The US’ data-protection regime is often regarded as lagging behind Europe, especially in an increasingly-digital world. Senator Kirsten Gillibrand has a plan to fix that, and has issued a call to create a domestic privacy regulator that would close the gap between the US and other nations. In a post on Medium, the New Yorker senator said that she would introduce legislation to create a new Data Protection Agency.
Gillibrand says that as so much commerce is now conducted online, there’s an imbalance between the rights of users and those who control our data. “Lawlessness in the data privacy space,” she writes, “can give rise to new, unexpected forms of injustice.” Like many lawmakers, she says that Google and Facebook, amongst others, have made “a whole lot of money” from our private data.”
And she says the risks, when things go wrong, are getting worse as a consequence of how much data these bodies hold about us. Gillibrand cites the Equifax breach as a prime example, saying that the company’s failure to properly safeguard the data allowed hackers to make off with so much information. And yet, she says, the company “has faced few consequences and little accountability for what happened.”
There are a number of voices which are asking for an improved privacy and data protection regime in the US, often looking to Europe’s GDPR for inspiration. Apple CEO Tim Cook has called for the US to adopt GDPR-style data privacy rules in the US, as has the House Energy and Commerce Committee. The latter, back in 2019, said that the FTC — which currently handles such cases — wasn’t sufficiently empowered to act as a proper privacy regulator, and needed support.
A group of 51 companies, including Amazon, IBM and Qualcomm, have also lobbied Washington in the hope of getting stronger data privacy laws. In October 2019, Senator Ron Wyden sponsored the Mind Your Own Business Act, which would give the FTC more powers. Similarly, rival proposals are being pushed around the Senate Commerce Committee, although The Hill says the plan is still being worked out.
Gillibrand says that the proposed Data Protection Agency would serve as a “‘referee’ to define, arbitrate and enforce rules to defend the protection of our personal data.” It would be responsible for investigating complaints, pushing for better privacy protections and advise lawmakers on issues like deepfakes.
CNBC points out that Gillibrand’s proposal mirrors that from California Democrats Anna Eshoo and Zoe Lofgren, who are also calling for a dedicated privacy agency. The outlet claims to have read a draft of the Gillibrand bill, which would give the new agency powers to bring civil actions against bad actors. And if it finds a company has knowingly violated federal privacy law, then fines would be capped at $1 million per day.
It remains to be seen how well the bill will survive in an environment with a number of competing privacy bills and seemingly insurmountable partisan gridlock. Especially since Gillibrand’s bill leaves some room for states to shape their own rules, and suddenly Republicans are in favor of federal regulations that supercedes states rights. But it is clear that, given the number of people demanding something must be done to reign in big tech, the days of lax data protection laws are numbered.