OKLAHOMA CITY – Several measures that address concerns about data privacy and data manipulation have been introduced for consideration by state lawmakers this year.
The legislation includes House Bill 1602, the Oklahoma Computer Data Privacy Act; House Bill 1125, which would amend the Oklahoma Consumer Protection Act; House Bill 1126, which would regulate electronic mail monitoring of employee accounts; and House Bill 1130, a “data transparency” measure. The four-month First Regular Session of the 58th Legislature opened February 1.
• HB 1602 would require internet technology companies to obtain explicit permission to collect and sell personal data. The legislation was filed by state Reps. Josh West, R-Grove, and Collin Walke, D-Oklahoma City.
“For far too long we have pretended the data that technology companies collect from us is harmless,” West said. “Over the past several years, we have seen how our data can be used by tech companies to manipulate ourselves and others. That doesn’t even take into consideration the fact that these companies are free to sell our information to whomever they choose. We must realize that when the services are free, we become the product.”
The legislation would be one of the first “opt-in” data privacy bills in the nation, the authors said.
“Historically, Americans have had concerns about the extent of surveillance by the government, which is why we have the 4th Amendment,” said Walke. “However, since development of the internet, we have been willingly providing much more intimate information to tech companies whose sole motive is profit. The fruits of data harvesting and data manipulation are now plainly visible and lead only toward a dystopian future in which nothing we say or do is private.”
HB 1602 would ensure that tech companies receive “only the data that we explicitly consent to them having, and would allow individuals to protect that right through private causes of action,” Walke said.
• HB 1125 provides that an individual violates the Oklahoma Consumer Protection Act if he/she “knowingly makes false or misleading statements in a privacy policy” that’s published on the internet or otherwise distributed or published, “regarding the use of personal information submitted by members of the public.”
That bill was filed by state Rep. Logan Phillips, R-Mounds.
• HB 1126, also by Phillips, would require employers to provide their employees with prior written notice before engaging in electronic email monitoring of employee accounts.
The penalty for an initial violation would be $500 fine, a $1,000 fine would be levied for a second offense, and a $3,000 fine would be assessed for a third or subsequent infraction.
However, the bill provides for an exception if the employer has “reasonable grounds to believe that employees are engaged in illegal conduct” and monitoring “may produce evidence of this misconduct.”
HB 1126 also would require all state agencies, institutions or political subdivisions that “operate or maintain an electronic mail communications system” to adopt a written policy in re monitoring electronic mail communications “and the circumstances under which it shall be conducted.”
• HB 1130 mandates that any person, company or website that operates an online business or web page that collects a consumer’s personal digital information or data must post, in a conspicuous position on its homepage “in a plain readable format,” the categories of personal information to be collected” and the purposes for which that information would be used.
A business would be forbidden from collecting or using “additional categories” of personal information unless the consumer was given advance notice.
A violation of the proposed law would result in a $1,000 fine for a first offense and $5,000 for each subsequent offense.
HB 1130, too, was authored by Phillips.