Fact Sheet: The Personal Data Privacy And Security Act

Fact Sheet
The Personal Data Privacy And Security Act

LINK to news announcement on introduction of the bill

LINK to Section-By-Section Summary of the bill

LINK to complete text of the bill

 The Personal Data Privacy And Security Act (PDPSA), And CFAA:

The Computer Fraud and Abuse Act (CFAA) currently makes it a crime to for a person to use a computer in a manner that “exceeds” their “authorized access.”   

The bill contains several provisions to help ensure that the government uses the important tools in the law to prosecute significant cyberthreats, rather than to prosecute relatively innocuous conduct, such as violating a terms of use agreement.

The Personal Data Privacy and Security Act would make clear that Congress does not intend for the Justice Department to pursue criminal prosecutions under the CFAA for conduct solely involving a violation of a terms of use agreement, or contractual agreement. 

Specifically, Sections 107 and 110 of the bill would amend the CFAA to require that that violations of a contractual agreement or terms of use agreements cannot be the sole basis for bringing civil claims or criminal prosecutions under the statute.

Section 108 of the bill also adds a new reporting requirement to the CFAA, requiring that the Attorney General annually report to Congress on any criminal cases brought under that law which were based solely upon the defendant either exceeding authorized access to a nongovernmental computer, or accessing a non-governmental computer without authorization.

The bill would not prohibit the Justice Department from using evidence of a contractual violation to support a charge under the CFAA, when coupled with other evidence.

This language in Section 110 was proposed by Senators Grassley and Franken, during earlier consideration of the bill, to ensure that the Justice Department could not bring another case like United States v. Lori Drew, which involved a CFAA charge based solely upon a violation of a MySpace terms-of-service agreement.  This language addresses earlier concerns that CFAA could lead to abuse by criminalizing relatively trivial conduct.

The Senate Judiciary Committee favorably reported the language in the bill with bipartisan support when the Judiciary Committee considered similar legislation in 2011. 

The bill represents a balance between the need for clear and meaningful punishment, with the equally compelling need to encourage innovation and protect privacy and civil liberties.

# # # # #

Press Contact

Press Contact
David Carle: 202-224-3693

Related Files