U.S. Sen. Michael Bennet was among the 16 senators who introduced the Data Care Act on Tuesday, which sets out rules for how websites, apps and other online service providers may engage with their users’ personal data.
“Online companies should have a duty to protect and use our data with the highest level of care, and the Data Care Act will hold them accountable while ensuring they handle our data with our best interest in mind,” Bennet said in a statement.
The bill lays out three duties that providers have to respect their users’ personal information. First, they must secure identifying data from unauthorized access and promptly inform users of breaches.
Second, they may not use individuals' data in a way that benefits the provider to “the detriment of an end user,” or is otherwise harmful or “offensive” to the user.
Finally, they are limited in how they sell or disclose personal information to third parties.
The legislation defines sensitive data as Social Security numbers, financial account details, usernames and passwords, and information that corresponds to online account access — birth dates or mothers’ maiden names, for example.
To enforce its provisions, the bill gives the Federal Trade Commission authority to address violations and empowers state attorneys general to bring civil suits on behalf of end users.
Behavior that contravenes the legislation would be treated as an "unfair or deceptive act or practice".