While the bill is touted as a privacy protection measure, members of Friends of Hamilton, a citizen group that advocates for legislators following the Constitution, say the bill’s language might have the opposite effect of protecting Tennesseans from having their data used against them.
A spokesperson for the House Republican Caucus said, “Rep. Garrett is continuing to work with stakeholders, businesses, and consumers to make sure the language of the bill is in the best posture to secure its passage.” He added the amendment is only expected to include some minor changes to the bill as currently written.
The Legislation
Rep. Garrett told The Epoch Times the legislation was inspired by privacy concerns of his young children and their friends.“What’s out there that makes companies protect your data,” Garrett said he asked himself. “Come to find out, there’s nothing out there, this is sort of an unregulated space,” he said.
“This was born by figuring out how to make companies that engage in data collection and the sale of data ... somehow be regulated,” he said. “Somehow, you would have the ability to know what they’re collecting, that they’re keeping it protected, or if they transferred to somebody else or sell it to somebody else.
The Bill’s Exemptions
There are many companies or entities that would be exempted from the bill. However, Garrett said the exemptions exist because those entities may already be covered by different laws and regulations.“The exemptions are there because there’s some industry like your healthcare, insurance, credit reporting agencies—they are already subject to federal laws that say how they must protect your data,” he explained. “And so, I don’t want them to be doubly regulated.”
As for how those entities would be covered if federal laws were theoretically removed, he said he was not worried as many laws, such as HIPAA (Health Insurance Portability and Accountability Act) and FERPA (Family Educational Rights and Privacy Act), are a standard that won’t be going anywhere.
“Now, you can go online and grab your data about your blood draw or whatever, that stuff is protected by HIPAA, so there’s no need to have another law to say they can’t share or sell that information.”
He added the protections are there for between “95-100 percent” of the exemptions in his bill.
“If there’s not already a state or federal law that covers your interaction with a business, that’s the purpose of this legislation: to cover those that aren’t already covered under some federal or state law,” he said. “That would be the purpose of this, is that [consumers] have rights and recourse to have [companies] delete their data, have [companies] give them a copy of their data, or to never sell or transfer their data.”
The mechanism of enforcement would be for consumers, if any company violates their rights under the statute, to contact the Tennessee Attorney General’s office who would then explore any potential claims on behalf of the individual.
Concern About Exemptions and Social Credit Scores
Chris Matthews, founder and president of Friends of Hamilton, said the argument for including exemptions since they are covered by U.S. Code does not sit well with him.“If something is indeed exempt by U.S. Code, it should just be referenced in the bill for each specific exemption,” he said in a phone interview with The Epoch Times. “I think they’re playing a shell game in there.”
Concerns brought forward by Matthews and Friends of Hamilton include exemptions related to: bodies, boards, commissions, agencies of the state, political subdivisions of the state, entities under the U.S. Department of Health and Human Services’ governance, non-profit organizations, and institutions of higher learning.
Under the legislation, they say, the City is exempted as well as UT Chattanooga from regulations under the bill.
“So all of the data obtained by them collectively or independently is fully exempt from this privacy bill,” Matthews said.
Another concern is an exemption for personal information, processed and related to “human subjects research conducted in accordance with good clinical practice guidelines issued by The International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human Use.”
“International, harmonization, pharma, tech, humans: these are words that should never be together,” Matthews said.
Another exemption the group is concerned about is “the collection, maintenance, disclosure, sale, communication, or use of personal information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a consumer reporting agency or furnisher that provides information for use in a consumer report, and by a user of a consumer report, but only to the extent that such activity is regulated by and authorized under the federal Fair Credit Reporting Act.”
The group views the language of this exemption in particular as being akin to a “social credit score.”
Last Year’s Bill
A similar bill was proposed by Garrett last year but never made it to the House or Senate floor for a vote.He said the biggest hurdle to the bill passing then was the business world being “a little bit fearful of the cost of complying with the regulations.”
He said the reason was because a California privacy law imposes regulations that are “extremely cumbersome … and very expensive” for companies to comply with. He said the bill needed to be reworked and legislators needed more education on the matter.
As far as costs for his proposed bill, Garrett said he didn’t see there being much of a cost for companies other than paying employees or possibly buying some software.
“[The Act] was proposed in the Tennessee State House of Representatives as an amendment to an existing bill dealing with campaign finance disclosures,” the group states in an overview.
