“There’s great concern that Americans have about the protection of their privacy online and about their security online,” Khanna told The Washington Post in an interview Friday. “They are looking to the United States Congress to help put together well crafted regulation to protect them in the cyber world.”
This list contains principles many lawmakers, consumer advocates and technologists have long clamored for. The Internet Bill of Rights calls for network neutrality, consumer choice for Internet service providers, greater transparency in data collection practices by Web companies, opt-in consent for data collection and timely notification if a company holding personal data suffers a hack.
Khanna said he consulted with distinguished experts, among others, to draft the principles, notably Tim Berners-Lee, the creator of the World Wide Web, and Obama administration technology officials Nicole Wong and Todd Park.
The New York Times first reported on the Internet Bill of Rights.
Previous congressional efforts to pass data protection laws have failed to advance, even in the wake of record-breaking data breaches that attracted widespread public condemnation, such as the massive Equifax breach disclosed last year, and Facebook’s Cambridge Analytica scandal that broke in March. But both Democratic and Republican officials have suggested the momentum has shifted. “The question is no longer whether we need a national law to protect consumers’ privacy,” Senate Commerce Committee Chairman John Thune (R-S.D.) said in an op-ed last month. “The question is what shape that law should take.”
New data privacy rules coming out of Europe and state legislatures are pushing the tech industry to the negotiating table. The recent passage of California’s robust privacy law has pressured tech companies to consider federal privacy rules, as the prospect rises of other states passing similar restrictions on data-harvesting practices. The European Union’s General Data Protection Regulation, which went into effect in May, has also swayed industry players to work on new uniform rules, with tech giants such as Google, Facebook and Apple updating their data collection policies to comply with the E.U.
“Expanding access to a safe and secure Internet and protecting consumers remains a top priority for House Democrats,” Taylor Griffin, a spokeswoman for Minority Leader Nancy Pelosi (D-Calif.), said in a statement to The Post.
Khanna said Pelosi asked him to began drafting the Bill of Rights six months ago, but the work to turn the principles into law will fall under the jurisdiction of the House Energy and Commerce Committee in the next Congress, he added.
Khanna acknowledged the list is a work in progress, but he views action from Capitol Hill as the only way forward. “I’m open to revisions and constructive criticism,” he said. “What I think is inexcusable is for Congress not to act.”
The draft bill of rights states:
You should have the right:
1. to have access to and knowledge of all collection and uses of personal data by companies;
2. to opt-in consent to the collection of personal data by any party and to the sharing of personal data with a third party;
3. where context is appropriate and with a fair process, to obtain, correct or delete personal data controlled by any company and to have those requests honored by third parties;
4. to have personal data secured and to be notified in a timely manner when a security breach or unauthorized access of personal data is discovered;
5. to move all personal data from one network to the next;
6. to access and use the Internet without Internet service providers blocking, throttling, engaging in paid prioritization or otherwise unfairly favoring content, applications, services or devices;
7. to Internet service without the collection of data that is unnecessary for providing the requested service absent opt-in consent;
8. to have access to multiple viable, affordable Internet platforms, services and providers with clear and transparent pricing;
9. not to be unfairly discriminated against or exploited based on your personal data; and
10. to have an entity that collects your personal data have reasonable business practices and accountability to protect your privacy.