Would give FTC authority to enforce consumer data care provisions

More than a dozen Democratic senators have sponsored a bill, the Data Care Act, that would force edge providers and others to "stop the misuse of users' data."

The senators want edge providers to join doctors, lawyers, and financial institutions, which are all expected, and required, to protect personal info. “People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them," said Sen. Brian Schatz, the ranking member of the Senate Communications Subcommittee.

Survey: Edge Needs to Better Protect Privacy

The bill makes no secret of the senator's point that websites, apps, and "other online providers" have a "duty" take "responsible steps to safeguard personal information."

The legislation would establish the following duties, enforceable by the Federal Trade Commission with new authority it would get in the bill.

Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;

• "Duty of Loyalty – May not use individual identifying data in ways that harm users;

• "Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;

• "Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene.

• "Rulemaking Authority – FTC is granted rulemaking authority to implement the Act."

The FCC currently has very limited fining authority. It is generally limited to recovering money consumers have lost rather than imposing civil penalties and enforces through suits and settlements rather than rulemakings.

FTC Chair: We Need Rulemaking Authority

In addition to Schatz, signing on to the bill were Sens. Maggie Hassan (D-N.H.), Michael Bennet (D-Colo.), Tammy Duckworth (D-Ill.), Amy Klobuchar (D-Minn.), Patty Murray (D-Wash.), Cory Booker (D-N.J.), Catherine Cortez Masto (D-Nev.), Martin Heinrich (D-N.M.), Ed Markey (D-Mass.), Sherrod Brown (D-Ohio), Tammy Baldwin (D-Wis.), Doug Jones (D-Ala.), Joe Manchin (D-W.Va.), and Dick Durbin (D-Ill.).

Public Knowledge welcomed the bill as a conversation starter, but had some issues.

“We’re excited to see this innovative addition to the federal privacy debate and hope that Mr. Schatz’s legislation spurs a much needed conversation about the appropriate responsibilities for custodians of our personal information," said policy counsel Allie Bohm. “However, the bill leaves room for improvement. For example, the bill would only stop companies from using personal data for their own benefit at consumers’ expense when it will result in reasonably foreseeable, material physical or financial harm. This list of harms is woefully incomplete.“Similarly, the bill only requires companies to notify end users of a data breach when ‘sensitive’ data are breached -- this list is too limited to be effective. In fact, under the bill, Facebook would not have had to notify end users about Cambridge Analytica. Furthermore, the bill does not address how to handle conflicts between companies’ duties to their end users and their duties to their shareholders."

Related