MY DATA Act of 2025
- Bill Number
- H.R. 6043
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Commerce
- Status
- Introduced
- Latest Action
- 2025-11-12: Referred to the House Committee on Energy and Commerce.
- Last Updated
- 2025-12-09T22:18:18Z
AI-Generated Summary
Purpose
The MY DATA Act of 2025 aims to protect consumer privacy by preventing companies and organizations that handle personal data from blocking individuals' use of anonymized or disguised versions of their own data. It promotes greater individual control over personal information in digital interactions.
Key Provisions
- Prohibition on Interference: Covered entities (businesses or organizations that collect, process, or transfer personal data) are banned from stopping individuals from using:
- De-identified data: Information that cannot be linked back to a specific person or device, even if grouped with other data.
- Cloaked data: Unique codes or identifiers that hide a person's real identity and data while still allowing communication with the entity.
- Exception: The ban does not apply if the covered entity is acting solely as a service provider (e.g., a third-party tool helping with data handling).
- Enforcement: Violations are treated as unfair or deceptive business practices under the Federal Trade Commission (FTC) Act. The FTC has full authority to investigate, penalize, and enforce the law using its existing powers, including fines and legal actions.
- Definitions:
- Covered data: Any information that identifies a person or can be reasonably connected to them (or their device), alone or combined with other info.
- Covered entity: Any non-individual (in a business context) that deals with covered data; excludes government bodies and specific nonprofits focused on child safety (e.g., organizations aiding victims of exploitation).
- Unique persistent identifier: A custom code linked to a person but designed only for secure communication between the individual and the entity.
Significant Changes to Existing Law
- This bill introduces a new federal prohibition specifically targeting interference with anonymized data use, which is not directly addressed in current U.S. privacy laws like the FTC Act or sector-specific rules (e.g., HIPAA for health data).
- It expands the FTC's role by incorporating this privacy protection into its existing framework for unfair practices, potentially broadening enforcement without needing new agencies or regulations.
- No amendments to prior laws are specified; instead, it layers on top by deeming violations as equivalent to existing FTC violations.
Potential Impacts
- On Citizens: Empowers individuals to interact with services using privacy-protected data versions, reducing risks of identity exposure in online activities; could foster more trust in digital tools but may require tech literacy to implement.
- On Government Agencies: The FTC gains clearer authority to police data practices, potentially increasing its workload and investigations into big tech or data firms; other agencies (e.g., state privacy enforcers) might see indirect effects through aligned standards.
- On Businesses: Covered entities face compliance burdens, such as updating systems to allow cloaked or de-identified data, with risks of FTC penalties for non-compliance; smaller firms might struggle more than large ones.
- International Relations: Minimal direct impact, though U.S. companies operating globally could influence data standards abroad; no provisions address foreign entities or cross-border data flows.
Main Stakeholders Affected
- Individuals/Consumers: Primary beneficiaries, gaining tools to protect personal data in interactions with apps, websites, or services.
- Covered Entities: Tech companies, data brokers, advertisers, and online platforms that handle user data; they must adapt practices or face enforcement.
- Federal Trade Commission (FTC): Key enforcer, with expanded oversight responsibilities.
- Excluded Groups: Governments and child safety nonprofits are exempt, avoiding added burdens on public services.
Notable Legal, Constitutional, or Political Implications
- Legal: Strengthens privacy enforcement under consumer protection law but relies on FTC rulemaking for specifics; could lead to court challenges over what counts as "reasonable linkability" in data definitions.
- Constitutional: May intersect with First Amendment concerns if restrictions on data handling limit commercial speech, though it focuses on consumer rights rather than broad censorship; aligns with evolving privacy expectations without directly addressing Fourth Amendment search issues.
- Political: Represents a bipartisan push for data privacy amid rising concerns over surveillance and breaches; could set a precedent for future federal privacy laws, balancing individual rights against business innovation, but its narrow scope (only anonymized data) limits broader reform.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Recent Actions
- 2025-11-12: Referred to the House Committee on Energy and Commerce.
- 2025-11-12: Introduced in House
- 2025-11-12: Introduced in House
Bill Versions
- Manage Your Data and Allow Only Trusted Access Act of 2025 — issued 2025-11-12 — PDF (5 pages)