IN THE SENATE OF THE UNITED STATES
July 31, 2019
Mrs. Feinstein introduced the following bill; which was read twice and referred to the Committee on Rules and Administration
To amend the Federal Election Campaign Act of 1971 to ensure privacy with respect to voter information.
This Act may be cited as the
Voter Privacy Act of 2019.
Congress makes the following findings:
According to the Pew Research Center, 90 percent of Americans reported using the internet in 2019, which was an increase from 52 percent in 2000.
Internet service providers, browsers, websites, search engines, email providers, device manufacturers, and certain social media companies collect unique data on nearly every American’s online and increasingly offline activities, every day.
One United States based search engine advertises its ability to track hundreds of categories of data about specific individuals including age, gender, occupation, income level, sexual orientation, national origin, religion, medical conditions such as AIDs, erectile dysfunction, bipolar disorder, eating disorders, and sexually transmitted diseases, family information such as number of children, children with special needs, infertility, and substance misuse, and support for social issues such as reproductive rights, unions and labor issues, and support for gun rights.
Targeting services, such as certain large search engines and social media platforms, maintain sophisticated data profiles on nearly every American. These targeting services are used by third parties to target and deliver communications to specific individuals based on their sensitive personal information, even if a third party does not control any individual’s personal information.
In testimony before the Committee on the Judiciary of the Senate titled,
Understanding Digital Advertising Ecosystem and the Impact on Data Privacy, the Committee received the following testimony regarding behavioral advertising:
almost every single time you visit a website: data about you is broadcast to tens or hundreds of companies, which lets advertisers compete for the opportunity to show you an ad. Advertising is necessary, and this sounds OK. But wait until you hear what information about you is in that big broadcast: it can include your – inferred sexual orientation, political views, whether you are Christian, Jewish, or Muslim, etc., whether you have AIDs, erectile dysfunction, or bi-polar disorder. It includes what you are reading, watching, and listening to. It includes your location, sometimes right up to your exact GPS coordinates. And it includes unique ID codes that are as specific to you as is your social security number, so that all of this data can be tied to you over time. This allows companies you have never heard of to maintain intimate profiles on you, and on everyone you have ever known..
Online surveillance techniques are becoming more sophisticated. According to the Center for Information Technology Policy at Princeton University, new website tracking software can provide real-time surveillance of an individual’s online activity:
Unlike typical analytics services, that provide aggregate statistics, these scripts are intended for recording and playback of individual browsing sessions, as if someone is looking over your shoulder..
The volume of data now publicly available and attributable to a specific individual permits researchers to infer private information about that individual that the individual never disclosed publicly.
According to a study from researchers at Cambridge University and Microsoft Research, an individual’s social media posts, pictures, and profile information can be combined to reliably infer that individual’s latent personality traits, including openness, conscientiousness, extraversion, agreeableness, and neuroticism. Prior to internet-based data tracking, the only way to obtain that type of sensitive psychological data would have been for an individual to elect to respond to a detailed personality questionnaire.
According to a study published by the National Academy of Sciences, computers can predict an individual’s latent personality traits better than humans. Specifically, researchers found that a computer needed only 10 social media impressions to better predict an individual’s responses to a personality questionnaire than a coworker, 70 for a cohabitant or friend, 150 for a family member, and 300 for a spouse.
Communications tailored to an individual’s unique personality traits are designed to manipulate cognitive function rather than to persuade via appeals to rational decision making. A forthcoming publication by Julie E. Cohen titled
Between Truth and Power describes the phenomenon as follows
The operation of the digital information environment has begun to mimic the operation of the collection of brain structures that mid-twentieth-century neurologists christened the limbic system and that play vital roles in a number of precognitive functions, including emotion, motivation, and habit-formation, and observed that
today’s networked information flows are optimized to produce what social psychologist Shoshana Zuboff calls instrumentarian power: They employ a radical behaviorist approach to human psychology to mobilize and reinforce patterns of motivation, cognition, and behavior that operate on automatic, near-instinctual levels and that may be manipulated instrumentally.
According to numerous studies, messages tailored to an individual’s unique personality traits are materially more effective at altering an individual’s behavior.
