A group of 15 Democratic senators, led by Sen. Brian Schatz of Hawaii, introduced a new data privacy bill Dec. 12 that would grant new authority to the U.S. Federal Trade Commission, among other provisions.
The bill, dubbed the "Data Care Act of 2018," would require online service providers to "reasonably secure" individual identifying data from unauthorized access and promptly inform users of data breaches.
The bill also grants the FTC the authority to implement rules requiring data breach notifications and states that anyone in violation of the proposed law would be subject to penalties from the FTC, which could include fines.
It would extend many of its requirements to third parties by stipulating that online service providers "may not disclose or sell individual identifying data to, or share individual identifying data with, any other person unless that person enters into a contract with the online service provider that imposes on the person the same duties of care, loyalty, and confidentiality toward the applicable end user as are imposed on the online service provider."
The bill's introduction comes two days after Alphabet Inc.'s Google LLC disclosed the discovery of a security bug on one of its platforms, but U.S. legislators have long been debating a potential policy response to privacy laws enacted this year in Europe and passed in some states, most notably California.
Last month, Sens. Richard Blumenthal, D-Conn., and Jerry Moran, R-Kan., announced they were working on a bipartisan privacy bill. The two senators lead the Senate Commerce Committee's subcommittee that has jurisdiction over consumer protection and data security.
Blumenthal said that a privacy reform bill needs to have the same or better rights than California and Europe's privacy laws and give the FTC the resources and structure to enforce rules.