Data Care Act will Stop Websites and Apps from Using Personal Data to Harm Consumers, Protect Consumer Information from Hacks, and Hold Companies Accountable for Misuse of Data

WASHINGTON – U.S. Senator Amy Klobuchar (D-MN) joined Senator Brian Schatz (D-HI) and 14 colleagues in reintroducing legislation to protect people’s personal data online. The Data Care Act would require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.

“It is clear that we must do more to protect Americans’ privacy. Online platforms are collecting an enormous amount of personal data on consumers – everything from what we buy and what websites we go to, to what our emails say and where we go throughout the day. Our laws must keep up with advances in technology,” Klobuchar said. “The Data Care Act will ensure that companies secure consumers’ sensitive data and give the Federal Trade Commission (FTC) the tools to hold companies accountable when they fall short.”

“People have a basic expectation that the personal information that is collected by websites and apps is well-protected and won’t be used to harm them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be abused,” Schatz said.

Doctors, lawyers, and bankers are legally required to exercise special care to protect their clients and not misuse their information. While online companies also hold personal and sensitive information about the people they serve, they are not required to protect consumers’ data. This leaves consumers in a vulnerable position; they are expected to understand the information they give to providers and how it is being used – an unreasonable expectation for even the most tech-savvy consumer. By establishing an explicit duty for online providers, consumers can trust that their online data is protected and used in a responsible way.

The legislation is cosponsored by U.S. Senators Michael Bennet (D-CO), Catherine Cortez Masto (D-NV), Ed Markey (D-MA), Tammy Duckworth (D-IL), Tammy Baldwin (D-WI), Joe Manchin (D-WV), Dick Durbin (D-IL), Sherrod Brown (D-OH), Cory Booker (D-NJ), Maggie Hassan (D-NH), Martin Heinrich (D-NM), Patty Murray (D-WA), Bernie Sanders (I-VT), and Chris Murphy (D-CT).

The Data Care Act establishes reasonable duties that will require providers to protect consumers’ data and will prohibit providers from using consumers’ data to their detriment:

  • Duty of Care – Providers must reasonably secure individual identifying data and promptly inform consumers of data breaches that involve sensitive information;
  • Duty of Loyalty – Providers may not use individual identifying data in ways that harm consumers;
  • Duty of Confidentiality – Providers must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
  • Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene. States and the FTC may go after both first- and third-party data collectors.
  • Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.

Klobuchar has been a leader in the fight to protect consumers’ private information. In June, Klobuchar and Senator Lisa Murkowski (R-AK) introduced new legislation to protect consumers’ private health data. The Protecting Personal Health Data Act addresses health privacy concerns by requiring the Secretary of Health and Human Services to promulgate regulations for new health technologies such as health apps, wearable devices like Fitbits, and direct-to-consumer genetic testing kits that are not regulated by existing laws.

In January, Klobuchar and Senator John Kennedy (R-LA) reintroduced the Social Media Privacy and Consumer Rights Act, bipartisan legislation that would protect the privacy of consumers’ online data by improving transparency, strengthening consumers’ recourse options when a breach of data occurs, and ensuring companies are compliant with privacy policies that protect consumers.

In November, Klobuchar joined Commerce, Science, and Transportation Committee Ranking Member Maria Cantwell (D-WA) and fellow senior members Senators Brian Schatz (D-HI) and Ed Markey (D-MA) in unveiling comprehensive federal online privacy legislation to establish privacy rights, outlaw harmful and deceptive practices, and improve data security safeguards for the record number of American consumers who now shop or conduct business online. The Consumer Online Privacy Rights Act (COPRA) gives Americans control over their personal data; prohibits companies from using consumers’ data to harm or deceive them; establishes strict standards for the collection, use, sharing, and protection of consumer data; protects civil rights; and penalizes companies that fail to meet data protection standards. The legislation also codifies the rights of individuals to pursue claims against entities that violate their data privacy rights.