcement of these provisions.

Privacy Bill of Rights Act This bill requires the Federal Trade Commission (FTC) to establish rules concerning the collection of personal information that are intended to increase consumer privacy. Specifically, entities that collect, use, retain, or share information that could identify a particular individual must * provide notice about how the personal information will be used; * obtain express approval to collect and use the personal information and provide the ability to withdraw approval; * upon request, provide access to, and the ability to correct or delete, retained personal information; * ensure that depersonalized information is not restored in a way that makes an individual identifiable; * not deny service based on an individual’s refusal to approve of the collection or use of that person’s information; * not offer price incentives in exchange for approval of the collection of personal information; and * not disclose personal information to a third party under a written contract unless the contract prohibits the third party from using the personal information for any reason other than performing the contracted service or from disclosing the personal information to another third party. The FTC also must limit the sale or disclosure of biometric data and prohibit the use of personal information in a discriminatory manner. Individuals may bring civil claims for alleged violations of these requirements.

Social Media Privacy Protection and Consumer Rights Act of 2019 This bill requires online platform operators to inform a user, prior to a user creating an account or otherwise using the platform, that the user's personal data produced during online behavior will be collected and used by the operator and third parties. The operator must provide a user the option to specify privacy preferences, and an operator may deny certain services or complete access to a user if the user's privacy elections create inoperability in the platform. The operator must (1) offer a user a copy of the personal data of the user that the operator has processed, free of charge, and in an electronic format; and (2) notify a user within 72 hours of becoming aware that the user's data has been transmitted in violation of the security platform. A violation of the bill's privacy requirements shall be considered an unfair or deceptive act or practice under the Federal Trade Commission Act. The Federal Trade Commission (FTC) may enforce this bill against common carriers regulated by the Federal Communications Commission under the Communications Act of 1934 and nonprofit organizations. Currently, common carriers regulated under that Act are exempt from the FTC's enforcement authority, and nonprofit organizations are subject to FTC enforcement only if they provide substantial economic benefit to their for-profit members. A state may bring a civil action in federal court regarding such violations.

Protecting Education Privacy Act This bill limits the release of students' personally identifiable information contained in education records. The bill includes local educational authorities among the officials designated as authorized representatives of an education agency with access to student records. Authorized representatives must be under the direct control of the agency. The bill prohibits (1) the use of students' personally identifiable information for the development of commercial products or services without the written consent of their parents, and (2) the Department of Education from promulgating or enforcing any regulation that definesearly childhood education programoreducation programfor any purpose under the Family Educational Rights and Privacy Act of 1974 on or after this bill's enactment.

Public Health Emergency Privacy Act This bill imposes requirements on covered organizations concerning the privacy, confidentiality, and security of COVID-19 (i.e., coronavirus disease 2019) emergency health data, which is data that is linked to an individual or device, such as test results. Covered organizations include those that collect, use, or disclose such data electronically or that develop or operate websites or applications for contact tracing and other COVID-19 response activities. Among other actions, covered organizations must provide notice of privacy and other policies, as well as ensure the accuracy of, prevent discrimination based on, and limit disclosure of the data. Covered organizations that collect data from at least 100,000 individuals must publicly report additional information about how they use and disclose the data. The bill also prohibits the use of emergency health data for commercial advertising or in ways that restrict access to opportunities, services, and other accommodations. In addition, government entities and covered organizations shall not use emergency health data to infringe on the right to vote. The Department of Health and Human Services must report on the civil rights impact of the collection, use, and disclosure of health data. The bill provides for enforcement by the Federal Trade Commission, states, and a private right of action and specifies that pre-dispute resolution mechanisms, such as arbitration, are unenforceable with respect to disputes arising under the bill.

Public Health Emergency Privacy Act This bill imposes requirements on covered organizations concerning the privacy, confidentiality, and security of COVID-19 (i.e., coronavirus disease 2019) emergency health data, which is data that is linked to an individual or device, such as test results. Covered organizations include those that collect, use, or disclose such data electronically or that develop or operate websites or applications for contact tracing and other COVID-19 response activities. Among other actions, covered organizations must provide notice of privacy and other policies, as well as ensure the accuracy of, prevent discrimination based on, and limit disclosure of the data. Covered organizations that collect data from at least 100,000 individuals must publicly report additional information about how they use and disclose the data. The bill also prohibits the use of emergency health data for commercial advertising or in ways that restrict access to opportunities, services, and other accommodations. In addition, government entities and covered organizations shall not use emergency health data to infringe on the right to vote. The Department of Health and Human Services must report on the civil rights impact of the collection, use, and disclosure of health data. The bill provides for enforcement by the Federal Trade Commission, states, and a private right of action and specifies that pre-dispute resolution mechanisms, such as arbitration, are unenforceable with respect to disputes arising under the bill.

