Senator Gillibrand’s Data Protection Act Proposal and the Creation of Federal Data Protection Agency

Senator Kirsten Gillibrand has presented a new Senate bill called the Data Protection Act. It aims to make new data privacy standards and increase consumers’ rights over their personal information. At present, a big number of companies collect and use consumer data. And in many instances, companies use the consumer’s personal data without their knowledge for profit.

Under the California Consumer Privacy Act (CCPA), Californian consumers are granted more rights with regards to their private information. A lot of U.S. consumers can’t do much regarding the collection, usage, and sale of their personal information.

Sen. Gillibrand’s Data Protection Act is meant to provide consumer privacy protection and freedom into the electronic age. The Data Protection Act requires the development of a new consumer watchdog organization named the Data Protection Agency (DPA). DPA’s task involves protecting consumer data and privacy, as well as making sure of fair and transparent data practices. The President will appoint the Director of the DPA with confirmation by the Senate. The DPA Director will have a 5-year service term.

The DPA would possess the authority to define, arbitrate, and implement data protection regulations that Congress or the DPA itself creates. It would have the authority to issue civil monetary penalties on organizations that violate consumer privacy and give injunctive relief and fair treatments.

The DPA would accept consumer complaints, carry out investigations, and notify the public regarding data protection concerns, such as sharing the results of investigated entities that commit consumer data misuse. The DPA would likewise be assigned to inform Congress regarding arising privacy and technology problems and would be the United States’ representative in forums about international data privacy.

The DPA would encourage data protection and privacy development throughout the private and public sector, help with the creation of Privacy Enhancing Technologies (PETs) to restrict or get rid of personal data collection, and do something to stop “take-it-or-leave-it” and “pay-for-privacy” conditions in service contracts.

The Data Protection Act would likewise help take care of privacy gaps for health information not protected by HIPAA, for instance, the health information accumulated by fitness trackers and wellness applications. The company that developed the apps collect data for varied reasons. It could sell the data to a medical insurance firm. In turn, the health company could charge you a higher premium if you don’t do enough physical activities.

Sen. Gillibrand stated that the U.S. is the only member of OECD without a federal data protection agency that makes sure consumer personal data is not misused and do something in case it is. Companies are exploiting data, ignoring rules, putting profits on top of responsibility, and looking at consumers as dollar signs. They give little consideration to long-term effects.

The Data Protection Act is supported by a number of technology, privacy, and civil rights organizations, such as Color of Change, Public Citizen, Center for Digital Democracy, Consumer Action, Consumer Federation of America, and the Electronic Privacy Information Center.