A recent study published in the National Academy of Sciences found that it is possible to conduct psychological manipulation efforts online that are targeted and customized to each individual’s unique personality traits on a national scale.
Candidates, campaigns, and political organizations are increasingly using online data to infer personality traits and other psychological characteristics regarding specific United States persons, using that nonpublic information to target psychologically manipulative communications and using algorithms and other automated processes to automatically refine communications over time to improve their effectiveness.
According to a study titled
Voter Privacy in the Age of Big Data, political entities
assemble a vast array of [personally identifiable information] into detailed dossiers on practically every American voter in order to target voters with individualized messages … Most voters are ignorant of the steps taken to create these dossiers and know even less about related targeting practices..
The study further found that
Political databases hold records on almost 200 million eligible American voters. Each records contains hundreds if not thousands of fields derived from voter rolls, donor and response data, campaign web data, and consumer and other data obtained from data brokers, all of which is combined into a giant assemblage … Ubiquitous personal identifiers (name, address, telephone numbers, email addresses, IP addresses, cookies, mobile devices IDs, and other unique IDs) allow campaigns to link and integrate these diverse data sets, while data mining and sophisticated statistical techniques allow them to engage in highly strategic and cost-effective analysis and targeting, and that
Campaign insiders and paid consultants who not only view voter microtargeting as highly effective but also have assigned it a crucial role in determining the outcome of the past three presidential campaigns..
The political consulting firm Cambridge Analytica reportedly used a database of 220,000,000 Americans, including thousands of unique data points on each individual and inferred personality trait analysis, to conduct
psychological operations changing people’s minds not through persuasion but through . Cambridge Analytica reportedly worked in 44 United States elections in 2014 and another 50 in 2016, including on behalf of 2 major Presidential campaigns.
informational dominance, a set of techniques that includes rumor, disinformation and fake news
In Sorrell v. IMS Health Inc., the Supreme Court invalidated a Vermont State law regarding restrictions on the use of personal information as violating the First Amendment. The court held that the government’s prohibition
disfavor[ed] … speech with a particular content, namely marketing, and
disfavor[ed] specific speakers, namely pharmaceutical manufacturers because it interfered with the manufacturers’ attempts to persuade recipients to use their products. Psychological targeting techniques seek to manipulate, not to persuade.
In Citizens United v. FEC, the Supreme Court invalidated the Federal Election Campaign Act’s prohibition on corporate independent expenditures on the grounds that
the First Amendment does not allow political speech restrictions based on a speaker’s corporate identity. Allowing individuals to control the use of their own personal information in the context of an election does not restrict the political speech of any person based on their identity.
In Buckley v. Valeo, the Supreme Court invalidated the Federal Election Campaign Act’s expenditure limitations, finding that they
impose direct and substantial restraints on the quantity of political speech. Allowing individuals to control the use of their own personal information in the context of an election does not limit the any person’s quantity of political speech.
Sense of Congress
It is the sense of Congress that—
the Federal Government has a compelling interest in protecting voters from surveillance and manipulation; and
the Voter Privacy Act of 2019 is the most narrowly tailored approach to protecting voters from psychological manipulation online, however the Federal Government’s interest would justify additional prohibitions if this Act is insufficient.
Voter data privacy
Title III of the Federal Election Campaign Act of 1971 (52 U.S.C. 30101) is amended by adding at the end the following new subtitle:
Privacy of Voter’s Personal Information
In this subtitle:
covered entity means—
any candidate, political committee, national committee, connected organization, or political party (as those terms are defined in section 301);
any political organization under section 527 of the Internal Revenue Code of 1986; and
any person that obtains an individual’s personal information for the purpose of conducting—
a public communication as defined in section 301(22), except for purposes of this subtitle such term includes a communication by means of any paid internet or paid digital communication;
an electioneering communication as defined in section 304(f)(3);
any communication that would be an electioneering communication as defined in such section if such section were applied—
by taking into account communications made over the internet;
without regard to subparagraph (A)(i)(III) of such section with respect to communications described in subclause (I) of this clause; and
by treating the facilities of any online or digital newspaper, magazine, blog, publication, or periodical in the same manner as the facilities of a broadcasting station for purposes of subparagraph (B)(i) of such section;
an independent expenditure as defined in section 301(17); or
a generic campaign activity as defined in section 301(21).
