By Caleb Skeath
The House and Senate versions of the Consumer Privacy Bill of Rights have been released, following the release of the White House’s legislative proposal at the end of February. We are reviewing the contents of both bills and will post an update shortly with a more in-depth analysis.
Unlike the White House proposal, which contained an expansive definition of “covered entity,” the application of the House and Senate bills would be limited to entities under FTC enforcement jurisdiction, “common carriers” under FCC jurisdiction, and 501(c)(3) nonprofit organizations. The types of information covered by the House and Senate bills are also more nuanced than the White House proposal, as the bills define “covered information” by reference to specific types of personally identifiable information and unique device identifiers. Perhaps most interestingly, the House and Senate bills both include extensive data breach notice provisions. Although the White House has previously called for a national data breach notification bill, the White House’s data breach notification proposal was released separately in January.