Sen. Ron Wyden, D-Ore., long a champion for tighter regulations on government surveillance and expanded data privacy rights for citizens, on Thursday unveiled a “discussion draft” of data privacy legislation that he said would create “radical transparency” into how large corporations use and share consumer data, and impose prison terms and monetary fines on executives whose companies misuse consumer data.
Notably, the proposed legislation would not apply to companies that generate less than $50 million of annual revenue, have less than one million “consumers” and less than one million “consumer devices,” and are not data brokers.
The senator’s proposed Consumer Data Protection Act easily appears to be the most aggressive of several pieces of actual or proposed legislation offered in recent months on the topic, and among the most detailed legislative position papers put out by tech-sector trade groups and companies in the expectation that Congress may take a serious look at data privacy legislation next year.
On the congressional side, Rep. Suzan DelBene, D-Wash., introduced a consumer data privacy bill that would require online service providers to provide “opt-in” rights to consumers whose “sensitive personal information or behavioral data” they collect, store, process, sell, or share with third parties, while Rep. Ro Khanna, D-Calif., has been circulating a list of privacy principles, including consumer opt-in rights for data collection.
On the corporate front, trade groups including the Information Technology Industry Council, Internet Association, and BSA | The Software Alliance have floated data privacy proposals that draw distinctions on data use depending on degrees of privacy and context of use, while Apple, Google, and others have floated proposals that promise to give users more control over their data and how it is used.
But none come close to Sen. Wyden’s discussion draft released this week, which would empower the Federal Trade Commission to become “an effective cop” on the data privacy beat, and establish minimum privacy and cybersecurity standards for companies that process consumer data.
The FTC would be empowered to issue fines of up to four percent of annual revenue on companies for first offenses, and jail terms of 10-20 years for senior executives of violating companies.
The agency would also be charged with creating a “do not track” system that would allow consumers to stop third-party companies from tracking the on the web by sharing data, selling data, or targeting advertisements based on personal information. Notably, it would allow companies to charge consumers who want to use their services but don’t want their personal information monetized.
It would also give consumers a way to review their personal data held by companies and how it has been shared or sold, and would require companies to assess their algorithms that process consumer data “to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security,” according to a summary of the legislative draft.
And it would require the FTC to hire 175 staff to help police the market for private data; Wyden said the FTC now employs about 50 people “to police the entire technology sector and credit agencies.”
The draft legislation is necessary, Wyden’s office said, because the Federal government has “failed to respond” to numerous threats that stem from the explosive growth in the collection and sale of consumer data. Those threats include consumers being tracked without knowing it, data breaches caused by poor security and lax oversight, and the current inability of consumers to control how their data is used and shared.
“Today’s economy is a giant vacuum for your personal information–everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database. But individual Americans know far too little about how their data is collected, how it’s used and how it’s shared,” Sen. Wyden said in a statement.
He continued, “It’s time for some sunshine on this shadowy network of information sharing. My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans’ most private information.”