The term targeting service means any interactive computer service, as defined in section 230(f)(2) of the Communications Act of 1934 (42 U.S.C. 230(f)(2)), that allows a third party to target communications to an individual based on that individual’s personal information.
The term individual means a natural person, however identified, including by any unique identifier.
Subject to subparagraph (B), the term personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household that includes—
identifiers such as internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers;
characteristics of any protected class under title VII of the Civil Rights Act of 1964 (42 U.S.C. 2000e et seq.);
commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
internet or other electronic network activity information, including browsing history, search history, and information regarding consumer’s interaction with an internet website, application, or advertisement;
health insurance information;
audio, electronic, visual, thermal, olfactory, or similar information;
professional or employment-related information;
education information; and
inferences drawn from any of the information identified in this subparagraph to create a profile regarding an individual reflecting the individual’s preferences, characteristics, psychological traits, psychographic modeling, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
The term personal information does not include the following:
Publicly available information.
Aggregate polling information.
For purposes of clause (i):
Publicly available information
publicly available information means information obtained from a Federal, State, or local voter registration database that is lawfully made available to the public.
The term deidentified information means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual.
Aggregate polling information
The term aggregate polling information means information that relates to a group or category of individuals, from which individual identities have been removed, that is not linked or reasonably linkable to any known individual, including via a device or other unique identifier.
The term biometric information means an individual’s physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
Health insurance information
The term health insurance information means an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify a person, or any information in the individual’s application and claims history.
Categories of personal information
The term categories of personal information means the enumerated categories of information described in clauses (i) through (xi) of paragraph (4)(A), except as modified pursuant to regulations or guidance of the Commission pursuant to section 359(b).
The term verifiable request means a request made by an individual that a covered entity can reasonably verify, pursuant to regulations adopted by the Commission pursuant to section 359, to be the individual about whom the covered entity has collected information.
Collect or collected
The terms collect or collected mean, with respect to an individual, any personal information that is gathered directly from that individual.
The term received means any individual’s personal information that is not collected by a covered entity directly from that individual, including any personal information that is bought, rented, licensed, acquired, or accessed, by a covered entity from any third party.
The term obtained means any personal information that is either collected or received.
The term processing means any operation or set of operations that are performed on personal information or on sets of personal information, whether or not by automated means.
third party means a person who is not—
the person that collects an individual’s personal information directly from that individual; or
a person to whom a covered entity discloses an individual’s personal information for processing pursuant to a written contract, provided that the contract prohibits the person receiving the personal information from—
selling or transferring the personal information to a third party; or
retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the written contract.
Voter’s right of access
An individual shall have the right to direct a covered entity that obtains an individual’s personal information to disclose to that individual the categories of personal information and specific pieces of personal information the covered entity has obtained with respect to the individual.
A covered entity that receives a verifiable request from an individual to access that individual’s personal information pursuant to subsection (a), shall provide the requested information in accordance with subsection (e).
A covered entity shall provide the information specified in subsection (a) only upon receipt of a verifiable request.
A covered entity shall comply with all verifiable requests made pursuant to subsection (a) within a reasonable period after receiving such a request, but not later than 10 calendar days after receiving such a request.
Each request under subsection (a), with respect to the personal information of the requesting individual, shall include the following:
The categories of personal information obtained regarding that individual.
The specific sources from which the personal information was obtained.
The specific third party or third parties to whom the personal information has been transferred or disclosed.
The period for which the personal information will be stored by the covered entity.
The existence of the right of an individual to request a copy of that individual’s specific pieces of personal information under subsection (f).
The existence of the right of an individual to request erasure of that individual’s personal information under section 353.
The existence of the right to request prohibition of the transfer of personal information to any third party under section 354.
Information regarding the right to lodge a complaint with the Commission under section 309(a) as described in section 356 regarding any potential violation of this subtitle.
