Sen. Ed Markey (D-MA) introduced S. Res. 523, a resolution urging the application of the European Union (EU) General Data Protection Regulation (GDPR) to U.S. citizens, one day before GDPR came into effect. Cosponsors include Sens. Richard Blumenthal (D-CT), Dick Durbin (D-IL), and Bernie Sanders (I-VT).
S. Res. 523 “encourages entities covered by” GDPR, “including edge providers, broadband providers, and data brokers— (1) to provide the people of the United States with the privacy protections included in the GDPR in a manner consistent with existing laws and rights in the United States, including the First Amendment.” It urges that those protections require that “data processors,” as defined in GDPR, “have a legal basis for processing the data of users” and that “opt-in” be the standard for consumer consent, “freely given, specific, informed, and unambiguous” as a “primary legal basis.”
Further, the resolution urges that “data processors” should “design their systems in a way that— (I) minimizes the processing of data to only what is necessary for the specific purpose stated to the individual; and (II) by default, protects personal information from being used for other purposes.”
Entities are urged to “institute special protections” for children’s data, to “implement appropriate oversight over third party data processors,” and ensure that individuals: have the right “to revoke consent for data processing at any time;” “not be subject to automated decisionmaking, including profiling, without human intervention if the decisionmaking has legal or otherwise significant effects on the individual;” know who has “access to the data of the individual and how that data is being used”; be able to correct their data if “inaccurate or incomplete” and “obtain and reuse” their data for their own purposes “across other services.”
While the sentiment for replicating GDPR in America may be growing among Democrats, we don’t expect this resolution to gain any traction.