The New York senator reintroduced the Data Protection Act, which would create the Data Protection Agency (DPA) to “protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent.”
The Data Protection Act was first introduced last year by Gillibrand. The latest version of the bill builds upon the previous version, which tasked the DPA with taking complaints from consumers and conducting investigations.
The new bill would expand the DPA to address discriminatory data practices and “oversee the use of high-risk data practices,” according to Gillibrand’s office. It would also be expanded to review mergers that include data aggregators that involve the transfer of personal data of more than 50,000 people.
“The new and improved DPA of 2021 takes on even bigger and bolder reforms, including provisions to help the DPA address Big Tech mergers, penalize high-risk data practices, and establish a DPA Office of Civil Rights,” Gillibrand said in a statement. “The U.S. needs a new approach to privacy and data protection and it’s Congress’ duty to step forward and seek answers that will give Americans meaningful protection from private companies that value profits over people.”
Gillibrand’s office highlighted numerous high-profile data breaches as reasons a new federal agency is needed. They noted the recent discovery that 530 million Facebook users had personal data lifted in a 2019 breach and Clearview AI—the controversial facial recognition startup—scraping people’s photos off social media without any oversight.
The proposed DPA would have a director who was appointed by the president who would need to be confirmed by the Senate to serve a five-year term.
Gillibrand’s proposal to create a new data privacy agency was welcomed by advocates.
“Congress’ ongoing failure to modernize our privacy laws is hurting individuals, communities, and American businesses alike. We need a new approach. @gillibrandny’s Data Protection Act is the game-changing proposal we need. @EPICprivacy is proud to support it,” Caitriona Fitzgerald, the deputy director of the Electronic Privacy Information Center, tweeted on Thursday.