On Wednesday, December 12, 2018, Senator Brian Schatz (D-HI), Ranking Member of the Communications, Technology, Innovation, and the Internet Subcommittee, introduced The Data Care Act of 2018. The bill, which is co-sponsored by 14 Senate Democrats, would establish numerous consumer protections designed to address access and use of personal data online and prevent technology companies from knowingly doing harm to their users.
In a press release accompanying the bill, Senator Schatz stated “People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited.”
Do No Harm.
The proposal has been touted as an analog to the ethical duty to “Do No Harm” in the medical, legal, and financial services industries. The bill, which would be defined and enforced by the Federal Trade Commission, would establish three basic “duties” that online service providers must meet:
-
Duty of Care – Providers must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information.
-
Duty of Loyalty – Providers may not use individual identifying data in ways that harm users.
-
Duty of Confidentiality – Providers must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data.
Co-sponsor Senator Amy Klobuchar (D-MN), added “Online platforms are collecting an enormous amount of personal data on Americans – everything from what we buy and what websites we go to, to what our emails say and where we go throughout the day. These companies are making billions off of this data and they’re keeping Americans in the dark about how it is being used. That’s wrong and it is especially alarming because it seems like every day we hear about new data breaches. It is clear that we must do more to protect consumer privacy. The Data Care Act will help by establishing a duty of care for sensitive data and by ensuring the FTC can hold companies accountable when they fall short. The digital space can’t keep operating like the Wild West at the expense of our privacy.”
If passed, the FTC would go through the normal notice and comment rulemaking process to further establish how authorities will define, implement and enforce concepts like “reasonable” security measures.
Federal Privacy Legislation on the Horizon?
As individual states like California and Illinois have advanced privacy legislation on the state level, it is likely that the bill may be part of a broader federal internet and consumer privacy legislation push to pre-empt state laws that has garnered support from both Democrats and Republicans. In a Senate hearing held on September 26, 2018 entitled “Examining Safeguards for Consumer Data Privacy,” Senator June Thune (R-SD), Chairman of the Senate Commerce Committee, stated that a federal privacy law “enjoys strong bipartisan support.” Thune went on to state that the hearing “represents the beginning of an effort to inform our development of a federal privacy law.”
In addition to Schatz, the Data Care Act is co-sponsored by U.S. Senators Maggie Hassan (D-N.H.), Michael Bennet (D-Colo.), Tammy Duckworth (D-Ill.), Amy Klobuchar (D-Minn.), Patty Murray (D-Wash.), Cory Booker (D-N.J.), Catherine Cortez Masto (D-Nev.), Martin Heinrich (D-N.M.), Ed Markey (D-Mass.), Sherrod Brown (D-Ohio), Tammy Baldwin (D-Wis.), Doug Jones (D-Ala.), Joe Manchin (D-W.Va.), and Dick Durbin (D-Ill.).