U.S. Data Privacy Bill Would Jail Offenders
Proposed U.S. data privacy legislation would impose penalties stiffer than current European rules while giving American consumers a “one-click” option to block companies from selling or sharing their personal information.
Observers said the legislation proposed by Sen. Ron Wyden (D-Ore) represents the opening volley in efforts to forge uniform federal data privacy rules, a step some companies might encourage platform vendors to pitch data privacy and transparency as product differentiators.
In its present form, the unambiguously titled “Mind Your Own Business Act” would go further than the EU’s General Data Protection Regulation (GDPR), with fines for corporate violators up to 4 percent of annual revenues and criminal penalties of up to 20 years for executives caught lying to authorities about misuse of personal data.
Wyden’s bill would amend the Federal Trade Commission Act by tightening restrictions and imposing stiffer penalties on corporate violators. It also proposes tax penalties based on executive compensation.
Wyden, the ranking Democrat on the Senate Finance Committee, said his data privacy proposal would impose penalties on social media and other platform operators that go beyond “a slap on the wrist from the FTC….”
Along with giving data regulators the authority to be an “effective cop on the beat,” Wyden said his proposal would give consumers greater control over their data, compel corporate transparency on how data are used and shared while holding executives personally responsible for violations.
Among the provisions added to the legislation prior to its introduction are a strengthened “Do Not Track” option that would prevent companies from mining user data to target advertising. An earlier draft allowed the practice.
It also would levy new tax penalties on corporate executives caught lying about the use or sharing of private information. Fines in the form of a tax would be based on executive pay. The provision is aimed squarely at executives of social media companies like Facebook (NASDAQ: FB) that have thus far escaped harsh penalties for data privacy and other breaches.
Wyden’s proposal would not preempt state laws such as the California Consumer Privacy Act, which takes effect on January 1, 2020.
While tightening U.S. data privacy rules, Wyden and other backers suggest the proposal also could stimulate a market for privacy protection services.
Heightened focus on data privacy “will cause individuals and businesses to use data privacy as a differentiator, and place a more explicit value on transparency,” said Robert Cruz, senior director of information governance at Smarsh, a cloud-based data archiving service based in Portland, Ore.
“Some companies have invested to implement controls and consider data privacy ‘by design and default’—and there are those that will look at it as simply another business tax,” Cruz added. “This gives very useful information to individuals who are deciding who they want to do business with.”
The full text of Wyden’s proposed legislation is here.