Senator Kirsten Gillibrand (D-N.Y.) has introduced legislation to create a “Data Protection Agency” in the United States in order to oversee and enforce federal privacy mandates.
The bill, the Data Protection Act of 2020, was accompanied by a blog post written by Gillibrand on Feb. 12 laying out the need for a U.S. watchdog to specifically focus on personal data. If enacted, the bill would create an independent agency “to protect individuals’ privacy and limit the collection, disclosure, processing and misuse of individuals’ personal data.”
The agency would be able to impose civil penalties upon covered entities and seek injunctive relief and equitable remedies. It would field individual’s complaints and be able to launch investigations.
“Your data is extremely valuable to many companies with unknown motives, who are looking to exploit your data for profit,” Gillibrand wrote. “As a result, your very existence is being parsed, split, and sold to the highest bidder, and there is very little you—or anyone, including the federal government—can do about it.
“I believe that this needs to be fixed, and that you deserve to be in control of your own data. You have the right to know if companies are using your information for profit. You need a way to protect yourself, and you deserve a place that will look out for you.”
The Data Protection Agency that would be formed under the bill would be based in Washington D.C. and have its director appointed by the president with the advice and consent of the Senate. The director would serve a five-year term.
The new agency would have all powers and duties under federal privacy laws to prescribe rules, issue guidelines, or to conduct studies or issue reports mandated by such laws previously held by the Federal Trade Commission (FTC). The agency would not prevent state attorneys general from bringing actions under state privacy laws, such as the California Consumer Privacy Act or the progressing Washington Privacy Act.
“You deserve to be in control of your own data. You have the right to know if companies are using your information for profit. You need a way to protect yourself, and you deserve a place that will look out for you.”
Sen. Kirsten Gillibrand
The formation of a Data Protection Agency would be Step 1 toward a collective privacy mandate in the United States; Step 2 would be the passing of a federal privacy law for the agency to enforce across all states. Gillibrand’s bill accounts for the Children’s Online Privacy Protection Act, among other current laws in effect, but when the government might enact comprehensive legislation covering user privacy for the agency to tout remains to be determined.
Proposals from Sens. Ron Wyden (D-Ore.) and Maria Cantwell (D-Wash.) would each empower the FTC to enforce privacy instead of forming a specific agency to handle the matter. At the House level, Reps. Anna Eshoo (D-Calif.) and Zoe Lofgren (D-Calif.) proposed the “Online Privacy Act of 2019” in November, which would form an agency in addition to providing a federal law for it to enforce.
Gillibrand lays out three core missions for her Data Protection Agency: (1) Give Americans control and protection over their own data by enforcing data protection rules; (2) Work to maintain the most innovative, successful tech sector in the world and ensure fair competition within the digital marketplace; and (3) Prepare the American government for the digital age. She notes the United States is “vastly behind other countries on this” while alluding to the fact most of the economic giants around the world already have data protection agencies, as is the case across the European Union in enforcing the General Data Protection Regulation.
“As we stare down the barrel of threats from foreign adversaries trying to target personal data in consumer households, businesses, and government agencies, the data privacy space remains a complete and total Wild West,” Gillibrand writes. “And that is a huge problem.”