Summary: S.2968 — 116th Congress (2019-2020)All Information (Except Text)

There is one summary for S.2968. Bill summaries are authored by CRS.

Shown Here:
Introduced in Senate (12/03/2019)

Consumer Online Privacy Rights Act

This bill places requirements on entities that process or transfer a consumer's data.

Specifically, the bill requires such entities to

  • make their privacy policy publicly available and provide an individual with access to their personal data;
  • delete or correct, upon request, information in an individual's data;
  • export, upon request, an individual's data in a human-readable and machine-readable format;
  • establish data security practices to protect the confidentiality and accessibility of consumer data; and
  • designate a privacy officer and a data security officer to implement and conduct privacy and data security programs and risk assessments.

Further, the bill prohibits such entities from

  • engaging in deceptive or harmful data practices;
  • transferring an individual's data to a third party if the individual objects;
  • processing or transferring an individual's sensitive data without affirmative express consent;
  • processing or transferring data beyond what is reasonably necessary or for which they have obtained affirmative express consent;
  • processing or transferring data on the basis of specified protected characteristics (e.g., race, religion, or gender);
  • conditioning the provision of a service or product on an individual's agreement to waive their privacy rights; and
  • retaliating against an employee who provides information about a potential violation of the bill's provisions, or who testifies or assists in an investigation or judicial proceeding concerning such a violation.

The Federal Trade Commission must establish a new bureau to assist with enforcement of these provisions.