New Bill Would Create Federal Data Protection Agency
New legislation, introduced today, would give the agency authority to enforce data practices, launch investigations, and issue subpoenas.
Despite a marked increase in data protection legislation - the California Consumer Privacy Act, New York's SHIELD Act to name a few - there still is no single national authority when it comes to issuing and enforcing privacy regulations in the United States.
New legislation, introduced this week by former presidential hopeful Kirsten Gillibrand would change that.
A new Senate bill introduced by Gillibrand (D-NY) on Thursday would create a federal data protection agency designed to protect Americans' privacy and enforce data privacy rights federally.
In a Medium blog post on Wednesday, Gillibrand positioned her legislation as a way to put individuals in better control of their own data.
"Your data is extremely valuable to many companies with unknown motives, who are looking to exploit your data for profit. As a result, your very existence is being parsed, split, and sold to the highest bidder, and there is very little you — or anyone, including the federal government — can do about it," she wrote. “You have the right to know if companies are using your information for profit. You need a way to protect yourself, and you deserve a place that will look out for you.”
Under Gillibrand's legislation, a U.S. Data Protection Agency would have three missions:
1. Give Americans control and protection over their own data by enforcing data protection rules.
2. Work to maintain the most innovative, successful tech sector in the world and ensure fair competition within the digital marketplace.
3. Prepare the American government for the digital age.
The agency would also be in charge of investigating cases, issuing subpoenas and going after companies accused of violating online privacy.
Privacy advocates, like the Electronic Privacy Information Center, were quick to endorse the bill Thursday.
"The US confronts a privacy crisis. Our personal data is under assault. Congress must establish a data protection agency. Senator Gillibrand has put forward a bold, ambitious proposal to safeguard the privacy of Americans," Caitriona Fitzgerald, EPIC Policy Director said in response to the news.
The U.S. is one of several countries without a dedicated privacy watchdog. Currently, the Federal Trade Commission oversees privacy regulations in the U.S. for the most part. The FTC can take enforcement actions to protect consumers against what it deems unfair or deceptive trade practices, including data security practices. Privacy rights are also regulated in some states by their attorney generals - California's AG, Xavier Becerra, will be in charge of enforcing the CCPA later this summer for example.
Several data privacy bills have emerged over the past several years that would empower the FTC to better regulate U.S. companies' use of consumer data but none have really gotten off the ground. The goal of one of the more notable bills, Senator Ron Wyden's (D-OR) "Mind Your Own Business Act" is to allow the FTC to levy fines of up to four percent of annual revenues for first time violations. It would also create criminal penalties - like prison sentences, for executives who play fast and loose with consumers' data.
Experts have long viewed the FTC as hampered by Congress to truly handle privacy enforcement. The commission can really only impose its authority when an organization violates Section 5(a) of the FTC Act and is found engaging in "unfair or deceptive acts or practices."