By Colin Lecher, Nov 1, 2018; Original Verge article here. Full bill text here.
Sen. Ron Wyden (D-OR) released an early draft of legislation today that would create substantially stiffer guidelines for the misuse of consumers’ data. Among other provisions, the bill suggests creating a penalty of 10 to 20 years imprisonment for senior executives who fail to follow new rules around data use.
Wyden said in a statement:
“It’s time for some sunshine on this shadowy network of information sharing. My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans’ most private information.”
The tech industry has faced enormous scrutiny over the past two years, as companies like Facebook and Google have been roiled by scandals, including Cambridge Analytica’s use of Facebook data. Lawmakers have suggested possible new standards around the use of data, but so far, no major federal legislation has been passed. Still, Wyden suggested in an interview with The Verge this year that a bill was forthcoming.
Wyden’s draft proposal, called the Consumer Data Protection Act, would give the FTC more authority and resources to police the use of data by adding a total of 175 new staff. Under the proposal, the FTC would also be allowed to fine companies up to 4 percent of revenue for a first offense.
The legislation would also create a centralized Do Not Track list meant to let consumers stop companies from sharing their data with third parties, or from using it for targeted advertising. The legislation would instead allow companies to block users who opt out and offer a paid version of the service in place of the tracking. Consumers could also ask to review and challenge the information collected on them.
Companies that make more than $1 billion in revenue and that handle information on more than 1 million people, or smaller companies that handle information on more than 50 million people, would also be required to submit regular reports to the FTC that describe any privacy lapses. Failure to comply with the measure could lead to jail time.
While tech industry executives, including Mark Zuckerberg, have suggested they’re open to some kind of regulation, it’s likely they would make a push against the proposal. So far, some states have taken the issue into their own hands: earlier this year, California passed one of the toughest data privacy laws in the country over the objections of the industry.