Specific pieces of personal information
In addition to the information provided under subsection (e), upon specific, verifiable request an individual shall have the right to access all of that individual’s specific pieces of personal information obtained by a covered entity.
A covered entity shall provide information as required under this section to the requesting individual in a concise, and easily accessible form, using clear and plain language. The information required under this subsection may be delivered by mail or electronic mail, or made available via a secured internet website.
A covered entity that receives a verifiable request from an individual shall provide information required under this section free of charge.
A covered entity shall not be required to provide an individual's personal information to the individual pursuant to this section more than two times in a 12-month period.
Prohibition on third-Party requests
No third party shall submit a verifiable request to a covered entity on behalf of another individual. No individual may authorize a third party to submit a verifiable request to a covered entity on their behalf.
Voter’s right of erasure
An individual shall have the right to direct a covered entity to delete any of that individual’s personal information obtained by a covered entity.
A covered entity that receives a verifiable request to delete an individual's personal information pursuant to subsection (a)—
shall immediately cease processing such personal information, and as soon as practicable, permanently delete such information, except as provided under subsections (c), (d), and (e); and
shall not, unless the covered entity receives written authorization from the individual, re-collect or otherwise obtain any of the individual's personal information, except as provided under such subsections.
The requirement to delete personal information in subsection (b) does not apply to publicly available information as defined in this subtitle.
Notwithstanding subsections (a) and (b), a covered entity shall maintain such personal information as is necessary to maintain adequate records of a request to delete information under subsection (a) or to comply with section 352(e)(3) and section 354 of this subtitle. Any personal information retained consistent with this subsection shall not be processed for any other purpose, and shall be reviewable by the Commission.
A covered entity shall provide confirmation to the individual requesting deletion of personal information under subsection (a) not later than 5 days following the deletion of the information.
Voter’s right to prohibit transfer
An individual shall have the right to direct a covered entity not to sell or otherwise transfer any of that individual’s personal information obtained by a covered entity to any third party.
A covered entity that receives a verifiable request from an individual not to transfer that individual’s personal information pursuant to subsection (a), shall not transfer that personal information directly or indirectly to a third party.
A covered entity that seeks to sell or transfer an individual’s personal information to any third party shall provide notice as required under section 355(b)(3).
Notwithstanding section 353, a covered entity shall retain sufficient records, including any necessary personal information, to determine whether an individual has directed the covered entity not to transfer that individual’s data to a third party. Any personal information retained pursuant to this section shall not be used for any other purpose, and shall be reviewable by the Commission.
Prohibition on transfer overseas
It shall be unlawful for any covered entity to knowingly transfer outside of the United States any individual’s personal information, publicly available information, or anonymized information as defined in this subtitle.
Any person who violates paragraph (1) shall be fined under title 18, United States Code, imprisoned not more than 3 years, or both.
Notice of receipt of voter’s personal information
A covered entity that receives any individual’s personal information from a third party shall inform such individual as to the scope and purpose of receiving such personal information.
A covered entity shall provide notice required in subsection (a) to an individual within a reasonable period after receiving that individual’s personal information, but not later than—
except as provided in paragraphs (2) and (3), 30 days after receiving such information, or if personal information is received in an anonymized format then 30 days after the personal information is connected to an identifiable individual;
if the personal information is to be used for a communication or targeted advertisement with an individual, at the time of the first communication with that individual; and
if the personal information is to be transferred or sold to a third party, 14 days prior to that transfer or sale.
Notice required under subsection (a) shall include the following:
The identity and the contact information of the covered entity.
The categories of personal information received.
The purposes for which the personal information was received.
The period for which the personal information will be retained.
The existence of the right to request from the covered entity access to all specific pieces of personal information under section 352(f).
The existence of the right of an individual to request erasure of all that individual’s personal information obtained by a covered entity under section 353.
The existence of the right of an individual to prohibit the transfer of that individual’s personal information to a third party under section 354.
Information regarding the right to lodge a complaint with the Commission under section 309(a) as described in section 357 regarding any violation of this subtitle.
Notice required under subsection (a) shall be provided in a concise and easily accessible form, using clear and plain language.
