Blumenthal, Udall Introduce "MY DATA" Bill to Defend Online Privacy

[WASHINGTON, D.C.] – Following a Republican-led effort to rescind broadband privacy rules, U.S. Senators Richard Blumenthal (D-CT) and Tom Udall (D-NM) introduced new legislation to restore consumer control over sensitive personal information. Blumenthal announced the Managing Your Data Against Telecom Abuses (MY DATA) Act earlier this month in Connecticut at an event with Connecticut Consumer Counsel Elin Katz, Connecticut State Senator Beth Bye (D-West Hartford), and ConnPIRG Connecticut Director Katherine Cohen. The text of the legislation is available here.

“In the 21st century, internet access is a basic necessity. And signing up for a basic necessity should never mean you have to sign away your rights to privacy,” Blumenthal said. “But Republican lawmakers have given broadband providers a green light to sell your sensitive personal information to the highest bidder. My bill makes sure the FTC has the authority it needs to restore consumer control and allow individuals to use the Internet without fear of invasive and intrusive practices that turn our private lives into yet another commodity on the open market.”

“People in New Mexico and across the country tell me they’re outraged that President Trump signed a bill into law to let broadband providers sell Americans' browsing history and sensitive personal data without their consent,” Udall said. “This bill will help to restore your fundamental right to privacy, protecting against invasive overreach by internet providers into information about your family, finances, and health. I am proud to join Senator Blumenthal in fighting to end invasions of privacy from big corporations and return control over personal information back to the people.” 

Currently, the Federal Trade Commission (FTC) cannot protect consumers against unfair or deceptive practices by broadband providers because of an out-of-date loophole in the Federal Trade Commission Act. The MY DATA Act would make sure the FTC has the necessary jurisdiction over broadband providers. It would also grant the Commission authority to establish safeguards for privacy and data security across the Internet, and to tailor these rules, as it deems necessary, for more or less sensitive personal data, and make distinctions between the kinds of entities collecting that data based on their responsibilities and obligations to the consumer.

Earlier this month, President Donald Trump signed a Congressional Review Act (CRA) resolution formally rescinding the Federal Communications Commission’s (FCC’s) broadband privacy rules. These rules required broadband providers to obtain affirmative opt-in consent before sharing their subscribers’ sensitive information and adopt reasonable data security protections. Without these broadband privacy rules in place, broadband providers can use, share, and sell Americans’ sensitive information about their health, finances, and families without permission.

Broadband providers leading the effort to undo FCC’s rules claimed objection to different entities in the Internet ecosystem—broadband providers like Comcast and Verizon, and “edge” content providers like Facebook and Google—being subject to different regulatory regimes. This legislation ensures the FTC’s jurisdiction in the Internet ecosystem includes broadband providers, and thus restoring consumer privacy and data security across all Internet platforms.

Earlier this month, Blumenthal joined six other Senators led by U.S. Senator Edward J. Markey (D-Mass.) in querying the nation’s largest broadband Internet providers on their rules to protect the privacy and security of their subscribers. The Senators sent letters to AT&T, Comcast, Charter, Verizon, Sprint, T-Mobile, and CenturyLink.

Blumenthal has also joined Markey and nine other Senators in introducing separate legislation to restore broadband privacy rules that will protect consumers from having their personal, sensitive information sold to the highest bidder without their consent. This legislation would reinstate the now-rescinded FCC rules which require internet service providers to obtain consent before sharing their subscribers’ sensitive information and adopt reasonable data security protections.