Sponsors
The bill centralizes and simplifies consumer control and increases transparency and enforcement resources for data-broker activity, but does so by creating a centralized repository of persistent identifiers and publicly disclosed broker details that raise security, accuracy, cost, and state-preemption risks.
Consumers (all individuals who are listed by data brokers) can submit a single, centralized request to delete their personal information and stop future collection, simplifying and expanding individual control over personal data.
Data brokers must register and publicly disclose identifying and operational details in a machine-readable registry, and broker fees fund FTC administration and audits, increasing transparency and enabling stronger enforcement and compliance oversight.
Mandatory technical and administrative security safeguards for the centralized system (e.g., salting/hashing of identifiers) reduce the likelihood that submitted personal identifiers will be exposed through misuse or accidental disclosure.
Individuals must enter persistent personal identifiers (email, phone, addresses, other persistent identifiers) into a centralized repository, creating a sensitive target that, if breached or misused, could expose large numbers of people to fraud, identity theft, or targeted attacks.
Publicly available broker registry entries (contact points and operational details) and the FTC's inability to verify registrant accuracy could enable scams, harassment, or misuse and reduce the practical value of transparency for some consumers.
Compliance costs for broker registration, audits, and system implementation may be passed on to consumers through higher prices or reduced services from companies that rely on consumer data.
Based on analysis of 2 sections of legislative text.
Requires an FTC-run annual registry of data brokers and a centralized system for individuals to request deletion and to stop future collection of their personal data via one submission.
Creates an FTC-managed registration system for data brokers and a centralized, machine-readable public registry. It requires data brokers to register annually, disclose identifying and operational information, and lets individuals submit a single request to delete their personal information from all registered brokers and to stop future collection unless they opt otherwise. The FTC must issue implementing regulations within 1 year and require brokers to register within 18 months of enactment, set security protections for the centralized system, and publish registration data unless doing so would harm public safety or welfare.
Introduced April 2, 2025 by Lori Trahan · Last progress April 2, 2025