Trump administration takes new steps on crafting data privacy framework

WASHINGTON -- The Trump administration took new, preliminary steps toward crafting a nationwide data privacy policy, issuing a request for comments from interested stakeholders on a proposed framework put forward Tuesday by the Commerce Department.

The National Telecommunications and Information Administration (NTIA), an executive-branch agency responsible for advising the president on telecommunications issues, made public a 7-part proposal that noted the drawbacks of a "nationally and globally fragmented regulatory landscape."

The proposal -- a product of months-long consultations with dozens of industry, privacy and government groups -- lays out goals related to transparency, security and control of personal data that is collected by internet companies.

During a call with reporters, NTIA Administrator David Redl said the agency, in its meetings, had heard "an almost universal consensus that there is a need for administration leadership on issues of consumer privacy domestically, and for continued U.S. leadership globally."

"In particular we've heard concerns about a potential regulatory patchwork due to fragmentation in state laws," he said.

Election hacking: How computers can be attacked

There are currently more than 50 data-breach laws enacted across the United States and its territories. In June, California passed a strict and sweeping digital privacy law that gives consumers broad control over their personal data.

The European Union has also passed its own, even stricter, data protection legislation; the General Data Protection Regulation (GDPR) replaced the bloc's own set of patchwork regulations in late May.

The NTIA's proposed framework draws on, but is distinct from, the EU's rules, said Diane Rinaldo, Deputy Administrator of NTIA. "To put it simply, our outcomes share the same goals as the GDPR principles, but our approach is different," Rinaldo, who led the request for comment process, told CBS News.

"Given the many different business models across the economy, we are seeking flexibility and a risk-based system," she said.

GDPR rolls out in Europe, giving people more control over their data

Interest in a more uniform approach to data privacy protection has escalated in the wake of revelations about Facebook's involvement with political data firm Cambridge Analytica and in prominent consumer data breaches like the 2017 incident involving credit-monitoring giant Equifax. On Wednesday, the Senate Commerce Committee will hear from executives from Twitter, Amazon, Google and AT&T, among others, on matters of consumer privacy.

The NTIA's Redl indicated that the agency had held "preliminary conversations" with Capitol Hill staff about the possibility of federal legislation but is awaiting further comment before moving forward.

"If the comments come back that legislation is the path forward that makes the most sense for privacy and prosperity domestically in the United States," Redl said, "then certainly we will consider that path forward."