July 29, 2021

Volume XI, Number 210

Advertisement

July 28, 2021

Subscribe to Latest Legal News and Analysis

July 27, 2021

Subscribe to Latest Legal News and Analysis

July 26, 2021

Subscribe to Latest Legal News and Analysis

Proposal to Create Data Protection Agency Reintroduced in Senate

CPW has been monitoring the data privacy bills under consideration this year at the federal and state level (see some of our prior coverage herehere and here).  Last week, Senator Kirsten Gillibrand reintroduced the Data Protection Act, a bill that would establish a new federal agency, the Data Protection Agency (“DPA”), dedicated to regulating and enforcing federal data privacy laws.  Read on for an overview of the bill’s key features.

The Data Protection Act was first introduced in 2020 and would charge the DPA with conducting investigations and collecting and reviewing complaints from consumers.  Additionally, the DPA would create and develop model data privacy standards for use in the private sector.  The new version of the bill significantly expands the DPA’s responsibilities and authority, equipping the potential agency with enforcement tools including civil penalties, equitable relief, and injunctive remedies.  The bill also tasks the DPA with reviewing any merger that would involve the transfer of data for 50,000 individuals or more. [Note: The transaction would also then be reviewed by the Federal Trade Commission and the Department of Justice.]

As an executive agency, the DPA would advise Congress on emerging privacy and technology issues, and would coordinate with other federal agencies to promote consistent regulatory treatment of personal data.  Additionally, the 2021 bill includes new provisions addressing civil rights issues, including the creation of an Office of Civil Rights within the DPA to ensure that data is not used or collected for discriminatory purposes.  In addition to the creation of the DPA, the Data Protection Act includes provisions prohibiting certain data collection and usage practices, including those that are labeled “high-risk.”  The bill also provides definitions for key data privacy terms, including “Privacy Harm,” “Data Aggregators,” and “High-Risk Data Practice,” among others.

As states continue to develop their own privacy regimes and adopt varying approaches to regulating the collection, use and dissemination of personal information, pressure is growing at the federal level for a comprehensive, uniform privacy law.  Whether the Data Protection Act will garner enough support to accomplish that remains to be seen.  But not to worry, CPW will be there to keep you in the loop.

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 174
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Christina Lamoureux Litigation Attorney Squire Patton Boggs Washington DC
Associate

Christina Lamoureux is an associate in the Litigation Practice in the Washington DC office. She represents a wide variety of clients in complex commercial matters.

Admissions

  • District of Columbia, 2020

Related Services

  • Litigation
202-457-6095
Advertisement
Advertisement