2020 Democrats on who controls your data — and who’s at fault when it’s mishandled

Candidates agree: Americans should have more control over their data than they do now.

To find out how 2020 Democratic candidates would use their presidential powers to address different aspects of technology, we sent seven key questions to every campaign. This post includes six candidates’ answers to the fourth question. You can find answers to the other six questions on the landing page.

Who should control Americans’ online data? And how should tech companies be punished when they fail to properly protect and steward this data?

Bernie Sanders: [I believe] that Americans have the right to their own data and that there should be strict penalties for companies who are negligent in protecting that data. [I] also believe there should be strict accountability and oversight over the collection and sale of consumer data, especially by major technology corporations such as Facebook.

[I believe] it is unconscionable that Equifax exposed the data of 140 million Americans and their CEO walked away with a $90 million golden parachute. In a Bernie Sanders administration, executives will be held accountable for breaches of consumer privacy and prosecuted if there is evidence of negligence. In the case of credit reporting, [I] would create a public, secure credit registry to replace the current credit reporting system.

Elizabeth Warren: We must give people more control over how their personal information is collected, shared, and sold — and do it in a way that doesn’t lock in massive competitive advantages for the companies that already have a ton of our data. Tech companies shouldn’t be using Americans’ private information for profit. If they fail to protect this data, they should be held accountable with fines. I also have a plan to expand criminal liability to any corporate executive who negligently oversees a giant company causing severe harm to US families. Last but not least, I believe we need to break up big tech companies so we can drive competition and accountability into their models.

Pete Buttigieg: As president, I will make protecting our privacy a top priority, and hold companies accountable when they fail. I will work with Congress to pass a comprehensive federal privacy law that puts affirmative obligations on companies to limit what they do with our data, protect our information, and ensure that anyone who collects or holds our data third parties treats our data with care. My plan will place affirmative fiduciary obligations on data collectors — similar to the obligations that doctors and lawyers have to their clients. In practice, this means that there would be reasonable limits on what companies can collect and do with our data. Companies must also take reasonable steps to keep our information secure and cannot benefit financially from our data while harming us at the same time. Pursuant to this law, companies will not be able to argue that they have no privacy responsibilities because we clicked on an “I Agree” button or because their sharing data with third parties didn’t result in specific, monetary loss. Rather, the failure to meet their fiduciary duties is itself the harm. I support strong penalties for those who fail to properly protect and steward Americans’ online data.

Andrew Yang: [I] frequently say that our data is now worth more than oil. Tech companies are taking and profiting off that data to the tune of billions of dollars while some pay zero in taxes. [I] believe that data generated by each individual needs to be owned by them, with certain rights conveyed that will allow them to know how it’s used, and protect it. My administration will ensure that the rights of data ownership include: knowing what data is being collected, how the data will be used, if that data is being sold or shared, if the data is breached; and the ability to refuse data collection, download and transfer ones data, and have one’s data deleted. If one gives informed consent to sharing their data with a company, they should enjoy a share of the value that data generates. If a company violates the data rights of its customers, it should be held legally responsible.

Tom Steyer: Americans should control their online data. When tech companies either steal data or fail to adequately protect our privacy, they should be liable under the law.

Michael Bennet: Americans should have far greater control over their online data, and companies that acquire and use that data need to be far more transparent about when and how they do so. We should establish a fiduciary responsibility for companies to be good stewards of customer data, like banks with individual deposits. When companies fail to properly protect data, sell it without permission, and fail to safeguard it appropriately, the FTC must hold them accountable. To that end, Congress should also strengthen the FTC’s oversight authority for data privacy.