Senator Gillibrand Announces Renewed Data Protection Act 2021
Time 2 Minute Read
Categories: Online Privacy, U.S. Federal Law

On June 17, 2021, Senator Kirsten Gillibrand (D-NY) announced the reintroduction of the Data Protection Act of 2021 (the “bill”), which would create an independent federal agency, the Data Protection Agency, to “regulate high-risk data practices and the collection, processing, and sharing of personal data.” The bill was first introduced in 2020 and has since been revised to include updated provisions intended to protect against privacy harms, oversee the use of “high-risk data practices” and examine the social, ethical, and economic impacts of data collection.

The Senator’s press release indicates the Data Protection Agency would have three core missions:

  • Provide individuals control and protection over data via its authority to create and enforce data protection rules, including through handling complaints, conducting investigations and administering civil penalties, injunctive relief and other equitable remedies.
  • Ensure fair competition within the digital marketplace, such as by developing model privacy and data protection standards, guidelines and policies.
  • Prepare the U.S. government for the digital age, such as by advising Congress on emerging privacy and technology issues, representing the U.S. in international privacy forums and promoting the consistent regulatory treatment of personal data across federal and state regulators.

In particular, the new agency would be responsible for supervising data aggregators, maintaining a publicly accessible list of data aggregators meeting certain thresholds and reporting to the FTC on the privacy and data protection implications of any mergers that involve a large data aggregator or that propose the transfer of personal data of 50,000 or more individuals. Additionally, the bill would prohibit data aggregators from engaging in certain acts, such as the commission of unfair, deceptive, abusive or discriminatory acts in connection with the processing or sharing of personal data, and re-identifying (or attempting to re-identify) an individual, household or device from anonymized data.

Tags: Biden Administration, Congress, Consumer Protection, Data Protection Authority, Legislation, United States
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
Illinois’ Damages Limitation for Biometric Privacy Violations Applies Retroactively  

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page