Sending Office: Honorable Suzan K. DelBene
Sent By:

Dear Colleague: 


The social media incident years back with

Cambridge Analytica
demonstrates how our country’s lack of privacy regulations compromises American’s personal data. While possibly the most publicized, this was far from the only breach of consumer privacy.


Unfortunately, it is no secret that Congress has not kept up with the pace of technology when it comes to protecting consumer privacy. While the Federal Trade Commission (FTC)
has tried to police internet companies through some ad-hoc enforcement actions, they could use stronger legal mechanisms to protect consumers and set clear rules of the road for companies. That’s why we are introducing legislation requiring companies to disclose
what they’re collecting and why, especially if it’s being shared with another party. And if companies fail to adjust, the FTC and state attorneys’ general will have a stronger hand to bring companies into compliance.


Specifically, the bill would:


Gives Consumers Control Over Their Data:

Directs the Federal Trade Commission (FTC) to put forward regulations no more than 90 days after enactment, that require platforms to put in place opt-in protocols
along with plain English privacy policy descriptions.

An opt-in model will allow consumers to pick and choose who has access to their information and who doesn’t.

  • Stronger Enforcement for Bad Actors:

    • Makes the FTC the primary enforcer of consumer privacy. If the FTC does not act within 60 days of being notified of a violation, the enforcement authority opens to include state attorneys’
      general. This creates a safety net protecting consumers’ data.
    • Allows the FTC to fine companies who are in violation of federal privacy regulations on their first offense. Currently, companies can only be fined once they have gone through the
      consent decree process.
    • Provides FTC with additional resources to better protect consumer privacy. This bill will provide the FTC with 50 additional full-time personnel, 15 of which must be technical experts,
      and an additional $35 million in monetary resources.
    • Requires companies to obtain privacy audits by a neutral third party and submit those results to the FTC every two years. This will ensure that businesses who collect, store, or share
      consumers’ data are continuously keeping privacy top of mind.
  • Requiring Sensitive Personal Data be Protected:

    • This bill defines Sensitive Personal Information. Sensitive Personal Information encompasses genetic data, financial account information, geolocations, and information about religious
      beliefs and sexual orientation, and more.
  • Creates a National Standard:

    • One federal standard will empower consumers to understand their rights in plain English and avoid confusion no matter where in the country they live.
    • Empowers U.S. companies, large and small, to compete on a global stage by requiring them to abide by one clear standard instead of varying state-by-state data requirements.
    • A national privacy standard will make conducting business in the U.S. less burdensome for startups.


Consumer privacy laws for the digital age are long overdue, but we are also way behind in the way we think about policies that impact digital trade. Tech is a bright spot in
our economy, one of the places where we actually have a trade surplus. U.S. innovators are creating jobs and driving incredible growth, but the patchwork of privacy frameworks around the world are creating tensions about which standards apply. The U.S. is
already behind with the EU pushing GDPR worldwide. We have an opportunity to catch up, and this important legislation would be a great start.


For questions or to cosponsor, please contact Sasha Bernhard (



Rep. Suzan DelBene

Related Legislative Issues

Selected legislative information: Judiciary, Technology, Trade

icon eDC logo e-Dear Colleague version 2.0
e-Dear Colleagues are intended for internal House use only.