Senator Kirsten Gillibrand (D-New York) has revisited her Data Protection Act of 2020 to add the creation of a government agency that would regulate and enforce federal privacy laws. She noted that, “Big Tech companies are free to sell individuals’ data to the highest bidder without fear of real consequences … a data privacy crisis is looming over the everyday lives of Americans.” The revamped version, more likely to be passed during the Biden administration, also includes sections on antitrust and civil rights.
Vox reports that, “the bill also spells out some prohibited data collection and usage practices, including those that are discriminatory or deceptive, and bans re-identifying users from de-identified data.”
In its latest version, the federal agency would “review the privacy implications of any mergers that include transferring the data of at least 50,000 users … [which] would then be sent to the Federal Trade Commission (FTC) and the Department of Justice to be used in determining whether to allow the mergers to go through.”
It would also have an Office of Civil Rights to ensure that, “data is not collected or used in a way that discriminates against protected classes … [such as] Facebook allowing users to place housing ads that exclude certain races and ethnicities.”
The FTC currently enforces federal privacy laws and “some believe the power should stay with an established agency that can be expanded to better take it on.” Representative Suzan DelBene (D-Washington) introduced a privacy bill in March that would “give the FTC significantly more money and employees.” Out of 1,100 full-time employees, the FTC has only “about 40 people dedicated to privacy matters.”
At the Brookings Institution, Center for Technology Innovation fellow Cameron Kerry agreed that, “there’s nothing wrong with the FTC that can’t be corrected with stronger legal authority and more resources.”
But advocates of a new federal agency dedicated to privacy say that the FTC has been “toothless” when it comes to bringing Big Tech companies to task; the $5 billion fine it handed to Facebook for privacy violations was paltry considering that company’s bottom line.
Other lawmakers that propose a separate agency include two Democratic representatives from California — Anna Eshoo and Zoe Lofgren — who have asked for a Digital Privacy Agency as part of the Online Privacy Act. Senator Sherrod Brown (D-Ohio), who is a co-sponsor of Gillibrand’s bill, also included the creation of an independent agency in his Data Accountability and Transparency Act. California is on the verge of establishing its own Privacy Protection Agency.
With Big Tech critic Lina Khan now chair of the FTC, “it’s also not yet known where data privacy will fall on the FTC’s docket.” But Vox notes that, “perhaps the biggest issue with this bill is not the bill itself but what the agency it creates would be able to do.”
“While the U.S. does have data privacy laws, almost everyone … agrees that existing regulations aren’t enough,” it adds. “They just don’t agree on how to address that problem, so federal privacy bills have historically gone nowhere. And that’s something this bill can’t fix.”