Security news that informs and inspires

Reworked Data Protection Act Hits Senate

Sen. Kirsten Gillibrand is reintroducing legislation that would create a federal Data Protection Agency to oversee the privacy and protection of Americans’ data and bring some order to what is currently a chaotic regime of state and industry laws and regulations.

Gillibrand (D-N.Y.) first introduced the Data Protection Act in February 2020, but it did not make much in the way of progress. In an effort to move the legislation along, Gillibrand has reworked it and added several new provisions, including language that would enable the DPA to protect against privacy harms and discrimination, oversee the use of high-risk data practices, and to look at and propose solutions for the social, ethical, and economic effects of data collection. The DPA would be a federal executive agency headed by a director to be appointed by the president. The agency would have both rulemaking and enforcement powers and would also have the ability to issue subpoenas and carry out investigations.

The Data Protection Act of 2021 is designed specifically to rein in some of the data collection and usage practices of large platform providers, and Gillibrand specifically called out the way that those companies design their business models to monetize consumers’ data.

“The tech giants — Google and Facebook among them — have been the clear winners of our transition to the digital age. These companies have built major empires of data with information about our private lives. They’re processing that information with increasingly complex and sophisticated algorithms. And they’re making a whole lot of money off of it,” Gillibrand said.

“Meanwhile, major data breaches and ransomware attacks are exposing the sensitive data from tens of millions of Americans because the companies responsible for safeguarding it continue to face limited consequences for their failures. Bad actors use powerful data collection and processing techniques to target older Americans and other vulnerable citizens through robocalls and misinformation scams.”

"Congress’ ongoing failure to modernize our privacy laws imposes enormous costs on individuals, communities, and American businesses alike."

The notion of a federal agency to oversee data privacy and protection has been circulating in Washington for many years, but it is especially relevant in the current environment, with more companies collecting more data than ever before. The United States is one of the few large nations that does not have an independent data protection agency, a fact that is doubly concerning given the lack of a national data breach law, as well. Most people have little if any idea of the amount of data that platform providers and other companies collect about their activities online, let alone what they do with that information, and Gillibrand’s bill would address that by directly regulating the collection and use of consumer data.

“Even the savviest consumers of technology cannot fully understand how companies use their data, where their data goes, how far companies are willing to go to profit from that data, and whether the companies’ business practices encroach on their privacy and freedom,” Gillibrand said.

“Moreover, companies have declared that this data is theirs for the taking, and they’ve repeatedly rejected responsibility and accountability for the greater impacts of any bad behavior.”

The reworked bill has garnered support from privacy and digital rights groups, as well as security experts.

"It’s time for America to catch up with the rest of the world and create a Data Protection Agency. Congress’ ongoing failure to modernize our privacy laws imposes enormous costs on individuals, communities, and American businesses alike. We need a new approach. Senator Gillibrand’s Data Protection Act creates an agency dedicated to safeguarding the personal data of individuals and ensuring that data practices are fair and non-discriminatory. The Data Protection Act is the game-changing proposal we need in order to ensure adequate oversight over what has become a massive sector of our economy and affects the daily lives of all Americans,” said Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center.

The full text of the bill is available here.