Blackburn, Wicker Introduce Federal Data Privacy Legislation

July 29, 2021

WASHINGTON, D.C. – U.S. Senators Marsha Blackburn (R-Tenn.), ranking member of the Subcommittee on Consumer Protection, Product Safety, and Data Security, and Roger Wicker (R-Miss.), ranking member of the Senate Committee on Commerce, Science, and Transportation, introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act. The legislation would provide Americans with more choice and control over their data and direct businesses to be more transparent and accountable for their data practices. The bill would also enhance the Federal Trade Commission’s (FTC) authority and provide additional resources to enforce the Act.

 

“Americans should be able to control their ‘virtual you.' The increase in cyberattacks and data leaks have made it extremely apparent to consumers that their online data may not be safe. The first step is giving Americans a larger say in how companies are collecting and using their information,” said Blackburn.

 

“With the recent increase in cyberattacks on our nation’s critical infrastructure and the ongoing efforts to expand internet services to every American, the need for federal privacy legislation is imperative,” said Wicker. “We risk losing consumers’ confidence in the internet marketplace and undermining our national security and technological leadership abroad without a federal privacy law. My bill would provide all consumers across the country with the same strong protections while ensuring innovation and competition remain a foundational principle to our economic advancements.”

 

The SAFE DATA Act would:

 

• Provide Americans with more choice and control over their data by:

o Requiring businesses to allow consumers to access, correct, delete, and port their data;

o Prohibiting businesses from processing or transferring consumers’ sensitive data without their consent;

o Prohibiting businesses from denying consumers products or services for exercising their privacy rights;

o Minimizing the amount of consumer data businesses can collect, process, and retain;

o Limiting secondary uses of consumer data without their consent;

o Establishing uniform data protections across the country enforced by the Federal Trade Commission (FTC) and state attorneys general;

 

• Direct businesses to be more transparent and accountable for their data practices by:

o Requiring businesses to disclose a privacy policy to consumers detailing their data collection, processing, and transfer activities, and notify consumers of any material changes to those activities;

o Requiring businesses to conduct privacy impact assessments of data processing activities that may present a heightened risk of harm to consumers;

o Requiring businesses to secure consumers’ data and maintain internal controls and reporting structures to assess data privacy risks to consumers; and

o Prohibiting businesses from processing data in ways that violate federal Civil Rights laws.

 

• Strengthen the FTC’s ability to respond to potentially harmful changes in technology and hold businesses accountable for misusing consumers’ data by:

o Authorizing the FTC to develop new rules to expand categories of sensitive data;

o Requiring the FTC to share any information with the appropriate Executive or State agency if it obtains information that a business has processed or transferred consumer data in a way that violates Federal anti-discrimination laws;

o Requiring the FTC to maintain a data broker registry; and

o Expanding the FTC’s authority to oversee the data use practices of common carriers and nonprofit organizations.

 

Click here to read the bill.