On Friday, U.S. Senator Catherine Cortez Masto (D-Nev.) introduced the Digital Accountability and Transparency to Advance (DATA) Privacy Act to strengthen data privacy protections for American consumers.
Last week, the U.S. Federal Trade Commission released a new study showing that internet service providers and other large tech companies have collected a “staggering” amount of consumer data, infringing on Americans’ privacy and underscoring the need for stricter data collection regulations.
Cortez Masto’s bill will strengthen data privacy protections, foster the use of new data security and privacy protection best practices, and hold major corporations that handle consumer data accountable without placing unnecessary burdens on small businesses.
“Big technology companies shouldn’t be gathering mountains of consumers’ data without their knowledge and consent,” said Cortez Masto. “This legislation will require major corporations to put data protection and transparency first while also protecting American consumers from having their data used without their permission.”
“We have to make sure that big technology companies are held accountable,” said Cortez Masto, who has been a leader in protecting consumers’ rights to privacy during her time in the Senate.
She’s also cosponsored legislation to require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.
The United States currently has no comprehensive law designed to protect data privacy despite numerous recent instances of security breaches and abusive behavior by online companies.
Instead, there’s a complex patchwork of sector-specific and medium-specific laws, including laws and regulations that address telecommunications, health information, credit information, financial institutions and marketing.
The DATA Privacy Act strengthens data privacy protections for American consumers while ensuring corporations are focusing on implementing new data security standards and essential privacy protections.
This legislation also increases research into technologies that protect Americans’ privacy and shields small businesses from unnecessary regulation.
This legislation will empower consumers by allowing them to request, dispute the accuracy, and transfer or delete their data without retribution in the form of price or service discrimination by companies,” said New Jersey Democrat Lisa McCormick, a civil rights advocate. “It will also ensure accountability and oversight by providing new authorities to state Attorneys General and the Federal Trade Commission that allow them to levy civil penalties for violations, and expanding the National Science Foundation’s research into privacy-enhancing technology.”
McCormick said the legislation would protect consumer data with measures requiring three simple standards to be applied to all data collection, processing, storage, and disclosure: Reasonable, Equitable, and Forthright.
“Reasonable suggests that consumer data must be for a legitimate business or operational purpose that is contextual and does not subject an individual to unreasonable privacy risk,” explained McCormick. “Equitable is only if data may not be used in a discriminatory way, such as targeting job opportunities based on race or age. Forthright means businesses cannot engage in deceptive data practices.”
If it becomes law, businesses would be required to provide users with reasonable access to a method to opt-out of personal data collection or sharing, as well as opt-in consent when collecting or disclosing sensitive data or disclosing data outside of the parameters of the businesses’ relationship with the consumer.
Companies collecting large amounts of personal data would be required to use high-quality data protection standards and to appoint a Privacy Protection Officer to institute a culture of data and privacy protection at companies and to train staff at relevant companies.
Those businesses that collect large amounts of personal data would also be required to provide access to a privacy notice that is concise, understandable to consumers and that accurately describes their privacy policies.