December 10, 2024

Warren, Sanders, Wyden, Whitehouse Renew Push to Protect Americans’ Sensitive Data From Greedy Brokers

Legislation would ban brokers from selling Americans’ location and health data, rein in giant data brokers, and set some long overdue limits on the industry

Millions of Americans' data is collected and sold by data brokers for massive profits

Bill Text | One-Pager

Washington, D.C. – U.S. Senators Elizabeth Warren (D-Mass.), Bernie Sanders (I-Vt.), Ron Wyden (D-Ore.), and Sheldon Whitehouse (D-R.I.) reintroduced the Health and Location Data Protection Act, legislation banning data brokers from selling Americans’ sensitive personal information. Data gathered by brokers has been used to circumvent the Fourth Amendment, out LGBTQ+ Americans, and stalk and harass individuals. Recently, some brokers have been caught selling the cellphone-based location data of people visiting abortion clinics, risking the safety and security of women seeking basic health care.

The $200 billion industry is largely unregulated by federal law. Data brokers gather personal data, such as location data from weather or prayer apps, often without consumers’ consent or knowledge. Brokers sell this data in bulk to virtually any willing buyer, reaping massive profits. These predatory and invasive practices pose real dangers to Americans’ privacy and safety. 

“Data brokers are raking in giant profits from selling Americans’ most private information – even location tracking data from visits to clinics for reproductive care,” said Senator Warren. “As Republicans ramp up efforts to criminalize abortion, it’s more important than ever to crack down on greedy data brokers and protect Americans’ privacy.”

“The ability to buy the information of women who visit abortion clinics and track them back to their homes is everything a repressive right-wing prosecutor could dream of,” Senator Wyden said. “This isn’t hypothetical either: far-right activists have already paid data brokers to target women who visit abortion clinics on their personal electronic devices with misinformation about their reproductive choices. It’s high time for Congress to put privacy first and crack down on the shady data brokers who are selling sensitive personal data to make a quick buck.”

“Data hunters have no business collecting Americans’ most sensitive information without their consent.  I’m pleased to join Senator Warren in reintroducing this timely bill safeguarding personal health and location data, particularly when women are looking over their shoulder as Republicans continue their attacks on abortion and other reproductive health care,” said Senator Whitehouse.

The Health and Location Data Protection Act would: 

  • Ban data brokers from selling or transferring health and location data and require the Federal Trade Commission (FTC) to promulgate rules to implement the law within 180 days, while making exceptions for HIPAA-compliant activities, protected First Amendment speech, and validly authorized disclosures.
  • Ensure robust enforcement of the bill’s provisions by empowering the FTC, state attorneys general, and injured persons to sue to enforce the provisions of the law.
  • Provide $1 billion in funding to the Federal Trade Commission over the next decade to carry out its work, including the enforcement of this law.

Senator Warren has used oversight and policy tools to protect the sensitive data of American consumers from Big Tech companies and data brokers: 

