WASHINGTON – U.S. Senator Jerry Moran (R-Kan.) today reintroduced the Consumer Data Privacy and Security Act to strengthen the laws that govern consumers’ personal data and create clear standards and regulations for American businesses that collect, process and use consumers’ personally identifiable data.

“More and more Americans are recognizing the need for a clear federal standard for data privacy that guarantees them the ability to determine how their personal data is used,” said Sen. Moran. “Americans need to be able to count on strong baseline responsibilities that businesses must uphold when collecting, processing and protecting their personally identifiable information. Without action from Congress, consumers will continue to be vulnerable to future threats against their personal data, and innovators and job creators will be plagued with regulatory uncertainty resulting from a growing patchwork of state laws. It is clear that Congress needs to act, and I encourage my colleagues to support the Consumer Data Privacy and Security Act as the federal standard for comprehensive privacy legislation.”

This week, survey results showed an overwhelming majority of Americans believe a national standard for privacy is needed and that data privacy should be an important priority for Congress. 

The Consumer Data Privacy and Security Act would:

• Establish a clear federal standard for data privacy protection, giving businesses a uniform standard rather than a patchwork of confusing state laws.
• Provide consumers with control over their own data to access, correct and erase their personal data.
• Require businesses that collect and process a significant amount of personal data to take extra precautionary steps to protect and responsibly process that data.
• Prohibit companies from collecting data without consumers’ consent with limited and specific exceptions.
• Require businesses to develop and implement robust data security programs to protect personal data from unauthorized access and disclosure.
• Equip the Federal Trade Commission (FTC) and state attorneys general with authority to uniformly enforce federal consumer privacy protections while providing the FTC the resources necessary to carry out those authorities.

Several leading business and privacy organizations are supportive of the Consumer Data Privacy and Security Act, including the National Retail Federation, Main Street Privacy Coalition, BSA – The Software Alliance, NTCA – The Rural Broadband Association, Garmin and the Kansas City Tech Council.

Click here for an overview of this legislation.

Click here for a detailed section-by-section of this legislation.

Click here to download the full bill text.

Timeline of Sen. Moran’s Work on Crafting a Federal Data Privacy Bill:

