Santa Clara, California-based Intel Corporation has published what it is calling the “final draft” of its proposed U.S. federal privacy legislation, the original version of which was published in November 2018. As a result, legislation sponsored by a for-profit organization officially joins the mix of proposed privacy laws currently up for discussion across the country. In tandem with the release of this latest draft, Intel calls on “Congress [to] grant the FTC authority to seek civil penalties for violations of provisions included in a federal privacy law.”[1]
Intel’s proposal is partly in response to the E.U.’s General Data Protection Regulation (GDPR), which went into effect in May 2018. While the proposed legislation “share[s] the goal of strong enforcement with [the GDPR]” [2] and establishes that individuals have “a legal interest in the lawful processing of personal data,” [3] it would be premature to assume that the protections offered by this legislation—or by any of the other privacy laws in the works—would provide protections that are comparable to those already in place in E.U. member states, where citizens have a constitutional right to privacy. Intel’s proposed legislation joins the numerous other draft federal privacy laws currently taking center stage (as well as stage left and stage right), including those proposed by non-profit organizations, elected representatives, and governmental agencies.
This latest iteration of Intel’s proposed legislation reflects feedback received from privacy professionals and the general public. It requires organizations that collect or process personal data to institute a “comprehensive privacy program” that is designed to meet eight enumerated criteria, including “[to] facilitate an individual’s control over personal data” and “[to] prevent the use of personal data in any manner inconsistent with the original purpose for which that personal data was collected, unless subsequently permitted by the individual to whom the personal data relates.”
As privacy law practitioners have become accustomed to seeing in the various data-related laws already in effect at the state and federal levels, Intel’s proposed definitions of “personal data” and “identifiable individual” avoid getting into specifics and thus, for better or worse, leave room for interpretation.
While Intel’s proposed legislation has been somewhat-aptly named the “Innovative and Ethical Data Use Act of 2019,” one cannot help but wonder what is being claimed as “innovative” here—presumably the use of data as contemplated by the Act (which should, perhaps, raise red flags for those in favor of increased restrictions on businesses’ ability to use customer data).
But is the proposed legislation itself innovative? Only time will tell if any proposed privacy legislation has the ability to keep up with both advancements in technology and evolving consumer expectations around the use of personal information.
For the text of Intel’s proposed legislation, see https://usprivacybill.intel.com/legislation.
[1] https://blogs.intel.com/policy/2019/05/27/the-u-s-must-have-strong-enforcement-for-a-successful-privacy-regime
[2] https://blogs.intel.com/policy/2019/05/27/the-u-s-must-have-strong-enforcement-for-a-successful-privacy-regime
[3] https://usprivacybill.intel.com/legislation
