Sen. Ron Wyden (D-Ore.) has made public the draft of proposed legislation that would, in his words, “create radical transparency into how corporations use and share their data and impose harsh fines and prison terms for executives at corporations that misuse Americans’ data.”
The proposed Consumer Data Protection Act, announced on Thursday, would allow consumers to control the sale and sharing of their data and gives the Federal Trade Commission added authority over privacy protection.
The bill empowers the FTC to establish minimum privacy and cyber-security standards and authorizes the agency to assess civil penalties of up to $50,000 per violation and 4 percent of the entity’s total annual gross revenue. That penalty can be applied to first time violations.
The bill also requires senior executives (including the chief executive officer, chief privacy officer, chief information security officer) of companies with more than $1 billion in annual revenue, or data on more than 50 million consumers, to file annual reports with the FTC detailing whether or not the company has complied with the privacy and data security regulations created by the Consumer Data Protection Act. This section of the bill also creates criminal penalties, including imprisonment of up to 20 years, if executives sign off on false statements in these annual reports.
The legislation would also create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the Web by sharing data, selling data, or targeting advertisements based on their personal information. Consumers would also be provided a means to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
Companies would be required to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.
Under Wyden’s bill, companies would be allowed to charge consumers who want to use their products and services, but don’t want their information monetized.
To facilitate its new responsibilities, the bill allows the FTC to hire 175 more staffers dedicated to policing the market for private data.
“This is an important and thoughtful contribution to the long overdue debate we’re having about privacy law in America,” says Justin Brookman, director of privacy and technology policy at Consumers Union, the advocacy division of Consumer Reports.
“Everything you read, everywhere you go, everything you buy, and everyone you talk to is sucked up in a corporation’s database,” Wyden said in a statement. “But individual Americans know far too little about how their data is collected, how it’s used, and how it’s shared. It’s time for some sunshine on this shadowy network of information sharing.”
Wyden is accepting feedback on the bill at PrivacyBillComments@wyden.senate.gov.