New York Senator Kirsten Gillibrand has just announced a bill to create a new Data Protection Agency, which would be in charge of regulating... well data protection.
The privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal data.
In order to protect the privacy of individuals, it is necessary and proper for Congress to regulate the collection, maintenance, use, processing, storage, and dissemination of information.
While I haven't finished reading the actual bill yet, I applaud Senator Gillibrand for proposing the idea. Her bill lays out what the new agency would focus on: regulating how data is collected, used and processed. She also explicitly carving out, what she calls, "High-Risk Data Practices" that would require extra protections.
Some High-Risk Practices (formatting mine):
The term "high-risk data practice" means an action by a covered entity that involves...
- any processing of biometric data for the purpose of uniquely identifying an individual...
- processing the personal data of an individual that has not been obtained directly from the individual...
- processing which involves tracking an individual’s geolocation...
According to the Senator's own press release on the topic:
2. [The Agency would maintain] the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace.
- The agency would promote data protection and privacy innovation across sectors, developing and providing resources such as Privacy Enhancing Technologies (PETs) that minimize or even eliminate the collection of personal data.
- The agency would ensure equal access to privacy protection and protect against “pay-for-privacy” or “take-it-or-leave-it” provisions in service contracts—because privacy, including online privacy, is a right that should be enforced.
3. [The Agency would prepare] the American government for the digital age.
- The agency would advise Congress on emerging privacy and technology issues, like deepfakes and encryption. It would also represent the United States at international forums regarding data privacy and inform future treaty agreements regarding data.
From my reading, it looks like this agency would also have the teeth to enforce its rules as opposed to the current FTC rules which companies basically ignore. An agency with this new authority would be utterly transformative for the U.S. Tech Sector and for the lives of everyday citizens.
I fully support this bill.