In mid-June, Senator Kirsten Gillibrand (D-NY) reintroduced a new version of her bill, the Data Protection Act of 2021, that would create a new independent, executive-level government agency, the Data Protection Agency (DPA). The DPA would “protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent.”
Under the bill, the DPA would have the authority and resources to enforce any data protection rules created by Congress or the agency itself, backed by a range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies. In addition to creating privacy rules and enforcing federal-level rules, the DPA would reach out to organizations to promote data protection and encourage the adoption of model privacy and data protection standards, guidelines and policies.
The new bill, which features substantial changes to Gillibrand’s original 2020 legislation, spells out DPA’s three core missions:
- Authorize DPA to create and enforce data protection rules to give Americans more control and protection over their data by regulating high-risk data practices and personal data collection.
- Foster innovation by ensuring fair competition within the digital marketplace by having DPA’s research unit analyze and report on data protection and privacy innovation across sectors. The research unit would also develop the model privacy and data protection templates.
- Prepare the American government for the digital age by advising Congress on emerging privacy and tech issues while coordinating with Federal agencies and State regulators to promote consistent regulatory treatment of personal data.