As we reported earlier today, the long-awaited White House draft of privacy and data security legislation has been released. While the United States does not today have a comprehensive privacy and data security law, the proposed Consumer Privacy Bill of Rights would impose a suite of substantive privacy and data security obligations across sectors and industries. Our sense is that it would be uphill battle for this sort of sweeping privacy legislation to gain traction in Congress over the next two years.
We have answered your key questions about this proposed legislation below, including:
Who would the bill apply to?
How is “personal data” defined under the bill?
What are the substantive obligations?
Are there any safe harbors?
How would the bill be enforced?
Does the bill preempt state laws?