The federal government's chief auditor has recommended Congress consider developing legislation to beef up consumers' internet data privacy protections. much like the EU's General Data Protection Regulation.
The recommendation was included in a 56-page report (PDF) issued Wednesday by the Government Accountability Office, the government agency that provides auditing, evaluation and investigative services for Congress. The report was prepared at the request two years ago by Rep. Frank Pallone Jr. (D-N.J.), chairman of the House Energy and Commerce Committee, which has scheduled a hearing to discuss the subject for Feb. 26.
"Since I requested this report, the need for comprehensive data privacy and security legislation at the federal level has only become more apparent," Pallone said in a statement. "From the Cambridge Analytica scandal to the unauthorized disclosures of real-time location data, consumers' privacy is being violated online and offline in alarming and dangerous ways."
In making its recommendation, the GAO cited Facebook's Cambridge Analytica scandal, saying the episode was just one of many recent internet privacy incidents in which users' personal data may have been improperly disclosed.
The GAO suggests giving the Federal Trade Commission more authority over internet privacy enforcement but also raised concerns about the commission's enforcement abilities. Noting that the FTC is already the de facto authority over internet privacy in the US, the GAO found that the FTC filed 101 internet privacy enforcement actions in the past decade. Nearly all of those cases resulted in settlement agreements, and in most cases, no fines were issued because the FTC lacked the authority in those cases.
"Recent developments regarding Internet privacy suggest that this is an appropriate time for Congress to consider comprehensive Internet privacy legislation," the GAO report said. "Although FTC has been addressing Internet privacy through its unfair and deceptive practices authority, among other statutes, and other agencies have been addressing this issue using industry-specific statutes, there is no comprehensive federal privacy statute with specific standards."
The FTC began investigating Facebook last year after it was revealed that Cambridge Analytica, a digital consultancy linked to the Trump presidential campaign, improperly accessed data from as many as 87 million Facebook users. The agency is looking into whether Facebook's actions violated a 2011 agreement with the government in which it pledged to improve its privacy practices. Facebook has said it didn't violate the consent decree.
Creating a US internet privacy law like the GDPR has won some support from tech leaders. Apple CEO Tim Cook hasand said he supports a "comprehensive federal data privacy law" in the US.
"It is up to us, including my home country, to follow your lead," he told the European Parliament in October.