IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Senator reintroduces federal data protection bill

Revised law includes oversight for big tech mergers

Senator Kirsten Gillibrand giving a speech

Senator Kirsten Gillibrand is back with a revised bill that would create a federal data protection agency in the US to oversee consumer privacy. This time, it includes powers to review big tech company mergers.

The Democratic senator from New York introduced the Data Protection Act of 2021 today, a revised and expanded version of an original bill introduced in February 2020. 

At its core lies something the US has lacked to date: a federal regulator dedicated to overseeing data privacy. The bill proposes developing an agency that would make its own data privacy rules or enforce those made by Congress across the government and private companies. It would be an executive agency with a director appointed by the president for a five-year term.

Alongside enforcing data protection rules, the agency would also develop model privacy frameworks for businesses, watch for discrimination in the use of automated algorithms, and advise the government on emerging threats like deep fakes.

The proposed law goes beyond its predecessor with several additions. The most notable is the supervision of mergers that involve data aggregators or any merger that involves transferring over 50,000 peoples' data.

The new bill would also include a civil rights office within the data protection agency, which would protect people from discrimination and clearly define terms such as privacy harm and high-risk data practices.

Under the new law, the data protection agency would have more enforcement powers, including the power to issue penalties and fines for violators.

Gillibrand targeted big tech companies in her remarks. They represent a direct threat to privacy and civil rights, she said, describing them as bad actors at the center of a "data privacy crisis."

Today, there are two main routes to hold companies accountable for privacy infractions in the US. The first is via states with strong consumer protection laws, such as California. The second is via the Federal Trade Commission, which Gillibrand called out for failing to act in dozens of cases and enforce its own orders.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
LinkedIn to pay $1.8 million to employees after settling gender discrimination charges
Careers & training

LinkedIn to pay $1.8 million to employees after settling gender discrimination charges

4 May 2022
Google claims US government is too reliant on unsecure Microsoft products
cyber security

Google claims US government is too reliant on unsecure Microsoft products

1 Apr 2022
Democrats propose privacy-focused digital dollar
digital currency

Democrats propose privacy-focused digital dollar

29 Mar 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022