  • In October 2024, Senators Warren, Ron Wyden, and Richard Blumenthal, along with Representative Katie Porter wrote to the Department of Justice (DOJ) urging the investigation and prosecution of major tax preparation companies for illegally sharing protected and sensitive taxpayer information with Big Tech firms.
  • In May 2024, Senators Warren, Ron Wyden, and Sheldon Whitehouse, along with Representative Katie Porter sent a letter to Attorney General Merrick Garland, among others, calling on them to investigate use and disclosures of legally protected and sensitive taxpayer information by tax prep companies.
  • In April 2024, Senators Warren, Bill Cassidy, and Richard Blumenthal wrote to the Cybersecurity and Infrastructure Security Agency (CISA) urging an assessment of the cybersecurity landscape leading up to, and after, the Change Healthcare cyberattack.
  • In April 2024, at a hearing of the U.S. Senate Finance Committee, Senator Warren pushed back on Big Tech’s misleading claims that “free data flows” provisions in trade agreements will help combat China’s digital authoritarianism, when the opposite in fact is true.
  • In January 2024. at a hearing of the Committee on Banking, Housing and Urban Affairs, Senator Elizabeth Warren questioned Emily Kilcrease, Senior Fellow and Director of the Energy, Economics, and Security Program at the Center for a New American Security, on the national security risks posed by digital trade rules that allow tech companies to collect, sell, and store Americans’ data wherever is cheapest, including China.
  • In November 2023, Senators Warren, Ed Markey, John Kennedy, and Jeff Merkley joined their colleagues in introducing the bipartisan Traveler Privacy Protection Act, which would ban the use of facial recognition technology and the collection of facial biometric data by the Transportation Security Administration (TSA) in U.S. airports.
  • In November 2023, Senators Warren and Bill Cassidy, M.D. released statements after Duke University published a report highlighting the detail, ease, and volume at which data brokers are selling the personal data of U.S. service members to web addresses located both in the United States and abroad.
  • In September 2023, Senators Warren and Richard Blumenthal sent a letter to Secretary of Defense Lloyd J. Austin III, expressing concerns about the implementation of the contract the Department of Defense (DoD) awarded to Leidos Partnership for Defense Health (Leidos) for the Military Health System (MHS) Genesis electronic health record system, after reports that the use of MHS Genesis may be contributing to delays in military recruiting, creating barriers to accessing benefits information, and invading the privacy of service members and military recruits. 
  • In July 2023, Senators Warren and Lindsey Graham unveiled comprehensive legislation that would rein in Big Tech by establishing a new commission to regulate online platforms. The commission would have concurrent jurisdiction with FTC and DOJ, and would be responsible for overseeing and enforcing the new statutory provisions in the bill and implementing rules to promote competition, protect privacy, protect consumers, and strengthen our national security.
  • In July 2023, Senator Warren opened an investigation into a disturbing report on Google’s confidential effort to secure exclusive access to millions of tissue samples held at the Department of Defense’s (DoD) Joint Pathology Center (JPC).
  • In March 2023, Senators Warren, Amy Klobuchar (D-Minn.), and Mazie Hirono (D-Hawaii) introduced the Upholding Protections for Health and Online Location Data (UPHOLD) Privacy Act, legislation that would expand protections for Americans’ personal health data by preventing companies from profiting off of personally identifiable health data for advertising purposes, allow consumers greater access to and ownership over their personal health information, restrict companies’ ability to collect or use information about personal health without user consent, and ban data brokers from selling location data.
  • In March 2023, Senators Warren, Cassidy, and Marco Rubio (R-Fla.) reintroduced the Protecting Military Service Members’ Data Act of 2023, a bipartisan bill that would protect the data of U.S. service members by preventing data brokers from selling lists of military personnel to adversarial nations including China, Russia, Iran, and North Korea. They first introduced the bill in May 2022. 
  • In June 2022, Senators Warren, Cory Booker, and Ron Wyden sent letters to two leading mental health apps, expressing deep concerns about the companies’ use of patients’ personal health data.
  • In June 2022, Senators Warren, Wyden, Patty Murray, Sheldon Whitehouse, and Bernie Sanders introduced the Health and Location Data Protection Act, sweeping legislation that bans data brokers from selling some of the most sensitive data available about everyday Americans: their health and location data.
  • In May 2022, Senators Warren, Bill Cassidy, M.D., and Marco Rubio introduced the Protecting Military Service Members’ Data Act of 2022 to protect the data of U.S. service members by preventing data brokers from selling lists of military personnel to adversarial nations including China, Russia, Iran, and North Korea.
  • In May 2022, Senator Warren led thirteen of her Senate colleagues in letters to two data brokers demanding answers regarding their collection and sale of the cellphone-based location data of people who visit abortion clinics such as Planned Parenthood.
  • In December 2021, at a hearing of the Senate Finance Subcommittee on Fiscal Responsibility and Economic Growth, Senator Warren called on Congress and regulators to pass stronger antitrust laws, ban mergers involving huge companies, and encourage robust enforcement to protect the economy, consumers, workers, and data.
  • In March 2020, Senators Warren, Richard Blumenthal (D-Conn.), and Bill Cassidy, M.D. (R-La.) sent a letter to Ascension, the second largest health systems provider in the United States, regarding the company's information-sharing partnership with Google-also known as Project Nightingale-that provides Google with the health records of tens of millions of Americans.
  • In November 2019, following alarming reports of Google’s efforts to obtain the health records of millions of Americans without their awareness or consent, Senators Warren, Blumenthal, and Cassidy sent a bipartisan letter to Google demanding answers to the serious questions and concerns raised by “Project Nightingale.”

###