Photo Courtesy of Wikimedia
“It’s critical that we modernize the way we handle technology,” Sen. Gillibrand said.
By Forum Staff
U.S. Senator Kirsten Gillibrand (D-N.Y.) on Thursday announced her renewed legislation, the Data Protection Act of 2021, which would create the Data Protection Agency, an independent federal agency that would protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent. First introduced in 2020, the updated legislation has undergone significant improvements, including updated provisions to protect against privacy harms and discrimination, oversee the use of high-risk data practices, and to examine and propose remedies for the social, ethical, and economic impacts of data collection. Additionally, the DPA would have the authority and resources to effectively enforce data protection rules—created either by itself or Congress—and would be equipped with a broad range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies. The DPA would promote data protection and privacy innovation across public and private sectors, developing model privacy and data protection standards, guidelines, and policies for use by the private sector. The U.S. is one of the only democracies, and the only member of the Organization for Economic Cooperation and Development, without a federal data protection agency. Senator Brown is an original cosponsor of the Data Protection Act.
Improvements to the 2021 DPA include:
- Supervision of Data Aggregators: Grants the DPA authority to review Big Tech mergers involving a large data aggregator, or any merger that proposes the transfer of personal data of 50,000 or more individuals.
- Office of Civil Rights: Establishes the DPA Office of Civil Rights to advance data justice and protect individuals from discrimination.
- Enforcement Powers: Improves DPA enforcement powers to oversee the use of high-risk data practices and to penalize, examine, and propose remedies to the social, ethical, and economic impacts of data collection.
- Penalties and Fines: Prohibits data aggregators from committing any unlawful, unfair, deceptive, abusive, or discriminatory data practices; and allows for penalties and fines to be levied if violated, including triple penalties for violations against children.
- Defines Key Terms for Transparency: Provides Key Definitions for Privacy Harm, Data Aggregators, and High-Risk Data Practice, among other key terms.
“In today’s digital age, Big Tech companies are free to sell individuals’ data to the highest bidder without fear of real consequences, posing a severe threat to modern-day privacy and civil rights. A data privacy crisis is looming over the everyday lives of Americans and we need to hold these bad actors accountable,” Gillibrand said. “It’s critical that we modernize the way we handle technology, which is why I first introduced the Data Protection Act last year, in order to create an executive agency whose sole job is to protect data and privacy. The new and improved DPA of 2021 takes on even bigger and bolder reforms, including provisions to help the DPA address Big Tech mergers, penalize high-risk data practices, and establish a DPA Office of Civil Rights. The U.S. needs a new approach to privacy and data protection and it’s Congress’ duty to step forward and seek answers that will give Americans meaningful protection from private companies that value profits over people.”
