LANSING, Mich. (WLNS) – Senator Gary Peters (D-MI) introduced legislation on Friday that would mandate all data brokers (companies that sell consumers’ personal information) to “provide information about their practices with regard to collection of personal data.”
Peters introduced the bipartisan bill with Senators Cynthia Lummis (R-WY) and Shelley Moore Capito (R-WV).
If passed, the legislation would establish a national registry where data brokers would be required to register annually, as well as require the implementation of security systems to prevent security breaches.
“With a rapidly growing data brokerage industry profiting off the collection and exchange of individual’s personal data, it is critical that we take proactive, commonsense steps to strengthen protection for consumers’ information,” said Senator Peters in a press release. “I’m pleased to introduce this bipartisan legislation that will give Michiganders greater knowledge and control over their personal information by enhancing security protections and shedding light on the entities selling their data.”
“Today, it’s more important than ever to protect the individual data of American consumers,” Senator Capito said. “This bipartisan legislation would bring much-needed transparency and accountability to how data brokers handle personal information, while implementing important security protections for West Virginians.”
“In Wyoming, we value privacy. But in this digital age, the term ‘privacy’ has lost much of its meaning,” said Senator Lummis. “I’m proud to work with Senator Peters to help Americans understand which entities have collected data on them. The Data Broker List Act will provide consumers the long-overdue ability to see where their data is being held online. This is a good first step toward ensuring that privacy means something again in our digital world.”
The Data Broker List Act of 2021 would (via Gary Peters’ office):
· Require data brokers to register annually: This bill would require companies selling consumer data to register with the Federal Trade Commission (FTC) in a national registry, and provide information about their practices with regard to collection of personal data;
· Require implementation of security systems: This bill would require data brokers to have in place a comprehensive information security system to mitigate the risk of data security breaches;
· Authorize enforcement power: This bill would give the FTC enforcement power, including the ability to oversee compliance with the provisions in the bill. It would also give the FTC rulemaking authority to determine what regulations are necessary for enforcement; and
· Require annual review: The bill would require the FTC to conduct an annual review of the data broker registry and provide a report to Congress with recommendations, beginning no later than one year after enactment.