December 12, 2018

Duckworth and Durbin Join Schatz, 12 Senators in Introducing New Bill to Help Protect People’s Personal Data Online


[WASHINGTON, D.C.] — Today, U.S. Senators Tammy Duckworth (D-IL) and Dick Durbin (D-IL) joined Senator Brian Schatz (D-HI) and 12 of their colleagues today in introducing new legislation to protect people’s personal data online. The Data Care Act would require apps, websites, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.

“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be exploited,” said Senator Schatz.

“With major hacks or data leaks of private user information at Facebook, Marriott, Google, Equifax and Uber in just the last year or so, it’s abundantly clear that Congress must do more to protect Americans’ personal data online,” Senator Duckworth said. “Health professionals and financial advisors have long been responsible for handling personal information with the consumer’s best interests in mind, it’s time we extend this commonsense principle to websites and online providers. I’m proud to join Senators Schatz and Durbin in introducing this important legislation to do just that.”

“In today’s era of ‘big data,’ Americans are using the internet every day without fully understanding the consequences of every click and whether that click just handed over their personal data for unwanted uses. This is simply unacceptable. Websites, apps, and other online providers should be required to protect their users personal data. This bill is a sensible step in protecting consumers’ personal data and I’m proud to join my colleagues in introducing it,” said Senator Durbin.

Doctors, lawyers, and bankers are legally required to exercise special care to protect their clients and their information. While online companies also hold personal and sensitive information about the people they serve, they are not required to protect consumers’ data. This leaves users in a vulnerable position; they are expected to understand the information they give to providers and how it is being used – an unreasonable expectation for even the most tech-savvy consumer. By establishing a fiduciary duty for online providers, Americans can trust that their online data is protected and used in a responsible way.

In addition to Duckworth and Durbin, the Data Care Act is also co-sponsored by U.S. Senators Maggie Hassan (D-NH), Michael Bennet (D-CO), Amy Klobuchar (D-MN), Patty Murray (D-WA), Cory Booker (D-NJ), Catherine Cortez Masto (D-NV), Martin Heinrich (D-NM), Ed Markey (D-MA), Sherrod Brown (D-OH), Tammy Baldwin (D-WI), Doug Jones (D-AL) and Joe Manchin (D-WV).

The Data Care Act establishes reasonable duties that will require providers to protect user data and will prohibit providers from using user data to their detriment:

  • Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
  • Duty of Loyalty – May not use individual identifying data in ways that harm users;
  • Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
  • Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule subject to civil enforcement actions by the FTC. States may also bring civil enforcement actions, but the FTC can intervene.
  • Limited Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.