Privacy for America has developed a new framework for nationwide privacy legislation that would fundamentally change the way personal data is protected and secured in this country. This framework is intended to provide a new option to policy makers for their consideration as they address this important issue. Unlike existing domestic and international approaches to privacy regulation, the framework would not rely on burdensome “notice and choice” schemes to protect personal data. Rather, it would clearly define and prohibit practices that put personal data at risk or undermine accountability, while preserving the benefits to individuals and our economy that result from the responsible use of data.
Notably, the new framework would shift the burden away from individuals to read hundreds of lengthy privacy policies to protect themselves and toward a common set of data privacy and security norms. To ensure widespread compliance and rigorous enforcement, the framework would significantly expand federal and state oversight of data practices, including by creating a new data protection bureau at the Federal Trade Commission (FTC), authorizing FTC rulemaking in certain key areas, and providing civil penalty authority to both the FTC and State Attorneys General.