Notice required under subsection (a) shall be provided at no cost to any individual with respect to whom a covered entity has received personal information.
A covered entity shall not receive additional categories of personal information, process personal information for an additional purpose, or transfer personal information to an additional third party without providing such persons notice consistent with this section.
Voter’s right to prohibit targeting based on personal information
An individual shall have the right to prohibit a targeting service from using that individual's personal information to deliver targeted communications to that individual—
on behalf of a covered entity; and
on behalf of all covered entities.
A targeting service that receives a verifiable request pursuant to paragraph (1) or (2) of subsection (a)—
shall immediately cease providing access, use, or processing of that individual’s personal information to any or all covered entities with respect to which such request is made, including for use in delivering targeted communications to that individual based on that individual’s personal information; and
shall not provide any future access, use, or processing of that individual’s personal information to any or all covered entities with respect to which such request is made, including for use in delivering targeted communications to that individual based on their personal information without express written permission from that individual.
Notice by covered entity
A covered entity shall provide notice to a targeting service of the covered entity's status as a covered entity under this subtitle, prior to accessing, using, or processing any individual’s personal information provided by the targeting service.
Notice by targeting service
A targeting service shall provide notice to any individual whose personal information is accessed, used, or processed, including for use in delivering a targeted communication based on that individual’s personal information, by a covered entity.
Notice required under paragraph (1)(B) shall include—
the identity and the contact information for the targeting service;
the identity and the contact information of the covered entity;
the categories of personal information accessed, used, or otherwise made available to a covered entity, including any personal information used to target an advertisement or other information to that individual on behalf of a covered entity; and
information on the right of an individual to prohibit a covered entity or all covered entities from using a targeting service to deliver advertisements or other information to that individual based on that individual’s personal information under this section.
Notice required under paragraph (1)(B) shall be provided by a targeting service at the time of each targeted communication with an individual by the targeting service on behalf of a covered entity that is based on the individual’s personal information.
Notice required under paragraph (1)(B) shall be provided in a concise and easily accessible form, using clear and plain language.
A targeting service shall provide confirmation of an individual’s verifiable request to prohibit targeted communications from a covered entity or all covered entities based on that individual’s personal information not later than 3 days following receipt of a verifiable request from that individual pursuant to subsection (a).
A targeting service shall maintain adequate records of any individual’s request under subsection (a) and, if applicable, any written permission provided under subsection (b)(2) to ensure such individuals do not receive targeted communications from a covered entity unless such written permission is provided.
A covered entity shall maintain records of all notices provided to a targeting service as required under subsection (c)(1)(A).
All records required under this subsection shall be reviewable by the Commission.
Rule of construction
Nothing in this section shall be interpreted—
to prohibit a covered entity from using a targeting service to deliver information to an individual that is not based on that individual’s personal information; or
to prohibit a targeting service from using an individual’s personal information to deliver targeted communications to that individual on behalf of a third party that is not a covered entity.
Right to lodge a complaint
An individual who believes a violation of this subtitle has occurred may file a complaint with the Commission pursuant to section 309(a).
Any person who knowingly and willfully commits a violation of any provision of this subtitle shall be fined under this title or imprisoned not more than 3 years, or both.
Not later than 180 days after the date of enactment of this subtitle, the Commission shall conduct a rulemaking to implement the requirements of this subtitle, including to provide guidance on the definition of a
verifiable request, which will ensure individuals can exercise their rights under this subtitle in a secure manner.
Updating as needed
The Commission shall produce and update as needed guidance and regulations relating to adding categories of personal information for purposes of this subtitle in addition to those described in section 351(4)(A), in order to address changes in technology, data practices of covered entities, and privacy concerns.
If any provision of this Act or amendment made by this Act, or the application of a provision or amendment to any person or circumstance, is held to be unconstitutional, the remainder of this Act and amendments made by this Act, and the application of the provisions and amendment to any person or circumstance, shall not be affected by the holding.
The amendments made by this Act shall apply with respect to personal information obtained, stored, or processed on or after 360 days after the date of enactment of this Act, and shall take effect without regard to whether or not the Federal Election Commission has promulgated regulations to carry out such amendments.