The Digital Privacy and Anti-Surveillance Act

Bill Title: The Digital Privacy and Anti-Surveillance Act

Section 1: Findings

  • Congress finds that the increasing use of technology to track, monitor, and collect information about individuals poses a significant threat to privacy, civil liberties, and the freedom of expression and association.

  • Congress is particularly concerned about the use of such technologies for the purpose of compiling lists or dossiers on individuals for doxing, harassment, or other malicious purposes.

Section 2: Definitions

  • Covered Entity: Any corporation, partnership, or other legal entity that provides an electronic service or product, including but not limited to social media platforms, internet service providers, operating system developers, and app developers.

  • Electronic Device: Any device with electronic or computing capabilities, including smartphones, computers, tablets, smart home devices, and wearable technology.

  • Tracking: The collection, retention, use, or sharing of an individual’s location, browsing history, app usage, or other online activity without their express and informed consent.

  • Snooping: The unauthorized access or collection of information from an individual’s electronic device, including personal files, photos, contacts, and communications.

  • Doxing: The public release of private or identifying information about an individual with the intent to harm, harass, intimidate, or incite violence.

Section 3: Prohibitions

  • Tracking without Consent: Covered entities are prohibited from tracking individuals’ online activity or location without their express and informed consent. Consent must be freely given, specific, informed, and unambiguous.

  • Snooping: Covered entities are prohibited from snooping on individuals’ electronic devices, including accessing personal files, photos, contacts, and communications without a court order or the individual’s express consent.

  • Data Collection for Doxing: Covered entities are prohibited from collecting, retaining, using, or sharing information about individuals for the purpose of doxing or facilitating doxing.

Section 4: Data Security

  • Covered entities must implement reasonable security measures to protect personal information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Section 5: Transparency and User Control

  • Covered entities must provide clear and concise disclosures about their data collection and use practices.

  • Covered entities must provide individuals with the ability to access, correct, and delete their personal information.

  • Individuals must have the ability to easily opt-out of tracking and data collection.

Section 6: Enforcement

  • The Federal Trade Commission (FTC) is responsible for enforcing the provisions of this Act.

  • State Attorneys General may also bring actions to enforce this Act.

  • Individuals may bring civil actions against covered entities for violations of this Act.

  • Penalties for violations may include fines, injunctions, and other equitable relief.

Section 7: Effective Date

  • This Act shall take effect one year after the date of enactment.

Important Considerations:

  • Balancing Security and Privacy: The bill needs to balance the legitimate security needs of companies with the privacy rights of individuals.

  • Defining Consent: Clear standards are needed for what constitutes “express and informed consent.”

  • International Harmonization: Consideration should be given to how this Act interacts with international data protection laws.

  • Technological Feasibility: Ensure that the requirements of the Act are technologically feasible and do not stifle innovation.

This draft bill is intended to serve as a starting point for a broader discussion on how to protect individuals from unwarranted surveillance and data collection practices in the digital age.

4 Likes

Might I add that even when using 3rd party apps like AI images generation software the are not to be used as a backdoor loophole into our devices.

1 Like

Also just because we use an app, they shouldn’t have the right to claim our creations as their property. Music daws (digital audio workstations) don’t do that, we create our music in there and it’s ours, where as tech companies like Google and open AI, claim the creations as their property. They didn’t create the prompts therefore can’t claim priority rights, it’s like when you commission someone for an art drawing, the drawing is yours. It’s no longer the property of the artist. We pay for the service therefore it’s a commissioned use.

Ban surveillance/data gathering in conjunction with generative AI by Federal, State and commercial entities. This includes facial recognition, social media, phone conversations, banking information, tracking purchases, GPS locations, and other metadata capable of re-creating a “life log” of individuals which could be used to discriminate and/or manipulate service fees based on health, sex, sexual orientation, religion, driving habits, internet browsing habits, income, race, politics, etc.

Ban the sale, sharing of, and purchasing of user data by federal, state and commercial actors.

Example1: Virginia DMV sells its citizens data to over 4,000 entities to include driving schools, religious organizations, state and federal law enforcement, insurance agencies, and commercial entities. It is not the only state doing so and does not disclose this to the public when they register their vehicles.

Example2: Credit reporting agencies selling consumer data immediately upon applications for loans, mortgages, etc.