Sen. Kristen Gillibrand (D-N.Y.) recently introduced a 41-page bill that would transfer the authority to create and enforce data protection rules from the Federal Trade Commission to a new independent federal agency. This proposal comes on the heels of a similar proposal from Sen. Josh Hawley (R-Mo.). Both of these proposals have emerged due to frustrations with the FTC’s enforcement efforts (or perceived lack thereof).

Per Section 5 of the Federal Trade Commission Act, the FTC has legal authority to bring enforcement actions that address unfair or deceptive practices in the marketplace, which includes holding businesses to certain data privacy and security standards. The Consumer Financial Protection Bureau and the FTC have agreed to share concurrent jurisdiction over consumer protection law enforcement against many nonbank financial services companies. Meanwhile, the CFPB has additional authority to prevent unfair or deceptive practices. Nonetheless, the FTC is still considered the primary federal agency to pursue data protection issues.

According to Senator Gillibrand, the FTC has “failed to enforce its own orders and has failed to act on dozens of detailed consumer privacy complaints alleging unfair practices concerning data collection, marketing to children, cross-device tracking, consumer profiling, user tracking, discriminatory business practices and data disclosure to third-parties.” Senator Gillibrand claims her bill was inspired by major data breaches at entities like Equifax and Facebook, as well as frequent reports that technology companies are finding ways to profit off of personal data without consumers’ knowledge or consent.

Senator Gillibrand’s bill would allow individuals to file complaints with the proposed agency, titled the Data Protection Agency (“DPA”), when they believe a company has violated data privacy laws. These complaints potentially would trigger investigations that could result in civil penalties, fines, or injunctive relief. While complaints currently are filed with the FTC, consumer frustration lies with the agency’s perceived inability to enforce existing laws when data protection is not the FTC’s primary focus.

The DPA would have three core missions, according to Gillibrand: (1) fielding consumer complaints, conducting investigations, and informing the public regarding data protection issues; (2) working with the technology industry to ensure fair competition and foster innovation in the marketplace; and (3) advising Congress on emerging privacy and technology issues.

While Senator Gillibrand currently is the only sponsor on the bill, she claims to be confident that she can secure bipartisan support. Various privacy rights advocacy groups, such as the Electronic Privacy Information Center, Center for Digital Democracy, Color of Change, and Campaign for a Commercial-Free Childhood, have vocalized support for the bill.

Senator Gillibrand’s proposal echoes a similar bill proposed late last year in the House of Representatives by Democratic representatives Anna Eshoo and Zoe Lofgrenbut. The House bill also would create a separate federal agency to enforce data protection rules.

On the other side of the aisle, Republican Senator Hawley voiced similar frustrations about the FTC’s enforcement abilities, stating that “[t]he FTC isn’t working […] [i]t wastes time in turf wars with the [Department of Justice], nobody is accountable for decisions, and it lacks the ‘teeth’ to get after Big Tech’s rampant abuses.” Senator Hawley’s proposal appears to be inspired by the FTC’s decision to close its investigation into Google without taking action against the company – “[t]he FTC’s inaction allowed Google to entrench its market share for years using deception[.]” Hawley also criticized the FTC’s $5 billion settlement with Facebook after the company violated a consent decree regarding data privacy concerns, and the agency’s approval of various major acquisitions.

Senator Hawley proposes that instead of creating what he called “new unaccountable bureaucracies to address the challenges of digital markets,” the FTC should be placed under the control of the DOJ. Senator Hawley claims this approach would force the commission to focus more squarely on digital markets, enforcement, and market analysis. The plan also would eliminate the FTC’s five-member structure and, instead, put it under a single director, who would be Senate-confirmed and serve a five-year term. This approach is likely to raise criticism that it strips the FTC of much of its independent authority and puts it directly under the executive branch’s control.

It currently is unclear whether either of these bills will gain bipartisan traction in Congress, as Republicans may not support the creation of a new federal agency, and Democrats are unlikely to support stripping the FTC of its independent authority. As mentioned earlier, the FTC is still the primary federal authority enforcing data protection issues. Therefore, companies should continue ensuring that data practices are neither unfair nor deceptive in order to avoid inquiry from the FTC or state attorneys general.