United States Brian Schatz, the top Democrat on the Senate Communications, Technology, Innovation, and the Internet Subcommittee, along with a group of 15 senators, have introduced new legislation to protect people’s personal data online. The Data Care Act would require websites, apps and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.
“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited,” said Senator Shatz.
In a December 12, 2018 press release on his website, Senator Schatz expressed his belief that by establishing a fiduciary duty for online providers, Americans would be better able to trust that their online data is being protected and used in a responsible way.
“Online service providers should be required to act in the best interests of their customers, just like providers of other critical services,” Senator Hassan said. “Consumers should not be required to wade through and interpret pages of dense terms and conditions agreements, and it is not realistic in today’s digital world to suggest that people could simply forgo online services and websites if they object to the way their data is being used. This commonsense legislation establishes a legal obligation for online service providers to act in the best interests of consumers so that people can trust that their data is being protected and used responsibly.”
“It’s long past time we rethink how our personal data is collected, stored, and shared online,” said Senator Bennet. “Websites and apps that profit from our data should be held accountable for how they use it. The Data Care Act will ensure internet companies use our online data as we expect them to: in our best interest.”
“With major hacks or data leaks of private user information at Facebook, Marriott, Google, Equifax and Uber in just the last year or so, it’s abundantly clear that Congress must do more to protect Americans’ personal data online,” said Senator Duckworth. “Health professionals and financial advisors have long been responsible for handling personal information with the consumer’s best interests in mind, it’s time we extend this commonsense principle to websites and online providers. I’m proud to join Senator Schatz in introducing this important legislation to do just that.”
“Online platforms are collecting an enormous amount of personal data on Americans – everything from what we buy and what websites we go to, to what our emails say and where we go throughout the day. These companies are making billions off of this data and they’re keeping Americans in the dark about how it is being used. That’s wrong and it is especially alarming because it seems like every day we hear about new data breaches. It is clear that we must do more to protect consumer privacy. The Data Care Act will help by establishing a duty of care for sensitive data and by ensuring the FTC can hold companies accountable when they fall short. The digital space can’t keep operating like the Wild West at the expense of our privacy,” said Senator Klobuchar.
“As we see more and more often, consumer data is being used and abused in ways few people had imagined before. Now, it’s on Congress to ensure consumer protections keep pace with this changing reality,” Senator Murray said. “This legislation being introduced today makes clear that the companies we entrust with our personal information will not only be held to a higher standard, they will face penalties if they breach our trust.”
“Consumers understand now more than ever that their data is valuable and vulnerable to misuse. Everyone should be able to trust that their data is being protected and used properly. The Data Fiduciary Act is one significant step towards restoring that trust,” said Senator Booker.
“Everyone who uses the internet is vulnerable to the misuse of their personal data by websites, apps or third party businesses. By establishing a special fiduciary relationship between online providers and users, companies that use or sell people’s data will be held responsible for keeping consumers safe from harm, data breaches, and unnecessary invasions of privacy,” said Senator Cortez Masto. “I’m proud to support this bill, which will allow the FTC to work with State Attorneys General to ensure service providers strengthen personal data protections and protect the security of American consumers’ sensitive personal data.”
“As our daily and digital lives become increasingly intertwined, Americans expect online companies to protect the security of our sensitive data,” said Senator Henrich. “There must be meaningful oversight of how companies are collecting and sharing personal data to ensure that Americans’ civil liberties and privacy rights are protected. I’m proud to support this legislation that will defend our personal data from improper use, violations of individual privacy, and security risks.”
“In today’s digital economy, personal data is everywhere, and those who have access to Americans’ sensitive information have a responsibility to protect that information and keep it private. It is time for Congress to enact comprehensive privacy legislation, and the Data Care Act would be an important part of that effort,” said Senator Markey.
“Protecting consumers from exploitation and holding companies that misuse data accountable should be a no-brainer for this Congress. I hope my colleagues in the Senate will help us pass this meaningful legislation without delay,” said Senator Brown.
“Far too many times, we have seen online providers fail to meet their users’ expectations about how their personal data will be collected, used and protected. The current system is skewed against consumers and we have to fix it. The Data Care Act will provide clear, reasonable rules of the road on user data, and hold companies who fail to follow them accountable,” said Senator Baldwin.
“The right to online privacy and security should be a fundamental one. Companies that profit from consumers’ online activity have a responsibility to protect personal information and make clear how they use their data. The Data Care Act is a smart first step to increase accountability in the use of private personal information,” said Senator Jones.
“In today’s era of ‘big data,’ Americans are using the internet every day without fully understanding the consequences of every click and whether that click just handed over their personal data for unwanted uses. This is simply unacceptable. Websites, apps, and other online providers should be required to protect their users personal data. This bill is a sensible step in protecting consumers’ personal data and I’m proud to join my colleagues in introducing it,” said Senator Durbin.
Duties established by the proposed legislation include:
- Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
- Duty of Loyalty – May not use individual identifying data in ways that harm users;
- Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
- Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene.
- Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.
Notably, the privacy bill is a departure from a notice and choice focused framework alone. It shifts the data responsibility use burden from consumers to data collectors.
Richard B. Newman is an FTC investigation attorney at Hinch Newman LLP focusing on advertising and digital media matters.
Attorney advertising. Informational purposes only. Not legal advice. Previous case results do not guarantee similar future result.