My Body, My Data Act of 2025

This bill sets strict rules for how apps, websites, and other companies handle people’s reproductive or sexual health information. Companies can only collect, use, or share this data if it is strictly needed to provide a service you asked for, and they must limit which workers can see it . You get clear rights: you can see what they have about you (including where they got it and who they shared it with), fix mistakes, and make them delete it. They have to offer an easy online way to do this, for free, and respond within 15 days . Companies must post a plain, public privacy policy that lists what they collect, why, which third parties they share with or get data from, and what controls you have over your data . They cannot punish you for using your rights, like by charging more or lowering service quality .

If a company breaks these rules, the Federal Trade Commission can enforce the law, and people can sue in court. Courts can award at least $100 and up to $1,000 per violation per day (or actual damages, if higher), plus punitive damages and attorney’s fees. Companies cannot force you into pre-dispute arbitration or block you from joining a class action over these issues. A violation counts as a real injury to you under the law . The bill also says it does not wipe out stronger state privacy protections and does not limit free speech rights .

Key points

• Who is affected: People whose reproductive or sexual health data is collected; companies that handle this data (“regulated entities”) .
• What changes: Strict data minimization; strong rights to access, correct, and delete; clear privacy policies; no retaliation; federal and private enforcement with meaningful penalties .
• When: Companies must answer your data requests within 15 days .