H.R.4366 - Personal Data Offshoring Protection Act of 2004108th Congress (2003-2004)
|Sponsor:||Rep. Markey, Edward J. [D-MA-7] (Introduced 05/13/2004)|
|Committees:||House - Energy and Commerce|
|Latest Action:||05/21/2004 Referred to the Subcommittee on Commerce, Trade and Consumer Protection. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Summary: H.R.4366 — 108th Congress (2003-2004)All Bill Information (Except Text)
Introduced in House (05/13/2004)
Personal Data Offshoring Protection Act of 2004 - Requires business enterprises to give U.S. citizens notice before transmitting personally identifiable information about such citizens to foreign affiliates or subcontractors located in countries with adequate privacy protections. Prohibits such transmittal where adequate privacy protections are lacking, unless: (1) the business enterprise discloses the lack of protections and obtains the citizen's prior consent for transmittal; and (2) such consent is renewed by the citizen within one year before the transmittal.
Prohibits business entities from denying goods and services or modifying business terms for any person based on that person's exercise of consent rights provided by this Act or other law.
Requires violations of this Act to be treated as unfair or deceptive acts or practices under the Federal Trade Commission Act.
Creates a private right of action in State court for violations of this Act. Authorizes States, on behalf of their residents, to bring civil actions in Federal court for such violations. Requires prior notice to the Federal Trade Commission (FTC) of State actions and authorizes the FTC's intervention and appeal.
Directs the FTC to certify those countries that have legal systems providing adequate privacy protections. Creates a presumption of inadequacy for foreign laws that are less protective of privacy than Federal law or the law of any State, or where the FTC determines that enforcement is lacking. Requires certification of countries whose laws meet the requirements of the European Union Data Protection Directive, unless such laws are not adequately enforced.