Overview
Title
To establish a centralized system to allow individuals to request the simultaneous deletion of their personal information across all data brokers, and for other purposes.
ELI5 AI
H.R. 2612, called the DELETE Act, is about creating a big, easy-to-use button on the internet that lets people erase their personal information from all the places that collect it at once. The law says these places must listen to this button and remove the information, and some grown-ups will check to make sure everyone follows the rules.
Summary AI
H.R. 2612, also known as the DELETE Act, aims to establish a centralized system allowing individuals to request the deletion of their personal information across all data brokers simultaneously. The bill requires data brokers to register annually with the Federal Trade Commission (FTC) and provide specific information about their data collection practices. The FTC will create a system enabling individuals to submit deletion and opt-out requests in one place, which data brokers must honor by removing the requested information from their records. The bill includes provisions for regular audits, the payment of annual fees by data brokers, and FTC enforcement to ensure compliance.
Published
Keywords AI
Sources
Bill Statistics
Size
Language
Complexity
AnalysisAI
The proposed "Data Elimination and Limiting Extensive Tracking and Exchange Act," also known as the "DELETE Act," aims to enhance personal data protection in the United States by regulating data brokers. Data brokers are entities that collect and sell personal information without direct consumer relationships. The bill seeks to create a centralized system allowing individuals to request the deletion of their data across all registered data brokers, which will be enforced by the Federal Trade Commission (FTC).
General Summary of the Bill
The DELETE Act primarily focuses on establishing a comprehensive framework for data deletion handled through a centralized system managed by the FTC. This system will enable individuals to submit a single request that leads to the deletion of their personal information from all data brokers who hold it. The bill mandates annual registration for data brokers with the FTC and requires them to report their data collection and opt-out practices. Additionally, it imposes regular audits and report submissions to ensure compliance, while allowing for certain limited exceptions where data may be retained for legal or research purposes.
Summary of Significant Issues
The bill contains several significant issues:
Lack of Explicit Penalties: It does not specify penalties for data brokers who fail to comply with the deletion requests, potentially weakening enforcement efforts.
Complex Exception Language: The language used to describe exceptions to data retention by brokers is complex and could lead to inconsistent enforcement.
Privacy Concerns for Identifiers: Individuals must provide multiple identifiers when requesting data deletion, potentially raising privacy concerns as the bill lightly outlines the security measures for handling such data.
Retention Periods for Hashed Data: The absence of maximum retention periods for hashed registries maintained by the Commission could lead to endless data storage.
Financial Burden on Data Brokers: The bill requires regular third-party audits, which might impose financial burdens on smaller data brokers.
Preemption Clause Vagueness: The bill's criteria for determining when state laws offer greater protection than federal law are unclear, which might cause legal uncertainty.
Impact on the Public Broadly
For the general public, this bill could lead to better control over personal information shared with data brokers, potentially reducing unwanted tracking and data usage. However, individuals may have apprehensions regarding the safety and privacy of submitting multiple identifiers for data deletion requests.
Impact on Specific Stakeholders
Individuals: The primary beneficiaries, individuals will gain a significant tool for managing their digital privacy. However, concerns about the security and handling of their information submitted during deletion requests remain.
Data Brokers: The bill imposes additional operational requirements, including registration, fee payments, and audits, which might increase operational costs. Smaller brokers might face financial difficulties adhering to these new regulations.
Federal Trade Commission: The FTC will take on increased responsibilities for regulating data broker compliance, conducting studies, auditing brokers, and managing the centralized deletion system.
State Governments: Given the preemption clause, state governments may experience conflicts if their privacy laws provide greater protection than federal law, potentially leading to legal contests.
In summary, while the DELETE Act could significantly impact how personal data is managed and deleted, it also introduces complex challenges in implementation, especially concerning penalties, privacy, and compliance burdens on data brokers. Stakeholders will need to carefully navigate these aspects to balance privacy protection with practical operational requirements.
Issues
The section on data deletion requirements lacks explicit penalties for data brokers who fail to comply, which may lead to enforcement challenges and could undermine the effectiveness of the centralized deletion system. (Section 2)
The complex and potentially inconsistent language used to describe exceptions where a data broker may retain personal information can lead to differing interpretations and affect the uniform enforcement of data privacy protections. (Section 2)
The provision requiring individuals to provide multiple personal identifiers for data deletion requests raises privacy concerns, as security measures are not comprehensively outlined in the bill. (Section 2)
The lack of specified maximum retention periods for hash registries by the Commission could result in indefinite retention of individuals' data, which counters the intent of privacy protection. (Section 2)
The centralized system's requirement for periodic independent third-party audits may impose significant financial burdens on data brokers, particularly smaller businesses, leading to potential resistance or non-compliance. (Section 2)
The bill's preemption clause is vague regarding the criteria used to evaluate when a state law provides greater protections than the federal act, which could create legal uncertainty and challenges in harmonizing state and federal law. (Section 2)
The explanations surrounding the annual subscription fee calculation for data brokers lack clarity and transparency, potentially leading to confusion or perceived unfair billing practices. (Section 2)
The provision allowing the use of hashed queries with salts provided by the Commission may be complex to execute practically and could present security and operational challenges. (Section 2)
The lack of public safety or welfare criteria clarity for withholding certain information from public access might lead to inconsistent and potentially unjustified decisions by the Commission. (Section 2)
Sections
Sections are presented as they are annotated in the original legislative text. Any missing headers, numbers, or non-consecutive order is due to the original text.
1. Short title Read Opens in new tab
Summary AI
The first section of this bill states that the official name for the legislation is the “Data Elimination and Limiting Extensive Tracking and Exchange Act” or simply the “DELETE Act.”
2. Data deletion requirements Read Opens in new tab
Summary AI
The bill requires data brokers to register annually with the FTC and provide specific information, including details on data collection and opt-out processes. It also mandates the creation of a centralized system enabling individuals to request the deletion of their personal information from data brokers and to cease future data collection, with brokers required to process these requests regularly. The FTC is tasked with overseeing enforcement, conducting audits, and reporting on the implementation and effectiveness of this system.