15 Senators Introduce American Privacy Bill

1 minute read
| News

Unlike Europe the United States doesn’t have GDPR, but that could change with the introduction of an American privacy bill put forth by 15 Senators.

[White House Proposes an American GDPR]

American Privacy Bill

Back in September, Rep. Suzan DelBene, a Democrat from Washington, introduced a privacy bill that would change the way consumer data is protected. Then in November Sen. Ron Wyden, a Democrat from Oregon introduced a bill that would give CEOs jail time for lying in mandatory reports to the FTC.

image of senator ron wyden

Senator Ron Wyden

Now, a group of 15 Senators have introduced a bill called the Data Care Act [PDF]. It will require companies that collect customer data to take reasonable steps to keep it safe.

And it has provisions that prevent companies from using the data in ways that could harm consumers. It would be enforced by the FTC, and let states pursue their own legal actions against companies for privacy violations. In certain ways it seems similar to HIPAA, and how doctors handle patient information. Under the Data Care Act, companies have to fulfill three duties:

  1. Duty of Care: Companies need to reasonably secure individual identifying data from unauthorized access; and quickly inform users if unauthorized access (data breaches) have occurred.
  2. Duty of Loyalty: Companies can’t use individual identifying data in any way that benefits the company while harming the user, would result in physical or financial harm to the user, and would be offensive to a “reasonable” user.
  3. Duty of Confidentiality: Companies can’t disclose, sell, or share user data without the user’s permission. In cases where data is disclosed/sold/shared, the company has to take reasonable steps to ensure the recipient of the user data fulfills these same three duties.

Sen. Brian Schatz, a Democrat from Hawaii who is one of the bill’s sponsors, said in a press release:

People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them.

The Data Care Act gives the FTC the power to fine companies for breaking this law, but doesn’t include jail time for CEOs. Read: [Proposed Bill Would Jail Executives Who Mishandle Customer Data]

1
Leave a Reply

Please Login to comment
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
wab95 Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
wab95
Member
wab95

Andrew: The history of the health sector alone amply demonstrates that this is a necessary step. Tech companies have been invested with enormous amounts of potentially damaging data on their user base, which means they should be responsible, first to their clients/customers as to how they store, protect and use those data; as well as to society writ large as to their stewardship of said data. This is a relationship of unequal power that is sustained by trust. If that trust is violated, then there need to be recourse and repercussions, both professional and legal/criminal for the violator. For any… Read more »