Personal data is the valuable information of each person, and in recent years, more and more attacks have been made on the personal data of users.
The demand for special solutions that protect personal data from theft is expanding. Home users use software, like PCProtect antivirus, AVAST, McAfee, while the businesses and government use more sophisticated solutions. However, without a proper legal basement, any decisions do not have the highest significance.
Existing laws in the USA cannot completely cover the entire legal field related to the regulation of the protection of personal data. Therefore, there is a need for the adoption of new laws to improve the situation.
At the beginning of 2020, the California Personal Data Protection Act entered into force. It was the impetus for federal law consideration, which will be distributed throughout the United States.
Background and Fundamentals
In March 2018, it became known that the data of millions of people were illegally used by the company to store such data - Cambridge Analytica. As a result of several congressional hearings, it became apparent that our personal information could be misused when transmitting it to the Internet. Because of it, our desire to control personal data has significantly increased.
American observers note that the adoption of this law in California, where the headquarters of many leading Internet and large technology corporations (Facebook, Google, Apple, Netflix, HP, Intel, etc.) are located, can have a much wider impact on the personal data processing state.
In early 2020, the CCPA (California Consumer Privacy Act) became valid.
Applicants for the Title of Federal Law
There is a special tradition in the USA: when California forces a law, many other states follow the same. The California law was an example of the discussion of the new Washington State Personal Data Protection Act.
However, 50 different laws in the field of personal data protection from each state do not attract Americans themselves. The heads of the largest tech organizations wrote an open letter in which they shared the opinion about the absurdity of adopting a separate law in each state. In this letter, they urge the US Congress to enact a unified federal law on personal data protection.
As a result, after the entry into force of the CCPA, the American legislator began to develop a federal act actively.
There are two main candidates for the title of federal law:
- Consumer Data Privacy Act (CDPA) - from Republicans.
- Consumer Online Privacy Rights Act (COPRA) - from Democrats.
Both acts have similar requirements and provisions that are partly based on the California Private Data Protection Act:
- Explicit consent to the processing of sensitive data.
- Mandatory clear and readable privacy policies.
- Introducing sound data protection practices.
- Conducting a risk assessment.
- Appointment of an analog of DPO (Data Protection Officer).
- Realization of user rights.
However, there are significant differences that prompt disputes:
- Suppression of local acts on the protection of personal data - COPRA will suppress the effect of a local act only in direct conflict. CDPA will suppress any local act related to the protection of personal data.
- The right of a private person to a claim - COPRA provides, CDPA does not.
Now both acts are under consideration, and it is not clear which one will be adopted. Another act may likely become federal law, but its provisions are not yet publicly available.
Personal Data Regulator
Besides, in the United States, there is a proposal to take away from the FTC (Federal Trade Commission) the authority of the regulator of personal data and transfer it to the Data Protection Agency. For this, there is an appropriate project called Data Protection Act 2020.
The Senator, who submitted this act, identifies three main tasks of the Agency:
- Give consumers the "control and protection" of their data.
- Support the technology industry by ensuring fair competition in the digital market.
- Help the federal government with the challenges of the digital age.
In general, we can safely say that in the USA, there is a rethinking of the value of personal data. This, in turn, is reflected in the legislation and, as a result, in companies that process personal data.