U.S. PIRG Recommends a Privacy Bill of Rights

Media Contacts

Consent Should be Required Before Use of Personal Information


Washington, D.C. – Ahead of hearings on Capitol Hill with Facebook CEO Mark Zuckerberg this week, U.S. PIRG is recommending introduction and passage of a privacy bill of rights in response to the Facebook-Cambridge Analytica scandal. Mr. Zuckerberg is scheduled to testify at a joint hearing before the Senate Judiciary and Senate Commerce, Science, and Transportation committees on Tuesday and a second hearing before the House Energy and Commerce Committee on Wednesday.  

“What we need to come out of these hearings is action by Congress. Our privacy should not be at the mercy of company policy that can change at any time,” said Mike Litt, consumer campaign director with U.S. PIRG. “The Facebook and Cambridge Analytica scandal shows exactly why we need guaranteed rights to privacy.”

U.S. PIRG recommends Congress look to the General Data Protection Regulation (GDPR), a new privacy law scheduled to go into effect in the European Union this May. Citizens of all 28 EU countries will have better privacy protections, including rights to clearly know and control how their personal information is used, avoid being subject to automated decisions and profiling, and obtain and use their data across different services.

Mr. Zuckerberg has indicated to reporters that Facebook plans on applying GDPR standards beyond Europe to its users worldwide. However, he has also said the application of those standards probably won’t be in the “same format” everywhere.

Due to the uncertainty of how Facebook and other companies will apply GDPR to consumers in the United States, Congress should introduce and pass a privacy bill of rights that guarantees strong protections. PIRG encourages the consideration of various parts of GDPR in a U.S. bill, but an essential component is the requirement to obtain consent from consumers. Additionally, federal privacy legislation must not preempt state privacy laws.

“A cornerstone of the new European law is the requirement to obtain consent from consumers before their data can be used. In order to guarantee privacy from, not just Facebook but, all companies and organizations, Congress should pass legislation that requires consent from American consumers too,” Litt said.

The group noted that this month it joined two privacy complaints to the Federal Trade Commission. The first alleges that Facebook’s use of facial recognition techniques violates a 2011 FTC consent decree. The second alleges that Google YouTube’s collection of information about kids violates the 1998 Child Online Privacy Protection Act (COPPA).

“The Equifax debacle sent Congress a strong message to protect privacy better,” added Ed Mierzwinski, U.S. PIRG’s senior director for consumer programs, “Now, Facebook’s promises to comply with the European GDPR offer Congress a roadmap to a new privacy law.”



U.S. PIRG is the federation of state Public Interest Research Groups.  PIRGs are non-profit, non-partisan public interest advocacy organizations that stand up to powerful interests whenever they threaten our health and safety, our financial security, or our right to fully participate in our democratic society. On the web at www.uspirg.org.