A proposed bill has been re-introduced in the Senate that would create a new consumer “watchdog” agency seeking to give individuals more control over their personal data. Called the “Data Protection Act of 2021,” the bill was introduced by Sen. Kirsten Gillibrand [D-N.Y.] with the intention of safeguarding consumer privacy and ensuring companies follow proper data protection policies and procedures.
Sen. Gillibrand previously introduced the legislation last year, and despite much activity on the state level to regulate data privacy, it never gained enough momentum to be considered before the Congressional session ended. Now, with Democrats in control of both the House of Representatives and the Senate, she has re-introduced the bill to create the Data Protection Agency, an independent regulator. The United States is one of the only democracies without a federal data protection agency, it was noted in a press release announcing the bill’s re-introduction. A copy of the bill can be accessed by clicking here. Similar to the leadership structure of the Consumer Financial Protection Bureau, the Data Protection Agency would be helmed by a director, appointed by the president, and confirmed by the Senate to serve a five-year term.
“In today’s digital age, Big Tech companies are free to sell individuals’ data to the highest bidder without fear of real consequences, posing a severe threat to modern-day privacy and civil rights. A data privacy crisis is looming over the everyday lives of Americans and we need to hold these bad actors accountable,” said Sen. Gillibrand in a statement. “It’s critical that we modernize the way we handle technology, which is why I first introduced the Data Protection Act last year, in order to create an executive agency whose sole job is to protect data and privacy. The new and improved DPA of 2021 takes on even bigger and bolder reforms, including provisions to help the DPA address Big Tech mergers, penalize high-risk data practices, and establish a DPA Office of Civil Rights. The U.S. needs a new approach to privacy and data protection and it’s Congress’ duty to step forward and seek answers that will give Americans meaningful protection from private companies that value profits over people.”
Among the provisions of the bill are:
- Safeguard the personal data of individuals; prevent, remediate, and reduce discrimination and disparate impacts through the processing of personal data; and limit the collection, use, and sharing of personal data
- Oversee high-risk data practices, ensuring data processing and algorithms are fair, just, nondeceptive, and non-discriminatory
- Examine the social, ethical, economic, and civil rights impacts of data collection practices and
- propose remedies
- Promulgate rules to protect the privacy and security of personal data
- Include an Office of Civil Rights to advance data justice and protect individuals from discrimination
- Enforce privacy statutes and rules as authorized by Congress, with a broad range of tools including civil penalties, injunctive relief, and equitable remedies
- Take complaints, conduct investigations, and inform the public on data protection matters
- Develop model privacy and data protection standards, guidelines, and policies for use by the private sector
- Represent the United States at international forums regarding data privacy
- Advise Congress on emerging privacy and technology issues