Proposed U.S. Privacy Legislation
Background
The United States is now considering several bills to protect privacy. These bills are intended to address growing public concern about the absence of adequate legal protection in the United States for personal data. EPIC has been calling for comprehensive federal privacy legislation for over 20 years.
Documents
EPIC and a coalition of privacy and consumer privacy groups have long recommended that Congress enact a privacy law that:
- limits the collection and use of personal data;
- prohibits discriminatory uses of data;
- requires algorithmic fairness and accountability;
- bans manipulative design and unfair marketing practices;
- limits government access to personal data;
- provides for a private right of action;
- preserves states’ rights to enact stronger provisions; and
- establishes a federal data protection agency to enforce these new rules.
EPIC has been calling for comprehensive federal privacy legislation for over 20 years. In July 1999, then-EPIC Executive Director Marc Rotenberg testified before Congress and said:
[T]he recent developments in the online industry make clear the need for privacy legislation. For those who are willing to look closely, there is little indication that self-regulation is working. Privacy policies read more like warning notices and disclaimers. The proposed merger of Internet advertising giant Doubleclick and the largest catalog database firm Abacus demonstrates many of the shortcomings of the self- regulatory approach. The merger would significantly undermine online privacy as advertising is radically transformed. In the absence of a legal framework for online privacy, Internet-based services are also being offered without privacy protections that would otherwise be required. The Internet is quickly becoming a privacy-free zone, where companies can push new products past an unsuspecting public.
He went on to warn of what has become the surveillance advertising ecosystem of today:
In practical terms, advertising will be radically transformed. Where once advertisers could reach segmented markets and still allow potential customers who browsed a news magazine or watched a television show to safeguard their privacy, now advertisers will literally be watching potential customers even as those customers are reading web-based ads. Enormously detailed secret profiles of Internet users will be developed based on transactional records, purchase histories, and clickstream data.
But Congress failed to act in 1999 and in the over 20 years since then, and EPIC’s predictions unfortunately came true. Earlier this year, EPIC Deputy Director Caitriona Fitzgerald said in testimony before Congress:
The United States faces a data privacy crisis. Large and powerful technology companies invade our private lives, spy on our families, and gather the most intimate details about us for profit. […] These industries and systems have gone unregulated for more than two decades. And the result has been uncontrolled data collection, large scale data breaches, and an ecosystem dependent on a few large commercial surveillance platforms. […] We need comprehensive, baseline privacy protections for every person in the United States, changes to the business models that have led to today’s commercial surveillance systems, limits on government access to personal data, and strong enforcement of privacy protections.
Recent Documents on Proposed U.S. Privacy Legislation
-
Statements
EPIC Statement re: Data Privacy Act of 2023
-
Testimony
Hearing on “Big Data: Privacy Risks and Needed Reforms in the Public and Private Sectors”
EPIC's testimony regarding privacy risks in the public and private sector and what a privacy law should look like.
Top Updates
EPIC's Experts on Proposed U.S. Privacy Legislation
-
Caitriona Fitzgerald
Deputy Director
-
Alan Butler
Executive Director and President
-
John Davisson
EPIC Senior Counsel and Director of Litigation

Support Our Work
EPIC's work is funded by the support of individuals like you, who help us to continue to protect privacy, open government, and democratic values in the information age.
Donate