Two California lawmakers announced a legislative proposal on Tuesday that would create a new federal agency to enforce privacy rights online.
The bill proposes creating the Digital Privacy Agency (DPA), which would become an independent agency with a director who is appointed by the president and would serve a Senate-confirmed, five-year term.
The DPA would be tasked with enforcing “users’ privacy rights and ensuring companies follow the law,” according to a summary released by the congresswomen. The bill also proposes allowing the DPA to impose damages of up to $42,530 per incident, the maximum amount that the Federal Trade Commission (FTC) can fine.
The bill would also give internet users the right to “access, correct, delete, and transfer” data collected about them and choose how long data about them can be kept, among other things.
Echoo and Lofgren’s bill also proposes a number of requirements for companies, including: articulating the need for and minimizing the data collected on users; not selling or disclosing personal information without consent; and having to notify the DPA of “users of breaches and data sharing abuses.”
“Every American is vulnerable to privacy violations with few tools to defend themselves,” Eshoo said in a statement. “Too often, our private information online is stolen, abused, used for profit, or grossly mishandled. We’re proud to introduce the Online Privacy Act to restore and protect the American people’s right to privacy. Our legislation ensures that every American has control over their own data, companies are held accountable, and the government provides tough but fair oversight.”
“Privacy for online consumers has been nonexistent—and we need to give users control of their personal data by making legitimate changes to business practices. The Online Privacy Act creates a robust framework that balances the actual needs of businesses with fair privacy rights and expectations for users.”