Privacy & Information Security Law Blog

On September 17, 2020, Senator Roger Wicker (MS), Chairman of the Senate Commerce Committee, along with Senators John Thune (SD), Deb Fischer (NE) and Marsha Blackburn (TN) introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act (“the Bill”). The Bill marks an official introduction of an update of Senator Wicker’s draft United States Consumer Data Privacy Act of 2019, which was circulated last November.

Many of the Bill’s provisions are identical, or nearly identical, to the language of last year’s draft bill, which was previously summarized on our blog last year. However, there are a few notable changes and additions, foremost among them the inclusion of language from Senator Thune’s Filter Bubble Transparency Act and Senator Fischer and Senator Mark Warner’s (VA) Deceptive Experiences to Online Users Reduction (DETOUR) Act.

Other updates include changes to definitions such as “de-identified data,” “large data holder,” “sensitive data” and “precise geolocation information,” as well as:

• Limiting the prohibition on the denial of products and services, so that it only applies when an individual exercises the rights of access, correction and portability, and only if the exercise of that right does not preclude a covered entity from providing the product or service;
• Including a “right to opt out” of the collection, processing or transfer of covered data before such collection, processing or transfer occurs;
• Removing an exception for the use of data to conduct internal research to improve, repair or develop products, services or technology;
• Appropriating $100 million to the FTC to carry out the Act; and
• Providing the FTC with authority to seek a permanent injunction and other equitable remedies for violations of the Act.

The language imported from the Filter Bubble Transparency Act would make it unlawful for any public-facing website or application to use “opaque algorithms,” unless certain conditions are met. “Opaque algorithms” are defined as algorithmic ranking systems that determine the order or manner that information is provided to a user on a covered platform based on user-specific data that was not expressly provided by the user for such purpose. The Bill would require covered Internet platforms to provide notice to users that they are using opaque algorithms and make available a version of the platform that instead uses an “input-transparent” algorithm that does not use user-specific data to determine the order or manner that information provided to a user.

The language from the DETOUR Act would make it unlawful for an online service with more than 100 million authenticated users in any 30-day period to use a user interface to obscure, subvert or impair user autonomy, decision-making or choice to obtain consent or user data. It would also forbid subdividing consumers into groups for the purposes of “behavioral or psychological experiments or studies” without informed consent, and ban user interfaces directed to children “with the purpose of cultivating compulsive usage.”