On October 31st 2018, Senator Ron Wyden (D, Oregon) formally introduced a discussion draft of a new Bill which proposes “To amend the Federal Trade Commission Act to establish requirements and responsibilities for entities that use, store, or share personal information, to protect personal information, and for other purposes.” