Unlike Europe the United States doesn’t have GDPR, but that could change with the introduction of an American privacy bill put forth by 15 Senators.
American Privacy Bill
Back in September, Rep. Suzan DelBene, a Democrat from Washington, introduced a privacy bill that would change the way consumer data is protected. Then in November Sen. Ron Wyden, a Democrat from Oregon introduced a bill that would give CEOs jail time for lying in mandatory reports to the FTC.
Now, a group of 15 Senators have introduced a bill called the Data Care Act [PDF]. It will require companies that collect customer data to take reasonable steps to keep it safe.
And it has provisions that prevent companies from using the data in ways that could harm consumers. It would be enforced by the FTC, and let states pursue their own legal actions against companies for privacy violations. In certain ways it seems similar to HIPAA, and how doctors handle patient information. Under the Data Care Act, companies have to fulfill three duties:
- Duty of Care: Companies need to reasonably secure individual identifying data from unauthorized access; and quickly inform users if unauthorized access (data breaches) have occurred.
- Duty of Loyalty: Companies can’t use individual identifying data in any way that benefits the company while harming the user, would result in physical or financial harm to the user, and would be offensive to a “reasonable” user.
- Duty of Confidentiality: Companies can’t disclose, sell, or share user data without the user’s permission. In cases where data is disclosed/sold/shared, the company has to take reasonable steps to ensure the recipient of the user data fulfills these same three duties.
Sen. Brian Schatz, a Democrat from Hawaii who is one of the bill’s sponsors, said in a press release:
People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them.
The Data Care Act gives the FTC the power to fine companies for breaking this law, but doesn’t include jail time for CEOs. Read: [Proposed Bill Would Jail Executives Who Mishandle Customer Data]