Bill Title: The Digital Privacy and Anti-Surveillance Act
Section 1: Findings
-
Congress finds that the increasing use of technology to track, monitor, and collect information about individuals poses a significant threat to privacy, civil liberties, and the freedom of expression and association.
-
Congress is particularly concerned about the use of such technologies for the purpose of compiling lists or dossiers on individuals for doxing, harassment, or other malicious purposes.
Section 2: Definitions
-
Covered Entity: Any corporation, partnership, or other legal entity that provides an electronic service or product, including but not limited to social media platforms, internet service providers, operating system developers, and app developers.
-
Electronic Device: Any device with electronic or computing capabilities, including smartphones, computers, tablets, smart home devices, and wearable technology.
-
Tracking: The collection, retention, use, or sharing of an individual’s location, browsing history, app usage, or other online activity without their express and informed consent.
-
Snooping: The unauthorized access or collection of information from an individual’s electronic device, including personal files, photos, contacts, and communications.
-
Doxing: The public release of private or identifying information about an individual with the intent to harm, harass, intimidate, or incite violence.
Section 3: Prohibitions
-
Tracking without Consent: Covered entities are prohibited from tracking individuals’ online activity or location without their express and informed consent. Consent must be freely given, specific, informed, and unambiguous.
-
Snooping: Covered entities are prohibited from snooping on individuals’ electronic devices, including accessing personal files, photos, contacts, and communications without a court order or the individual’s express consent.
-
Data Collection for Doxing: Covered entities are prohibited from collecting, retaining, using, or sharing information about individuals for the purpose of doxing or facilitating doxing.
Section 4: Data Security
- Covered entities must implement reasonable security measures to protect personal information from unauthorized access, use, disclosure, disruption, modification, or destruction.
Section 5: Transparency and User Control
-
Covered entities must provide clear and concise disclosures about their data collection and use practices.
-
Covered entities must provide individuals with the ability to access, correct, and delete their personal information.
-
Individuals must have the ability to easily opt-out of tracking and data collection.
Section 6: Enforcement
-
The Federal Trade Commission (FTC) is responsible for enforcing the provisions of this Act.
-
State Attorneys General may also bring actions to enforce this Act.
-
Individuals may bring civil actions against covered entities for violations of this Act.
-
Penalties for violations may include fines, injunctions, and other equitable relief.
Section 7: Effective Date
- This Act shall take effect one year after the date of enactment.
Important Considerations:
-
Balancing Security and Privacy: The bill needs to balance the legitimate security needs of companies with the privacy rights of individuals.
-
Defining Consent: Clear standards are needed for what constitutes “express and informed consent.”
-
International Harmonization: Consideration should be given to how this Act interacts with international data protection laws.
-
Technological Feasibility: Ensure that the requirements of the Act are technologically feasible and do not stifle innovation.
This draft bill is intended to serve as a starting point for a broader discussion on how to protect individuals from unwarranted surveillance and data collection practices in the digital age.