The "You Own the Data Act" (YODA) aims to affirm user ownership of personal data and enhance individual privacy rights. It prohibits covered entities from requiring the transfer or monetization of private data in exchange for services and mandates explicit written consent for collecting third-party contact information. The bill grants users comprehensive rights, including the ability to access their data, view a list of third parties it was shared with, and request correction, deletion, or de-identification . Users can also obtain their data in a portable, machine-readable format , with these rights exercisable free of charge at least twice annually without fear of retaliation. Commercial data operators must adhere to data minimization principles, limiting collection and retention to what is strictly necessary for requested services or fraud prevention, explicitly excluding monetization. The Act also requires prominent opt-out icons for data collection, prohibits tracking cookies without user consent, and mandates affirmative parental consent for data collection from minors. To ensure transparency, covered entities must provide clear, concise privacy notices and, if users consent to data monetization, an annual report detailing data sharing; timely data breach notifications and compensation for affected users are also required. Enforcement is handled by the Federal Trade Commission , State Attorneys General, and includes a private right of action for individuals against large entities.