A proposed data-privacy law would levy steep fines and could land top executives in prison for up to 20 years for misusing Americans’ data.
The Consumer Data Protection Act would allow consumers to control the sale and sharing of their data, and gives the Federal Trade Commission (FTC) the authority to police data privacy. U.S. Sen. Ron Wyden, D-Oregon, released a “discussion draft” of the legislation, which has’t yet been introduced for consideration.
The European Union’s daunting General Data Protection Regulation (GDPR) went into effect in May.
Joseph Pedano, Evolve IP‘s senior vice president of cloud engineering, tells Channel Partners that “anything is better than nothing right now.”
“My hesitancy is in government writing tech laws; the Health Insurance Portability and Accountability Act of 1996 (HIPAA) hasn’t exactly been a slam dunk,” he said. ”
“Today’s economy is a giant vacuum for your personal information — everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database,” Wyden said. “But individual Americans know far too little about how their data is collected, how it’s used and how it’s shared.”
The bill would “empower consumers to control their personal information, create radical transparency into how corporations use and share their data, and impose harsh fines and prison terms for executives at corporations that misuse Americans’ data,” he said.
The bill would give the FTC the authority to establish minimum privacy and cybersecurity standards, issue fines as much as 4 percent of annual revenue on the first offense for companies, and 10-20 year criminal penalties for senior executives.
The FTC also would create a national do-not-track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data or targeting advertisements based on their personal information. It also would give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
As opposed to GDPR, which is more about leverage against a company to remove your information, the proposed bill “seems a little more specific to understanding where your data sits,” Pedano said.
The bill would create additional work for companies, but “given how some companies have rolled out GDPR protections to their entire global platform (whether it’s needed or not), global compliance would be easier,” he said.
“Senator Wyden’s proposed consumer privacy bill creates needed privacy protections for consumers, mandating easy opt-outs from hidden tracking,” said Gabriel Weinberg, CEO of DuckDuckGo, a private internet search engine. “By forcing companies that sell and monetize user data to be more transparent about their data practices, the bill will also empower consumers to make better-informed privacy decisions online, enabling companies like ours to compete on a more level playing field.”