Democrats Unveil Their Preferred Online Privacy Law
GDPR, meet your new potential neighbor: COPRA.
Yesterday Democratic U.S. Sen. Maria Cantwell from Washington state unveiled the Consumer Online Privacy Rights Act (COPRA), legislation that would regulate how companies can acquire, use, and share personal information. The bill would bring to U.S. consumers many of the same protections that the General Data (GDPR) Protection Regulation brought to EU consumers—and that the California Consumer Privacy Act (CCPA) is bringing to California consumers beginning 01 January 2020.
So far, only other Democrats have co-sponsored Cantwell’s legislation, and with Republicans in control of the Senate, it is not clear if Cantwell’s proposal has any likelihood of making it out of committee, much less passed into law. Both parties have expressed interest in codifying how companies can collect and use data about individuals. However, two of the most contentious issues included in Cantwell’s COPRA are:
- COPRA allows consumers to sue companies who mismanage their data, a provision referred to as a “private right of action.” Codifying such a right is likely to be opposed by Republicans.
- COPRA would not supersede CCPA or any other state data privacy laws that are enacted. The technology industry and Republicans have pushed back on the potential for companies to have to comply with dozens of different laws.
Areas where there is more likely to be agreement include allowing consumers to see what data companies track and how they use it and potentially delete it, preventing third-party acquisition or use of personal information without express permission, and giving the federal government enforcement capability through investigations and the capability to levy fines for wrongdoing.
If you’re a bit behind and need to brush up on California’s new privacy law, which, again, is in force in just five weeks, see this two-part summary from Law.com.
For more, see the handy little GDPR vs. CCPA comparison document created by data privacy firm WireWheel. Registration is required to view the document, but I’m sure it’s GDPR and CCPA compliant.
And don’t miss Security Management’s May 2019 article on the first big GDPR fine.