U.S. Senator Gillibrand (D-NY) issued a press release announcing the Data Protection Act of 2021, which would create the DPA, an independent federal agency whose goal is to protect Americans’ data, instill privacy safeguards and work to ensure that there is transparency in data sharing practices. 

There have been some changes to this proposed legislation since last year’s version of the bill. These changes include:

• Supervision of Data Aggregators: Grants the DPA authority to review Big Tech mergers involving a large data aggregator, or any merger that proposes the transfer of personal data of 50,000 or more individuals.

• Office of Civil Rights: Establishes the DPA Office of Civil Rights to advance data justice and protect individuals from discrimination. 

• Enforcement Powers: Improves DPA enforcement powers to oversee the use of high-risk data practices and to penalize, examine, and propose remedies to the social, ethical, and economic impacts of data collection.

• Penalties and Fines: Prohibits data aggregators from committing any unlawful, unfair, deceptive, abusive, or discriminatory data practices; and allows for penalties and fines to be levied if violated, including triple penalties for violations against children.

• Defines Key Terms for Transparency: Provides Key Definitions for Privacy Harm, Data Aggregators, and High-Risk Data Practice, among other key terms.

According to the release “The DPA would be an executive agency. The director would be appointed by the president and confirmed by the Senate, serves a 5-year term, and must have knowledge of technology, protection of personal data, civil rights, and law. The agency may investigate, subpoena for testimony or documents, and issue civil investigative demands. It may prescribe rules and issue orders and guidance as is necessary to carry out federal privacy laws. The authority of state agencies and state attorneys general are preserved in the Act. The DPA would have three core missions:

1. Give Americans control and protection over their own data by authorizing the DPA to create and enforce data protection rules. 

2. Maintain the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace. 

3. Prepare the American government for the digital age.”

Lanton Law’s technology practice has been monitoring privacy developments nationwide. If you are a banking/finance, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

U.S. Senator Kirsten Gillibrand (D-NY) has announced the creation of new legislation titled the Data Protection Act. According to the Senator’s press release, the bill would create “the Data Protection Agency (DPA), an independent federal agency that would protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent. 

The DPA will have the authority and resources to effectively enforce data protection rules—created either by itself or congress—and would be equipped with a broad range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies. The DPA would promote data protection and privacy innovation across public and private sectors, developing and providing resources such as Privacy Enhancing Technologies (PETs) that minimize or even eliminate the collection of personal data. The U.S. is one of the only democracies, and the only member of the Organization for Economic Co-operation and Development (OECD), without a federal data protection agency.”

The proposed bill will have three core missions:

• Give Americans control and protection over their own data by creating and enforcing data protection rules

• Maintain the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace

• Prepare the American government for the digital age

Governmental oversight into data is showing no signs of slowing down. Gone are the days where you don’t have to worry about regulations in order to operate. If you are a healthcare, technology and financial services stakeholder, data privacy will be the most important issue to overcome within the next 10-20 years. Ensuring against breaches of personally identifiable information (PII), protected health information (PHI), personally identifiable financial information (PIFI), and other sensitive data will be key to compliance, trust and market competitiveness. Contact Lanton Law so that our experts can use their advocacy and legal services to help you prepare and succeed in a more interconnected world.