Data Care Act will stop websites and apps from using personal data against users, protect user information from hacks, and hold companies accountable for misuse

WASHINGTON –U.S. Senator Amy Klobuchar (D-MN) joined Senator Brian Schatz (D-HI) in introducing new legislation to protect people’s personal data online. The Data Care Act would require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.

“Online platforms are collecting an enormous amount of personal data on Americans – everything from what we buy and what websites we go to, to what our emails say and where we go throughout the day. These companies are making billions off of this data and they’re keeping Americans in the dark about how it is being used. That’s wrong and it is especially alarming because it seems like every day we hear about new data breaches. It is clear that we must do more to protect consumer privacy. The Data Care Act will help by establishing a duty of care for sensitive data and by ensuring the FTC can hold companies accountable when they fall short. The digital space can’t keep operating like the Wild West at the expense of our privacy,” Klobuchar said.

“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited,” Schatz said.

Doctors, lawyers, and bankers are legally required to exercise special care to protect their clients and not misuse their information. While online companies also hold personal and sensitive information about the people they serve, they are not required to protect consumers’ data. This leaves users in a vulnerable position; they are expected to understand the information they give to providers and how it is being used – an unreasonable expectation for even the most tech-savvy consumer. By establishing a fiduciary duty for online providers, Americans can trust that their online data is protected and used in a responsible way.

In addition to Klobuchar and Schatz, the Data Care Act is co-sponsored by U.S. Senators Maggie Hassan (D-NH), Michael Bennet (D-CO), Tammy Duckworth (D-IL), Patty Murray (D-WA), Cory Booker (D-NJ), Catherine Cortez Masto (D-NV), Martin Heinrich (D-NM), Ed Markey (D-MA), Sherrod Brown (D-OH), Tammy Baldwin (D-WI), Doug Jones (D-AL), Joe Manchin (D-WV), and Dick Durbin (D-IL).

The Data Care Act establishes reasonable duties that will require providers to protect user data and will prohibit providers from using user data to their detriment:

  • Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
  • Duty of Loyalty – May not use individual identifying data in ways that harm users;
  • Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
  • Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene.
  • Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.

Klobuchar has been a leader in the fight to protect consumers’ private information. In April, she and John Kennedy (R-LA) introduced the Social Media Privacy and Consumer Rights Act, legislation that would protect the privacy of consumers’ online data by improving transparency, strengthening consumers’ recourse options when a breach of data occurs, and ensuring companies are compliant with privacy policies that protect consumers.