Skip to content
Congress·In Committee·2 months ago

Senate Bill Would Require Online Companies to Protect, Not Exploit, Your Personal Data

Also known as: Data Care Act of 2025

Legislative Progress

Filed
Review
Senate
House
President

Impacts

Mixed Impacts(1)
Small Business Owner
Neutral
Positive Impacts(4)
Chronic Illness
Helps
Pregnant
Helps
Disability Benefits
Helps
Child Tax Credit
Helps

Key Points

  • Would require online companies that collect data about you to follow three basic rules: protect it, don’t use it against you, and don’t share it carelessly.
  • Sets a “duty of care” to reasonably secure your identifying data and to quickly tell you if your sensitive data is exposed in a breach.
  • Sets a “duty of loyalty” so a company can’t use your data in ways that benefit the company but harm you, including uses that could cause real physical or financial harm or feel shocking and offensive to most people.
  • Sets a “duty of confidentiality” limiting selling or sharing your identifying data, and requires contracts and regular checks when data is shared with other companies.
  • Gives the Federal Trade Commission and state attorneys general power to enforce the rules; companies can’t take away these rights in fine-print contracts, and most duties would start 180 days after the bill becomes law.
Data PrivacyConsumer ProtectionCybersecurityTechnology

Milestones

2 milestones2 actions
Dec 18, 2025Senate

Read twice and referred to the Committee on Commerce, Science, and Transportation.

Dec 18, 2025

Introduced in Senate

What Happens Next

Projected impacts based on AI analysis

Soon after the bill becomes law

Online providers begin preparing for the new duties (security upgrades, vendor contract changes, audit plans).

You may see updated privacy terms, new security steps, and more notices about how your data is shared as companies get ready to comply.

After enactment, likely over months

FTC starts rulemaking and guidance, including possible expansion of breach notices beyond “sensitive data.”

Over time, you could get breach alerts for more types of data, not just the “sensitive” list in the bill, depending on what the FTC decides.

Within the first year after Section 3 starts applying

FTC and state attorneys general bring early enforcement cases to set expectations.

Early cases usually push companies to change practices faster; you may notice fewer “surprise” data uses and more careful handling of logins, location, and health-related data.

Related News

2 articles
The Hill·almost 3 years ago

Schatz, 15 senators reintroduce Data Care Act

Senator Brian Schatz led a group of senators in reintroducing legislation that would require websites and apps to protect user data. The bill establishes a 'duty of care' to secure data and a 'duty of loyalty' to prevent companies from using data in ways that cause financial or physical harm.

C=
Politico·2 months ago

Senate Democrats push for 'duty of loyalty' in new privacy bill

The Data Care Act of 2025, reintroduced by Sen. Brian Schatz, centers on the concept of a 'duty of loyalty,' prohibiting companies from using personal data in ways that are 'unexpected and highly offensive' or cause material harm to the user.

CL=

Source Information

Document Type

Congressional Bill

Official Title

Data Care Act of 2025

Bill NumberS 3570
Congress119th Congress
ChamberSenate
Latest ActionRead twice and referred to the Committee on Commerce, Science, and Transportation.

Sponsor

Cosponsors

(12)
D: 10I: 2

Analysis generated by AI. While we strive for accuracy, this should not be considered legal or professional advice. Always verify information with official government sources.