Senators Introduce First-Ever Federal Data Privacy Bill
“In today’s era of ‘big data,’ Americans are using the internet every day without fully understanding the consequences of every click.”
On Wednesday, 15 U.S. senators proposed the Data Care Act, wanting to change the fact that the U.S. does not currently have a comprehensive data privacy law that applies to all 50 states.
If passed, the bill has measures to prevent companies from misusing data to the detriment of consumers. It would also necessitate companies to protect the data that they collect from customers.
Multiple state data privacy laws are already in effect, including perhaps one of the toughest laws that was passed by California in June, but no federal law has ever been enacted.
Sen. Brian Schatz, a Democrat from Hawaii, is sponsoring the act. Schatz said in a press release: “People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited.”
The following U.S. senators, along with Schatz, are co-sponsors of the Data Care Act: Maggie Hassan (D-N.H.), Michael Bennet (D-Colo.), Tammy Duckworth (D-Ill.), Amy Klobuchar (D-Minn.), Patty Murray (D-Wash.), Cory Booker (D-N.J.), Catherine Cortez Masto (D-Nev.), Martin Heinrich (D-N.M.), Ed Markey (D-Mass.), Sherrod Brown (D-Ohio), Tammy Baldwin (D-Wis.), Doug Jones (D-Ala.), Joe Manchin (D-W.Va.) and Dick Durbin (D-Ill.).
Guidelines of the Data Care Act are below:
- Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
- Duty of Loyalty – May not use individual identifying data in ways that harm users;
- Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
- Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene.
- Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.
“Everyone who uses the internet is vulnerable to the misuse of their personal data by websites, apps or third party businesses. By establishing a special fiduciary relationship between online providers and users, companies that use or sell people’s data will be held responsible for keeping consumers safe from harm, data breaches, and unnecessary invasions of privacy,” said Sen. Cortez Masto. “I’m proud to support this bill, which will allow the FTC to work with State Attorneys General to ensure service providers strengthen personal data protections and protect the security of American consumers’ sensitive personal data.”
Sen. Dick Durbin said, “In today’s era of ‘big data,’ Americans are using the internet every day without fully understanding the consequences of every click and whether that click just handed over their personal data for unwanted uses. This is simply unacceptable. Websites, apps, and other online providers should be required to protect their users [sic] personal data. This bill is a sensible step in protecting consumers’ personal data and I’m proud to join my colleagues in introducing it.”
The United States Federal Trade Commission will be responsible for enacting the bill if it becomes a law.