Concepts and technologies are disclosed herein for controlling data access and rate in a network. An enforcement application can detect a request for a data session and determine how and when the requested data session is to be established. The enforcement application can consider various data, input obtained at the user device, and/or other considerations including subscriber data and network data. Based upon these data, the enforcement application can determine network congestion, available resources, available bandwidth, an allocation rate of congestion credits (“credits”) for the user, a flow rate of the credits from an account to a credit pool, and a usage rate of the credits from the credit pool. The enforcement application can be configured to enforce the usage rate against a data session and to issue one or more commands to control the data session.