A group of consumer advocacy, tech policy and civil rights groups unveiled a privacy framework Jan. 17 that calls for creating a federal data protection agency.
The framework's introduction comes amid a broad policy conversation about the direction of privacy reform in the U.S. In the wake of Facebook Inc.'s data scandals and the European Union's enactment of its sweeping new privacy law, the General Data Protection Regulation, there is broad consensus across the federal government, industry and consumer groups that a U.S. federal privacy law is needed.
A bipartisan effort is in the works on the Senate Commerce Committee that will likely include giving the U.S. Federal Trade Commission additional authorities, which could include civil penalties, Sen. Richard Blumenthal, D-Conn., told reporters in November 2018.
The Jan. 17 framework, introduced by 16 organizations, including the Consumer Federation of America, the Electronic Privacy Information Center and the Center for Digital Democracy, calls for a baseline federal legislation to establish a floor of data protection policies across the country. However, it wants to preserve the option for states to add on stronger protections beyond that as the group believes states should be able to create "innovating protections to keep up with rapidly changing technology."
The group also believes that the FTC is not a data protection agency, which is why an additional data protection agency should be established.
"The FTC lacks rulemaking authority," wrote the group in its framework. "The agency has failed to enforce the orders it has established. The U.S. needs a federal agency focused on privacy protection, compliance with data protection obligations and emerging privacy challenges."
The Internet Association, an industry trade group representing companies such as Alphabet Inc.'s Google LLC, Facebook and Twitter Inc., has released its own privacy framework calling for a federal privacy framework that pre-empts state laws.
Apple Inc. CEO Tim Cook also inserted his voice into the conversation Jan. 17 with an opinion piece calling for a federal privacy standard. Specifically, Cook believes that legislation should be guided by principles that allow customers the right to have personal data minimized, to know what data is being collected, to access and delete personal data, and to have data security.