A group of 15 Democratic senators introduced a new piece of data privacy legislation on Wednesday. The legislation, named the Data Care Act, will, according to the bill’s lead sponsor Sen. Brian Schatz, D-Hawaii, “require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.”
“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them,” said Schatz, who is ranking member on the Senate Communications, Technology, Innovation, and the Internet Subcommittee. “Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited.”
The Data Care Act gives online providers five main duties to protect user data:
- “Duty of Care–Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
- Duty of Loyalty–May not use individual identifying data in ways that harm users;
- Duty of Confidentiality–Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
- Federal and State Enforcement–A violation of the duties will be treated as a violation of an FTC [Federal Trade Commission] rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene.
- Rulemaking Authority–FTC is granted rulemaking authority to implement the Act.”
“Everyone who uses the internet is vulnerable to the misuse of their personal data by websites, apps or third party businesses,” said Sen. Cortez Masto, D-Nev., a co-sponsor of the bill. “By establishing a special fiduciary relationship between online providers and users, companies that use or sell people’s data will be held responsible for keeping consumers safe from harm, data breaches, and unnecessary invasions of privacy. I’m proud to support this bill, which will allow the FTC to work with State Attorneys General to ensure service providers strengthen personal data protections and protect the security of American consumers’ sensitive personal data.”
In addition to Schatz and Cortez Masto, the Data Care Act is co-sponsored by Sens. Maggie Hassan, D-N.H., Michael Bennet, D-Colo., Tammy Duckworth, D-Ill., Amy Klobuchar, D-Minn., Patty Murray, D-Wash., Cory Booker, D-N.J., Martin Heinrich, D-N.M., Ed Markey, D-Mass., Sherrod Brown, D-Ohio, Tammy Baldwin, D-Wis., Doug Jones, D-Ala., Joe Manchin, D-W.Va., and Dick Durbin, D-Ill.
“Online platforms are collecting an enormous amount of personal data on Americans–everything from what we buy and what websites we go to, to what our emails say and where we go throughout the day,” said Klobuchar. “These companies are making billions off of this data and they’re keeping Americans in the dark about how it is being used. That’s wrong and it is especially alarming because it seems like every day we hear about new data breaches. It is clear that we must do more to protect consumer privacy. The Data Care Act will help by establishing a duty of care for sensitive data and by ensuring the FTC can hold companies accountable when they fall short. The digital space can’t keep operating like the Wild West at the expense of our privacy.”
The bill has also, unsurprisingly, received praise from privacy advocates.
“The bill shifts away from a notice and choice framework alone, where internet users bear all the responsibility and risk of protecting themselves, with few remedies for violations,” said Sandra Fulton, government relations director for Free Press Action. “Instead it moves towards putting the duty on companies and other data collectors where it belongs, to actually prevent such harmful exploitation and honor people’s rights. It also does the right thing by empowering the FTC to make rules and impose penalties, and lets state attorneys general enforce the new protections too.”
Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology, also praised the legislation, saying “it signals an important shift in how Congress views consumer privacy issues and foreshadows a serious privacy debate in 2019.”