You might be aware that early last month US Congresswoman Suzan DelBene, Representing Washington’s 1st District, introduced the Information Transparency and Personal Data Control Act – in her words “legislation that would create a national data privacy standard to protect our most personal information and bring our [US] laws into the 21st Century.”
Important aspects of the Information Transparency and Personal Data Control Act include the requirement of using “plain English” in privacy policies, opt-in consent for users, increased transparency by way of disclosure, enforcement, audits, and preemption (creating a unified national standard by preempting conflicting US State laws).
I’ve observed a large number of commentators suggesting that while it’s the first US privacy bill of 2021, it’s surely not the last. Regardless of whether or not this particular bill will be “the one”, I must say that the approach is more than welcomed. I would also point out that just a couple of short weeks after the bill was introduced, on 26 March 2021, Commissioner Reynders noted the need for such a move during AmCham’s online event entitled “Transatlantic Conference 2021: Global leadership: A transatlantic opportunity”. In fact, Reynders suggested that some legislative changes may be necessary in the US to ensure trusted transatlantic data flows in the long term.
Indeed, the introduction of federal US privacy legislation would reflect a horizontal, coherent and consistent approach to privacy and data protection like the one we currently have in the EU. Such a law could potentially pave the way for the re-establishment of the secure data flows between the EU and the US. This is all the more relevant in light of the recent intensification of negotiations with respect to transatlantic data flows in which the protection of EU citizens’ rights remains paramount.