Rep. Suzan DelBene at the 2018 GeekWire Summit. (GeekWire Photo / Kevin Lisota)

U.S. Rep. Suzan DelBene, D-Wa, introduced new federal privacy legislation, warning that efforts by states to enact their own privacy laws threaten to deepen the country’s privacy predicament.

Among other provisions, the bill would require companies to let consumers know when their personal information is shared, and with whom, with the goal of increasing overall transparency.

DelBene has championed the cause repeatedly with past attempts to pass federal privacy legislation. She acknowledged that it won’t be easy this time, either, but said it’s more critical than ever.

The emerging “patchwork” of state laws will become increasingly difficult for consumers and companies to navigate, DelBene said in a briefing with reporters prior to introducing the bill. Washington state, where DelBene represents the 1st Congressional District, is among those considering its own privacy law. California’s privacy law took effect last year. Europe’s privacy law took effect in 2018.

The new Information Transparency and Personal Data Control Act, introduced by DelBene on Thursday morning, includes a preemption clause that would override conflicting state privacy laws.

“Having a federal policy is important to have a consistent policy,” DelBene said. “But it’s also important because, if we’re going to help set global standards, we have to have a domestic policy, and in the absence of domestic policy, it’s unclear what we’re striving for internationally.”

Microsoft and Amazon are among the companies that have called for national privacy legislation to give them a clear and consistent sense for the privacy landscape across the country.

However, major areas of privacy left unaddressed by DelBene’s legislation include artificial intelligence and facial recognition. DelBene said she believes it’s important to first establish a basic privacy law, creating a foundation before addressing AI and other advanced technologies.

“I worry that we won’t get to those if we don’t make a step here,” she said.

The bill gives the Federal Trade Commission broad authority to set privacy rules under the law. However, it also allows state attorneys general to pursue cases if the FTC declines.

It does not include a provision for a “private right of action” that would give consumers the explicit right to pursue cases themselves. Its absence has been a sticking point in previous attempts to pass privacy legislation, as has the presence of the provision that would preempt conflicting state privacy laws.

The bill calls for privacy policies to be written in plain language. Consumers would be asked to opt-in to allow changes in privacy practices when companies use their data in new ways. In addition, the bill would require companies that collect sensitive information from 250,000 people or more a year to submit the results of a privacy audit by a neutral third party every two years.

Previously: Rep. DelBene on data privacy, rural broadband and the Biden administration’s tech agenda

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.