January 17, 2021

Volume XI, Number 17


January 15, 2021

Subscribe to Latest Legal News and Analysis

January 14, 2021

Subscribe to Latest Legal News and Analysis

Senator Brown Unveils Discussion Draft of Comprehensive Privacy Bill

On June 18, 2020, Senator Sherrod Brown (OH) released a discussion draft of a privacy bill entitled the Data Accountability and Transparency Act of 2020 (“the Bill”). The Bill would provide individuals with several new rights regarding their personal data; implement rules limiting how personal data is collected, used or shared; and establish a new federal agency called the Data Accountability and Transparency Agency to protect individuals’ privacy and enforce those rules.

In particular, the Bill limits the collection, usage and sharing of personal data by “data aggregators” to when it is strictly necessary to carry out one of twelve “permissible purposes,” and bans practices such as targeted advertising and commingling personal data from multiple applications, services, affiliates or independent business lines. The Bill would also:

  • forbid retention of personal data for any time longer than is strictly necessary to carry out a permissible purpose;

  • ban the use of facial recognition technology as well as the collection, usage or sharing of any personal data obtained from facial recognition technology;

  • prohibit discriminatory uses of personal data;

  • require data aggregators using automated decision systems to conduct testing on bias and disparate impact as well as risk assessments;

  • provide individuals with the rights of access, portability, transparency, deletion, accuracy and correction, as well as the right to object to a claimed permissible purpose and to human review of automated decisions;

  • implement a duty of care requiring that data aggregators implement and maintain reasonable security practices and procedures;

  • require data aggregators to establish comprehensive privacy and data security policies, practices and procedures; and

  • establish criminal and civil penalties for CEOs and boards of directors for certain violations of the Bill.

The Data Accountability and Transparency Agency would be headed by a Director who would serve a five-year term and would protect individuals from unfair, deceptive, abusive and discriminatory practices. It would be given broad rule-making authority and could identify specific practices that it deems unfair, deceptive, abusive or discriminatory.

The Bill could be enforced by state attorneys general and contains a private right of action for any violation of the act, under which any violation would be presumed to cause privacy harm and constitute a concrete and particularized injury to the individual. It would only preempt laws that directly conflict with its provisions, and it specifically notes that laws offering greater protections than the Bill would not be preempted.

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 177



About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct