Sen. Ron Wyden (D-Ore.) on Thursday announced sweeping updates to a previously drafted data privacy bill that he states “goes further than Europe’s General Data Protection Regulation” (GDPR).
The Mind Your Own Business Act incorporates feedback Wyden received on his last draft announced in November, then titled the Consumer Data Protection Act. Wyden’s bill, introduced to the Senate, aims to “create the strongest-ever protections for Americans’ private data and to hold accountable the corporate executives responsible for abusing our information.”
That includes prison sentences for executives that misuse Americans’ data and lie about it to the government.
“Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences. A slap on the wrist from the FTC [(Federal Trade Commission)] won’t do the job, so under my bill he’d face jail time for lying to the government,” Wyden said in his release. “I spent the past year listening to experts and strengthening the protections in my bill.”
Since November, Zuckerberg’s Facebook was hit with a groundbreaking $5 billion penalty for privacy violations from the FTC that many still considered too lenient. Despite the record figure, $5 billion is a mere fraction of the $55.8 billion Facebook earned in 2018 alone, though the FTC defended its enforcement by citing “unprecedented” new privacy and corporate governance obligations Facebook would have to implement as part of the settlement.
“We need to hold companies accountable for their profiteering off of consumers. My bill is the way to do it.”
Sen. Ron Wyden
Zuckerberg was free of personal liability, which Wyden seeks to change. His bill is based on three basic ideas: “Consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share our data, and corporate executives need to be held personally responsible when they lie about protecting our personal information.”
The Mind Your Own Business Act would empower the FTC to issue fines of up to 4 percent of annual revenue on the first offense for companies, similar to the GDPR, and dole out prison sentences of up to 20 years for senior executives who knowingly lie to the regulator. It would also create 175 more jobs at the FTC to police the market for private data.
Among the changes Wyden has made to the bill since first releasing its draft in November is clarifying that it would not preempt any state law, such as the California Consumer Privacy Act scheduled to take effect Jan. 1, 2020. Other updates from the previous bill:
- Strengthen the impact of the “Do Not Track” opt-out to stop companies from mining user data to target ads on behalf of other companies, which was allowed under the draft bill;
- Extend “lifeline” protections for privacy-friendly services to low-income users;
- Permit state attorneys general to enforce the regulations created by the bill to get more cops on the privacy beat;
- Create a right of action for protection and advocacy organizations. Each state will be able to designate one “protection and advocacy” organization that can file civil suits against companies that violate privacy regulations; and
- Levy new tax penalties on companies whose CEOs lie about privacy protections.
Similar to the Facebook fine, the FTC was criticized when it settled alleged violations of the Children’s Online Privacy Protection Act (COPPA) Rule on the part of Google and its subsidiary Youtube for $170 million. Two Commissioners—Rebecca Slaughter and Rohit Chopra—dissented, citing the FTC should have obtained more in the settlement in terms of both injunctive provisions and monetary relief.
“We need to hold companies accountable for their profiteering off of consumers,” Wyden tweeted. “My bill is the way to do it.”