The General Data Protection Regulation (GDPR) laws sent American companies doing business internationally into a flurry of activity in 2018, scrambling to ensure that their practices were compliant with the EU-originated laws to secure (and notify users about the use of their) data. As breaches become more common at American tech companies, there have been murmurs about US-based legislative efforts. The latest, the Data Care Act, was announced last week “to stop the misuse of users’ personal data.”
What The Data Care Act Will Do
The bill, championed by Hawaii Senator Brian Schatz, and co-sponsored by 14 other Democratic senators, looks to the fiduciary responsibility of other professions who deal heavily with data but are bound to protect it: namely bankers, doctors, and lawyers. All of these professionals have largely managed to avoid the frequency and scope of data breaches that have been seen at companies like Facebook, Google, Amazon, and others. In the absence of regulatory practices like oaths and licensing, Schatz’s proposed bill places enforcement power in the hands of the Federal Trade Commission (FTC). “One of the reasons I like using the FTC is they’re hard-nosed regulators that know what they’re doing and have not become a political lightning rod,” Sen. Schatz said to TechCrunch upon the announcement of the bill.
For marketers, this proposed scrutiny of data and user information, this creates an added challenge insufficiently securing any personal details you get from consumers and prospective consumers. At last month’s Social Media Week London, Wayin’s Rich Jones expressed excitement about this challenge, insisting that the personal connections they’ll require to customize experiences “will make us better” as marketers. Looking ahead to strategies that responsibly use the information companies are given through forms and social listening, he insisted: “fundamentally, consumers need to have protection over their own data.”
Care, Loyalty, and Confidentiality
The details of the Data Care Act’s initial draft are deliberately vague, choosing to instead outline a general trio of duties for tech companies who collect and utilize customer data. “From my observation and experience, the moment we’re too prescriptive in the statute about what’s allowed and not allowed, the general councils and chief software engineers will sit down and start to code around it,” Schatz said. In his mind and the minds of his co-sponsors, a better approach is to “lay down broad principles and then empower the expert agency,” which will allow the legislation and penalties to evolve along with the industry.
A duty of care calls upon these companies to protect your information to the best of their ability, and to promptly tell users about breaches that expose sensitive data. A duty of loyalty would ask these companies to “not use individuals’ identifying data in ways that harm users. And a duty of confidentiality would hold any third party companies using this data, through either a sharing or sales agreement, accountable for similar safety of user information. For brands and marketers who make regular use of acquired data in this way, this duty of confidentiality is the most germane piece of the proposed legislation. Unlike other forms of legislation that have been proposed (such as Senator Ron Wyden’s proposal to jail tech execs whose companies are breached), the Data Care Act will rely on fines and other civil penalties to enforce the rules against companies who decline to comply.
What Comes Next?
The Data Care Act isn’t the only legislation aiming to protect the safety of our data; other GDPR-like legislative measures, as well as state-specific efforts in California and Illinois, have surfaced in recent months. And while it’s worth noting that presently this bill only has official support from Democrats, Schatz has said he doesn’t sense any “instinctive” pushback from his Republican or Independent counterparts at present. He has, however, garnered “cautious” support from some data privacy organizations. This bill’s most likely competition will likely come from a bipartisan effort co-sponsored by Democratic Senator Richard Blumenthal and Republican Senator Jerry Moran, though no text has yet been released for their efforts.
Ultimately, Schatz suspects the bill will most likely end up being part of a bipartisan package that aims to address internet privacy on a national level. And in an age where privacy seems highly desirable and also increasingly difficult to ensure, thoughtful and comprehensive legislation on the issue matters. How marketers use the information they acquire, be it directly from consumers or with the help of tech companies, matters. “It is not realistic in today’s digital world to suggest that people could simply forgo online services and websites if they object to the way their data is being used,” said Senator Maggie Hassan (D-NH), one of the bill’s co-sponsors. “This commonsense legislation establishes a legal obligation for online service providers to act in the best interests of consumers so that people can trust that their data is being protected and used responsibly.”
Join 100,000+ fellow marketers who advance their skills and knowledge by subscribing to our weekly newsletter.