This resolution expresses the sense of the House of Representatives that domain name registration information, referred to asWHOISinformation, is critical to the protection of U.S. national and economic security, intellectual property rights enforcement, and cybersecurity, as well as to the health, safety, and privacy of its citizens, and should remain open and accessible.

Voter Privacy Act of 2019 This bill establishes protections regarding the use of personal information for political purposes. Specifically, it provides an individual the right to obtain from an entity such as a candidate, political committee, or political party the personal information the entity possesses on that individual. An individual may also demand the deletion of this information, prohibit the transfer of this information to another party, and prohibit targeted communications from these entities. An entity must notify an individual when they receive that individual's personal information from a third party.

Exposure Notification Privacy Act This bill establishes requirements for operators of services providing automatic notification of exposure to infectious diseases such as COVID-19 (i.e., coronavirus disease 2019). These include voluntary consent for enrollment in such services and procedures related to data privacy.

Digital Accountability and Transparency to Advance Privacy Act or the DATA Privacy Act This bill establishes information security requirements for businesses that collect, process, store, or disclose information relating to at least 3,000 people in a 12-month period. The bill applies to information that may be linked to a specific individual or a device associated with a specific individual. It does not cover data related to employment or publicly available government records. Specifically, covered businesses must * provide consumers with accessible notice of the business’ privacy practices with respect to such information; and * if meeting a certain revenue threshold, appoint a privacy officer to oversee compliance with the information privacy standards of this bill. The bill further requires the Federal Trade Commission to promulgate rules requiring covered businesses to * limit the purpose and amount of consumer data collection to reasonable business purposes, provide consumers with clear methods to opt-in and opt-out of such collection, and refrain from using such data for discriminatory purposes; * provide consumers with a method to access, revise, transmit, and delete such collected information; and * establish information security practices based on the sensitivity and level of identifiability of the collected data, risk of exposure of such data, widely-accepted practices of securing such data, and cost and impact of implementing such practices. The bill further revises the National Science Foundation information security grants program to include research about methods to encrypt or remove identifiable elements from collected consumer data.

Digital Accountability and Transparency to Advance Privacy Act or the DATA Privacy Act This bill establishes information security requirements for businesses that collect, process, store, or disclose information relating to at least 3,000 people in a 12-month period. The bill applies to information that may be linked to a specific individual or a device associated with a specific individual. It does not cover data related to employment or publicly available government records. Specifically, covered businesses must * provide consumers with accessible notice of the business’ privacy practices with respect to such information; and * if meeting a certain revenue threshold, appoint a privacy officer to oversee compliance with the information privacy standards of this bill. The bill further requires the Federal Trade Commission to promulgate rules requiring covered businesses to * limit the purpose and amount of consumer data collection to reasonable business purposes, provide consumers with clear methods to opt-in and opt-out of such collection, and refrain from using such data for discriminatory purposes; * provide consumers with a method to access, revise, transmit, and delete such collected information; and * establish information security practices based on the sensitivity and level of identifiability of the collected data, risk of exposure of such data, widely-accepted practices of securing such data, and cost and impact of implementing such practices. The bill further revises the National Science Foundation information security grants program to include research about methods to encrypt or remove identifiable elements from collected consumer data.

Consumer Data Privacy and Security Act of 2020 This bill establishes standards for the collection of personal data, including prohibiting businesses from collecting such data without consent from the individual except as reasonably necessary for certain permissible purposes. Businesses must publish their privacy policies; implement data security programs to safeguard such data; and provide individuals with reasonable access to, and control of, their collected data.

Privacy Office Enhancement Act This bill expands the responsibilities of the Chief Privacy Officer of the Department of Homeland Security (DHS) to include, among other things * developing guidance to assist DHS components in developing privacy policies and practices; * working with DHS's Chief Information Officer to identify methods for managing and overseeing DHS records, management policies, and procedures; * working with DHS components and offices to ensure that information sharing activities incorporate privacy protections; and * serving as the Chief FOIA (Freedom of Information Act) Officer of DHS to manage and process requests.

Strengthening Oversight of DHS Intelligence Act This bill requires the Department of Homeland Security (DHS) to ensure that its handling of intelligence is consistent with privacy rights, civil rights, and civil liberties. Specifically, the DHS senior official with primary responsibility for privacy policy shall ensure that intelligence information is shared, retained, and disseminated in a manner consistent with protecting privacy rights. The DHS Officer for Civil Rights and Civil Liberties shall ensure that intelligence information is shared, retained, and disseminated in a manner consistent with protecting civil rights and civil liberties. The Office of Intelligence and Analysis within DHS shall ensure that intelligence information is handled in a manner consistent with the guidance from the DHS privacy official and the Officer for Civil Rights and Civil Liberties.

This resolution expresses the sense of the Senate that everyone in the United States has certain rights with respect to health care, including affordable coverage, access to care, transparency and privacy, protection from discrimination, and culturally appropriate care.

Privacy Score Act of 2020 This bill requires the Federal Trade Commission (FTC) to develop a framework for issuing privacy scores to interactive computer services. Specifically, the FTC must base the framework on criteria such as the type of user information the service collects and the security of any sensitive information that may be used to identify users of the service. Further, the FTC must issue, periodically evaluate, and publish scores based on the established framework for interactive computer services with a large number of unique U.S. users.

Genetic Information Privacy Act of 2019 This bill prohibits commercial genetic testing services from disclosing consumers' personally identifiable information to third parties without the consumer's express consent. In the case of the disclosure of personally identifiable information for medical research, a genetic testing service must follow the federal rules for obtaining informed consent in the context of research involving human subjects. Further, genetic testing services must provide consumers with the option to consent to disclose a consumer's genetic information but not to disclose other personally identifiable information. A genetic testing service may not condition services on obtaining consent to disclose such information. The Federal Trade Commission (FTC) must promulgate regulations establishing how genetic testing services are required to secure such personally identifiable information against unauthorized access. The bill grants the FTC and state attorneys general powers to enforce compliance with the requirements of this bill.

Protecting Privacy in Our Homes Act This bill requires manufacturers of internet-connected devices that are not specifically marketed as cameras or microphones to disclose to consumers whether a camera or microphone is a component of such device.

Balancing the Rights Of Web Surfers Equally and Responsibly Act of 2019 or the BROWSER Act of 2019 This bill establishes information privacy protections that require broadband internet access services and certain websites or mobile applications to provide users with the ability to opt-in or opt-out of the using, disclosing, or accessing of their user information depending on the sensitivity of the information. Covered service providers must provide opt-in approval through express user consent to use sensitive information such as financial data, health information, browsing history, or other specified personally identifiable information. Such service providers must obtain opt-out approval for the use of non-sensitive user information by a user failing to object to such use after being provided notice of the provider's privacy policies. Service providers also must allow users to opt-in or opt-out of such approval at any time. The bill permits service providers to use and disclose user information without approval for specified purposes, including for services necessary for provision of the service and to initiate, render, bill, and collect for the service. The bill further prohibits providers from conditioning access to service on users' agreeing to waive their privacy rights.

National Commission on Online Platforms and Homeland Security Act This bill establishes the National Commission on Online Platforms and Homeland Security to address content on online and social media platforms that implicates national security concerns. Specifically, the commission shall identify, examine, and report on the ways online platforms have been used in furtherance or support of targeted violence or covert foreign state influence campaigns and how addressing such uses impacts users' free speech, privacy, civil rights, and civil liberties. Consistent with these purposes, the commission must analyze (1) online platforms' responses to such usage; (2) the impacts of algorithms and automated decision-making systems; and (3) the extent to which online platforms have transparent, consistent, and equitable policies and procedures to address violations of platform rules. The commission must then develop recommendations for how online platforms could address improper use through methods that are transparent and accountable while continuing to promote free speech and innovation on the internet and preserving individual privacy and civil rights. Additionally, the Department of Homeland Security must (1) research whether any connection exists between the use of online platforms and targeted violence; and (2) develop voluntary approaches that could be adopted by online platforms to address any correlations found while still preserving the individual privacy, civil rights, and civil liberties of users.

This bill extends to minors (ages 12–16) privacy protections previously applicable only to children (ages 0–12) and otherwise establishes greater online privacy protections for children and minors. Specifically, the bill prohibits an operator of a website, online service, online application, or mobile application directed to a child or minor with constructive knowledge the user is a child or minor from collecting the user's personal information without * providing notice and obtaining consent, * providing a parent or minor with certain information upon request, * conditioning participation by a user on the provision of personal information, * establishing and maintaining reasonable procedures to protect the personal information collected from users. The bill also prohibits targeted marketing directed to a child or directed to a minor without the minor's consent. The bill further outlines a set of principles governing how operators should collect and use personal information, as well as provide information to a parent or minor. A parent or minor must be able to challenge the accuracy of personal information, and an operator must provide for the erasure or correction of inaccurate personal information. Operators must also implement mechanisms for the erasure or elimination of personal information at the request of users and make users aware of such mechanisms. Moreover, the bill prohibits the sale of internet-connected devices targeted to children and minors unless they meet certain cybersecurity and data security standards, and it requires manufacturers of such devices to display a privacy dashboard detailing how personal information is collected and used.