The Data Protection Act of 2020

Bond Schoeneck & King PLLC
Contact

Bond Schoeneck & King PLLC

The Data Protection Act of 2020 is the latest federal bill directed to issues of personal data privacy and security. Introduced by Senator Kirsten Gillibrand (D-N.Y.), this legislation establishes an independent federal Data Protection Agency with the power to regulate the processing of personal data through, for example, the power to enforce defined "Federal privacy laws." 

Similarly to the European Union’s General Data Protection Regulation (GDPR), the bill recognizes that “[p]rivacy is an important fundamental individual right” which is “directly affected by the collection, maintenance, use and dissemination of personal data.” The bill further notes that the unrestricted collection, disclosure, processing and misuse of personal data (which is broadly defined, similar to the definition of “personal data” under the GDPR) endanger the “opportunities for an individual to secure employment, insurance, credit and housing and the right to due process and other legal protections.” Senator Gillibrand personally echoed these concerns and others in a recent article, stating that “[i]t’s clear that lawlessness in the data privacy space can give rise to new, unexpected forms of injustice.” 

As such, the bill provides that “[i]n order to protect the privacy of individuals, it is necessary and proper for Congress to regulate the collection, maintenance, use, processing, storage, and dissemination of information.” The bill seeks to accomplish these goals through the establishment of and granting specific powers to the independent federal Data Protection Agency. 

The specific powers include, in part, the ability of the Agency to commence a civil action against a “covered entity” (“any person that collects, processes, or otherwise obtains personal data with the exception of an individual processing personal data in the course of personal or household activity”) who violates a defined “Federal privacy law,” and to seek relief including civil monetary penalties or equitable remedies including injunctive relief for such violations. Civil monetary penalties for knowingly violating a Federal privacy law can be as high as “$1,000,000 for each day during which such violation continues.” Money collected in successful enforcement by the Agency is to be deposited into a “Relief Fund,” and be made available to compensate individuals “affected by an act or practice for which civil penalties have been obtained.”

Clearly, this legislation would not establish a comprehensive federal data privacy/cybersecurity law in the same vein as the GDPR or California’s Consumer Privacy Act (CCPA). However, the Data Protection Agency created by this legislation could coexist with and enforce such a law. Indeed, Senator Gillibrand recognized that the Data Protection Agency “would serve as a ‘referee’ to define, arbitrate, and enforce rules to defend the protection of our personal data.” 

The chances of this bill becoming law, at least this year, are probably low given that this is a presidential election year and in view of the continuing acrimony on Capitol Hill. 

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Bond Schoeneck & King PLLC

Written by:

Bond Schoeneck & King PLLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide