Sen. Kirsten Gillibrand (D-N.Y.) proposed new internet privacy legislation, which would also create a new federal agency to enforce people’s online privacy rights. Sen. Gillibrand stated that the proposed Data Protection Agency would “[g]ive Americans control and protection over their own data by enforcing protection rules”; “[w]ork to maintain the most innovative, successful tech sector in the world and ensure fair competition within the digital marketplace”; and “[p]repare the American government for the digital age.” Gillibrand noted the importance of the proposal, as the “United States is vastly behind other countries on this. Virtually every other advanced economy has established an independent agency to address data protection challenges, and many other challenges of the digital age.”
Gillibrand’s proposal would establish a director to be appointed by the president and confirmed by the Senate with a five-year term. The agency would be able to initiate civil actions against violating companies and could grant relief to those who have had their privacy rights violated. The maximum fee for violations would be $1 million per day. The bill would also create a relief fund for those who can prove they were harmed by having their privacy violated; this fund is covered by the fees for violations. The agency would also make rules and issue subpoenas. While the agency will enforce legislation, it will also look at privacy innovation and create best practices. It can ask companies exceeding $25 million in gross revenue or collect large amounts of data to file reports so the agency can verify compliance.
In a post, Sen. Gillibrand stated, “Your data is extremely valuable to many companies with unknown motives, who are looking to exploit your data for profit. As a result, your very existence is being parsed, split, and sold to the highest bidder, and there is very little you — or anyone, including the federal government — can do about it. I believe that this needs to be fixed, and that you deserve to be in control of your own data. You have the right to know if companies are using your information for profit. You need a way to protect yourself, and you deserve a place that will look out for you.”
Gillibrand argued that Americans do not realize the type of data collected and how it is used. As a result, the government is not acting properly to enforce violations. Examples of recent large scale privacy violations include Equifax’s data breach, scams via robocall, and the use of images to power artificial intelligence.
“The tech giants — Google and Facebook among them — have been the clear winners of our transition to the digital age,” Gillibrand stated. “These companies have built major empires of data with information about our private lives. They’re processing that information with increasingly complex and sophisticated algorithms. And they’re making a whole lot of money off of it…Even the savviest consumers of technology cannot fully understand how companies use their data, where their data goes, how far they are willing to go to profit from that data, and whether their business practices encroach on their privacy and freedom. Moreover, companies have declared that this data is theirs for the taking, and they’ve repeatedly rejected responsibility and accountability for the greater impacts of any bad behavior.”
This bill is similar to proposals by California Democratic Reps. Anna Eshoo and Zoe Lofgren, who also sought to create a government agency for online privacy oversight. Other proposals do not call for creating a new agency, instead giving jurisdiction to the FTC and creating a new bureau within the existing agency and providing more funds.