• November 8, 2017 – Sen. Moran participated in a full Senate Commerce Committee hearing on industry responses to Yahoo!’s 2013 data breach and Equifax’s 2017 data breach.
• November 27, 2017 – Sen. Moran (and Sens. Thune, Hatch, and Cassidy) sent a letter to Uber Technologies pertaining to reports of a data breach involving the personal data of millions of customers.
• December 12, 2017 – Sen. Moran successfully enacted his Modernizing Government Technology (MGT) Act as part of the FY2018 NDAA, which focused on encouraging federal agencies to modernize their government IT infrastructure in the interest of securing government data (including personally identifiable information of taxpayers and federal employees).
• February 6, 2018 – Sen. Moran chaired a Senate Commerce Subcommittee hearing on vulnerability disclosure programs employed by industry actors, while specifically focusing on the Uber data breach and the use of its bug bounty program to conceal the incident.
• March 22, 2018 – Sen. Moran and Sen. Blumenthal sent a letter to Aleksandr Kogan seeking additional information about how the personal data of 50 million Facebook users was transmitted to Cambridge Analytica.
• April 10, 2018 – Sen. Moran participated in a joint hearing held by the Senate Commerce and Judiciary Committees that had Facebook CEO Mark Zuckerberg providing testimony. Senator Moran asked a series of questions pertaining to the provisions of Facebook’s (then) FTC consent decree and how allegations of its third-party sharing did not conflict with such provisions.
• June 13, 2018 – Sen. Moran chaired a Senate Commerce Subcommittee hearing following the joint full committee hearing with Facebook CEO Zuckerberg to focus on the collection and use of social media data and associated privacy concerns. Aleksandr Kogan from University of Cambridge and Ashkan Soltani a former FTC technologist provided testimony.
• September 20, 2018 – Sen. Moran (and Sens. Blumenthal, Wicker, and Schatz) sent a letter to Commerce Secretary Ross to encourage the department to include Congress in any blueprint discussions regarding a national privacy framework.
• September 26, 2018 – Sen. Moran participated in a full Senate Commerce Committee hearing to examine the privacy policies of top technology and communications firms, including AT&T, Amazon, Google, Twitter, Apple, and Charter Communications.
• October 10, 2018 – Sen. Moran participated in a full Senate Commerce Committee hearing to examine lessons learned from the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. This hearing included testimony from the European Data Protection Board Chair Dr. Andrea Jelinek and author of the California law Alastair Mactaggart.
• November 27, 2018 – Sen. Moran chaired a Senate Commerce Subcommittee hearing to conduct oversight of the Federal Trade Commission, which acts as the lead federal enforcer of consumer data privacy and security violations.  All five commissioners were in attendance.
• February 27, 2019 – Sen. Moran participated in a full Senate Commerce Committee hearing in which he asked specific questions of industry stakeholders related to provisions that could be included in privacy legislation like FTC rulemaking authority, first-time civil penalty authority, and resources.
• March 26, 2019 – Sen. Moran chaired a Senate Commerce Subcommittee hearing to discuss small business perspectives on a federal privacy framework. The witnesses on the panel included consumer advocates and industry representatives from a variety of sectors, including Ryan Weber from the KC Tech Council.
• April 30, 2019 – Sen. Moran participated in a Senate Commerce Subcommittee on Security hearing on Cybersecurity of the Internet of Things (IoT), which included testimony from CTA, US Chamber of Commerce, Rapid7, USTelecom and NIST.
• May 1, 2019 – Sen. Moran participated in a full Senate Commerce Committee hearing that included testimony from Helen Dixon the Data Protection Commission for the Republic of Ireland (who spoke on the implementation of EU GDPR) along with others from consumer advocacy groups like ACLU, the Future of Privacy Forum and Common Sense Media.
• December 4, 2019 – Sen. Moran participated in a full Senate Commerce Committee hearing to examine legislative proposals to protect consumer privacy, which included testimony from a variety of industry stakeholders and a consumer advocate from Center for Democracy and Technology.
• March 12, 2020 – Sen. Moran introduced landmark privacy data legislation, the Consumer Data Privacy and Security Act.
• July 29, 2020 – Sen. Moran participated in a full Senate Banking Committee hearing where he questioned former Consumer Financial Protection Burea Director Kathy Kraninger regarding consumer data protection as it related to financial technology companies.
• August 5, 2020 – Sen. Moran participated in a full Senate Commerce Committee hearing to examine policy issues related to the FTC, including domestic and international privacy laws.
• August 28, 2020 – Sen. Moran urged the FTC to address privacy issues surrounding the mobile app “Premom” following an investigation that the company had shared its users’ data without their consent.
• September 23, 2020 – Sen. Moran participated in a full Senate Commerce Committee hearing revisiting the need for data privacy legislation with leaders of the FTC. He questioned the current and former law enforcement experts in the data privacy field about what data privacy legislation should contain, including whether “persistent identifiers” should be considered information to be regulated.
• October 28, 2020 – Sen. Moran participated in a full Senate Commerce Committee hearing where he questioned Big Tech CEOs regarding federal data privacy and FTC enforcement authorities.
• January 26, 2021 – Sen. Moran spoke with then Commerce Secretary nominee Gina Raimondo prior to a Senate Commerce Committee confirmation hearing regarding data privacy, including how the Consumer Data Privacy and Security Act would complement the department’s ongoing efforts to negotiate a new Privacy Shield agreement with the European Union.
• April 13, 2021 – Sen. Moran met virtually with the nominee to the FTC regarding data privacy and his bill to create a clear federal standard.

# # #