NEWS18 February 2020

US senator proposes data protection agency

GDPR Legal News North America Privacy Public Sector

US – Senator Kirsten Gillibrand has called on the country to address a ‘data privacy crisis’ by introducing a new federal data protection agency.

america map with a padlock

Gillibrand has drafted a Senate bill that would, if passed, establish a consumer watchdog – similar to the UK’s Information Commissioner’s Office (ICO) – to enforce rules protecting personal data.

The Data Protection Act would also promote innovative approaches to data protection and privacy and develop resources such as Privacy Enhancing Technologies to minimise or remove the need for data collection.

The US is one of the only countries that does not have a data protection agency, and the only member of the Organisation for Economic Co-operation and Development (OECD) without one.

In a blog post, Gillibrand highlighted how tech giants have benefited from the digital age, saying: "These companies have built major empires of data with information about our private lives. They’re processing that information with increasingly complex and sophisticated algorithms. And they’re making a whole lot of money off of it."

She also pointed to high-profile data breaches and "bad actors using powerful data collection and processing techniques" as further evidence of the need for the legislation.

She wrote: "Data has been called ‘the new oil'. Companies are rushing to explore and refine it, ignoring regulations, putting profits above responsibility, and treating consumers as little more than dollar signs. Like the oil boom, little thought is being given to the long-term consequences."

According to the bill, in addition to creating and enforcing rules, the agency would take complaints, conduct investigations and inform the public, protect against ‘pay-for-privacy’ services and advise Congress on privacy issues such as deepfakes.

Gillibrand said: "The US needs a new approach to privacy and data protection. We cannot allow our freedoms to be trampled over by private companies that value profits over people, and the Data Protection Agency would do that with expertise and resources to create and meaningfully enforce data protection rules and digital rights."

Other nationwide privacy legislation is being considered in the US, including the Consumer Online Privacy Rights Act (Copra) and the Online Privacy Act. The California Consumer Privacy Act (CCPA) came into effect on 1st January.