Data Care Act Will Stop Websites and Apps from Using Personal Data Against Users, Protect User Information from Hacks, and Hold Companies Accountable for Misuse
Washington, D.C. – Colorado U.S. Senator Michael Bennet today joined 14 Senators, led by Senator Brian Schatz (D-HI), in introducing new legislation to protect people’s personal data online. The Data Care Act would require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.
“It’s long past time we rethink how our personal data is collected, stored, and shared online,” Bennet said. “Websites and apps that profit from our data should be held accountable for how they use it. The Data Care Act will ensure internet companies use our online data as we expect them to: in our best interest.”
Internet companies collect vast amounts of data about their users, including search and web history, physical location, and sensitive personal information. Unlike doctors, lawyers, and bankers, these services have no legal obligation to protect or properly use that data. Instead, they are bound only by their own lengthy and complex terms of service that leave users in vulnerable position of agreeing to share their personal data without fully understanding how it will be used.
The Data Care Act shifts the paradigm by establishing reasonable duties for online providers to protect users’ personal data and prohibit them from using that data to users’ detriment. Specifically, it establishes:
- Duty of Care—Online providers must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
- Duty of Loyalty—Online providers may not use individual identifying data in ways that harm users;
- Duty of Confidentiality—Online providers must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
- Federal and State Enforcement—A violation of these duties will be treated as a violation of an FTC rule and will be subject to a civil enforcement action. States may also bring civil enforcement actions, but the FTC can intervene.
- Limited Rulemaking Authority—FTC is granted rulemaking authority to implement the Act.
“Free Press Action welcomes the important contributions the Data Care Act makes to a growing list of good ideas on privacy in the Senate. The bill shifts away from a notice and choice framework alone, where internet users bear all the responsibility and risk of protecting themselves, with few remedies for violations. Instead it moves towards putting the duty on companies and other data collectors where it belongs, to actually prevent such harmful exploitation and honor people's rights. It also does the right thing by empowering the FTC to make rules and impose penalties, and lets state attorneys general enforce the new protections too. We thank Senator Schatz and all the co-sponsors for putting so many ideas on the table, pushing the debate towards even more comprehensive laws,” said Sandra Fulton, Government Relations Director for Free Press Action.
In addition to Bennet and Schatz, the Data Care Act is cosponsored by U.S. Senators Maggie Hassan (D-NH), Tammy Duckworth (D-IL), Amy Klobuchar (D-MN), Patty Murray (D-WA), Cory Booker (D-NJ), Catherine Cortez Masto (D-NV), Martin Heinrich (D-NM), Ed Markey (D-MA), Sherrod Brown (D-OH), Tammy Baldwin (D-WI), and Doug Jones (D-AL), Joe Manchin (D-WV), and Dick Durbin (D-IL).