March 24, 2021

Manchin Bill To Help Protect Personal Data Online

Senator Manchin’s legislation will stop websites and apps from using personal data to harm others, protect user information from acts and hold companies accountable for misuse

Washington, DC –  U.S. Senator Joe Manchin (D-WV) led a group of 18 Senators in reintroducing the Data Care Act to protect Americans’ personal data online. Senator Manchin’s legislation would require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.

“Far too often, websites and apps collect and misuse Americans’ personal data without their knowledge. While there are legal requirements to protect an individual’s information in sectors like banking and medical fields, online companies are not held to the same standard and are not required to protect their users’ data. The Data Care Act will help hold online companies accountable to safeguard consumers’ data and prevent continued misuse of this data. I urge my colleagues on both sides of the aisle to join us in passing this commonsense legislation and I will work to ensure all West Virginians’ data and private information is protected,” said Senator Manchin.

Doctors, lawyers, and bankers are legally required to exercise special care to protect their clients and not misuse their information. While online companies also hold personal and sensitive information about the people they serve, they are not required to protect consumers’ data. This leaves users in a vulnerable position; they are expected to understand the information they give to providers and how it is being used – an unreasonable expectation for even the most tech-savvy consumer. By establishing an explicit duty for online providers, Americans can trust that their online data is protected and used in a responsible way.

The Data Care Act establishes reasonable duties that will require providers to protect user data and will prohibit providers from using user data to their detriment:

  • Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information
  • Duty of Loyalty – May not use individual identifying data in ways that harm users
  • Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data
  • Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene. States and the FTC may go after both first- and third-party data collectors
  • Rulemaking Authority – FTC is granted rulemaking authority to implement