U.S. Senators Unveil Data Care Act – An Ambitious Federal Data Privacy Bill

ISP logos

On Wednesday, the U.S. made a significant step forward in establishing data privacy for its citizens. 15 U.S. senators, led by Senator Schatz (D-Hawaii), introduced the Data Care Act, a bill which will standardize and regulate procedures governing the protection and use of data.

In its introductory statement, the bill outlines the duties of online service providers regarding the collection and use of user data. It also aims to prevent providers from using the data in a way that would be harmful to users.

“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited,” stated Senator Schatz in a press release.

The proposed bill defines the three-fold duty of an online service provider as follows:

  • Duty of Care: The service provider has a responsibility to secure their user data and notify users of any unauthorized access or breach.
  • Duty of Loyalty: The service provider will not use the user data in a way that would be detrimental, harmful or highly offensive to the user.
  • Duty of Confidentiality: The service provider will maintain the confidentiality of the user data through non-disclosure. Exceptions are made for third parties who also adhere to these duties. The bill says that it’s the service provider’s responsibility to make sure their third-party partners are acting in line with these rules through regular audits.

This last part will certainly interest internet users and privacy proponents. The selling and disclosure of user data to third parties is a big concern, and the language of the bill is broad enough for loopholes. This is an area that’ll need to be watched closely as the bill makes its way through Congress.

The law would give the Federal Trade Commission (FTC) the power to enforce the provisions of the bill. It also suggests that while states can commence civil action, the FTC may intervene in such cases.

The introduction of the bill is a headstart for data privacy protection in the United States, a country which is known to house tech giants such as Apple, Microsoft, Google, Facebook, and Amazon.

In the past, the U.S. government has relied on companies to formulate their own rules concerning data transmission and privacy, mandating its citizens to self-regulate when it comes to the protection and confidentiality of their information.

But in the wake of Facebook’s role in transmitting its user data to Cambridge Analytica, data privacy regulations on a federal level may be more needed than ever.

Currently, the U.S. has no comprehensive law governing the collection and privacy of data being transmitted in its territory. Rather, it relies on provisions included in the United States Privacy Act, the Safe Harbor Act, and the Health Insurance Portability and Accountability Act.

Not surprisingly, groups with high stakes in the American tech industry rallied behind the introduction of the bill.

The Center for Democracy and Technology, a non-profit group which works to preserve the Internet, added on to Senator Schatz’s press release. “We commend Senator Schatz for tackling the difficult task of drafting privacy legislation that focuses on routine data processing practices instead of consumer data self-management.”

The Internet Association, an industry trade group representing tech companies such as Google, Amazon, Facebook, and eBay, expressed its support through an open letter. “Internet companies act as responsible stewards of people’s data and agree with Sen. Schatz that federal legislation should promote responsible data practices.”

The move is a positive start, as it will probably spark discussion and debate towards favorably changing the position of Congress on the protection and regulation of data privacy in the U.S. Since the country is home to tech behemoths with a significant presence in numerous other countries around the world, the bill would likely create ripple effects far beyond the U.S. if it gets passed.

Published by

David Schultz

Internet and Privacy Law | David Schultz is a Cyber Security Attorney based in Europe.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version