Senators legislate for data privacy law

A collective of United States senators has recently introduced the Data Care Act. This is new legislation that includes a duty of care concept for online businesses.

The Act, which is supported by 15 Democratic senators, Federal Trade Commission with the authority to make rules and enforce the law.

The bill's fiduciary-like standards, such as; duty of care, loyalty and confidentiality represent a new concept in federal U.S. privacy law.

During a telephone interview with The Privacy Advisor, Senator Maggie Hassan D-N.H., defined the bill as:

"a common-sense way to legally require online service providers to act in the best interests of consumers, so they know their data is being protected and used responsibly. Increasingly, consumers are asked to agree to pages and pages of terms every time they sign up for a new service. It's not reasonable to expect consumers to wade through and understand these terms to provide true informed consent."

Hassan added that it is not reasonable for consumers to have to forgo a service because of confusing terms. She explained that it is long overdue for service providers to have certain duties to ensure they protect their users' data.

But awarding the FTC greater regulatory powers is unlikely to find favor with anti-regulatory Republicans. This is evidenced by the fact that no Republican senators co-sponsored the bill. All of the 15 sponsors of the bill are Democrats. However, there are ongoing discussions with Republicans, according to Hassan.

Meanwhile, on the left of the aisle, some are concerned that the bill does not go far enough. Senator Ron Wyden released his version of a draft bill in November. It calls for "radical transparency," including a provision that would send corporate executives to jail.

Wyden's bill would cover companies with more than $50 million in revenue, that have the personal data of 1 million or more users. It would create a national "Do Not Track" opt-out website and give the FTC the necessary power to fine corporate offenders for a first offense.

Senator Hassan said:

"I am hopeful we will find a good compromise bill," Hassan said. "One thing that is important to me is that by setting these duties — the duty of care, loyalty and confidentiality — it provides a framework that can be used to judge the behavior of online service providers with regard to how they use consumer data."

The standard set by the three fiduciary duties also allows for flexibility with a rapidly changing digital ecosystem, as well. Technology is rapidly evolving, and this bill, Hassan said, is designed to set standards, not be overly prescriptive, so that it can address new technological challenges as they arise and evolve. The backbone for this would be the FTC's new enforcement powers.

Hassan said she hears from her constituents a lot about their online privacy concerns: "People keep hearing about how Facebook, Google and other companies are using their data in ways they didn't know about or anticipate." She also said companies aren't doing enough to protect user data and people "don't seem to have rights under the law and once their data is out there, the harm is already done."

She expressed concern about this week's revelations by The New York Times that Facebook had previously undisclosed data-sharing agreements with as many as 150 different companies. "These reports about Facebook have gotten Congress's attention in both chambers and on both sides of the aisle," she said.

Hassan certainly didn't mince her words either, when voicing her concerns about Facebook as a whole. She said:

"I have long been concerned about the tension between Facebook's business model and its users' privacy and well-being. I asked [Facebook CEO] Mark [Zuckerberg] about this earlier this year. When you look at their business model, it says its profits depend on keeping users on the platform and sharing as much as possible."

Hassan added “that's in conflict with users' well-being.”

"It's incumbent for those of us in Congress to impose laws" that help better align the interests of online companies with the well-being of their users, she said. "No matter how big a company gets, they still need to be held to the same standards."

So, how will all this impact a federal privacy law in 2019? In Washington there is still considerable uncertainty. But ongoing news reports about the use of personal data by online businesses, as well as emerging state laws such as the California Consumer Privacy Act (CCPA) are driving the interest in a federal law.

Hassan commented:

"I think the CCPA has made industry realize that they need to come to the table. When those forces come together, we have prospects for thoughtful work that will hopefully create a good, strong framework that allows for the regulation of technology."

Sources and credits: The Privacy Advisor