Washington, D.C. – U.S. Senator Catherine Cortez Masto (D-Nev.) cosponsored legislation led by Senator Brian Schatz (D-Hawaii), the top Democrat on the Senate Communications, Technology, Innovation, and the Internet Subcommittee, to protect people’s personal data online. The Data Care Act would require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.
“Everyone who uses the internet is vulnerable to the misuse of their personal data by websites, apps or third party businesses. By establishing a special fiduciary relationship between online providers and users, companies that use or sell people’s data will be held responsible for keeping consumers safe from harm, data breaches, and unnecessary invasions of privacy,” said Senator Cortez Masto. “I’m proud to support this bill, which will allow the FTC to work with State Attorneys General to ensure service providers strengthen personal data protections and protect the security of American consumers’ sensitive personal data.”
“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited,” said Senator Schatz.
In addition to Senator Cortez Masto and Senator Schatz, the Data Care Act is co-sponsored by U.S. Senators Maggie Hassan (D-N.H.), Michael Bennet (D-Colo.), Tammy Duckworth (D-Ill.), Amy Klobuchar (D-Minn.), Patty Murray (D-Wash.), Cory Booker (D-N.J.), Martin Heinrich (D-N.M.), Ed Markey (D-Mass.), Sherrod Brown (D-Ohio), Tammy Baldwin (D-Wis.), Doug Jones (D-Ala.), Joe Manchin (D-W.Va.), and Dick Durbin (D-Ill.).
The Data Care Act establishes reasonable duties that will require providers to protect user data and will prohibit providers from using user data to their detriment:
- Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
- Duty of Loyalty – May not use individual identifying data in ways that harm users;
- Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
- Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with first fine authority. States may also bring civil enforcement actions, but the FTC can intervene.
- Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.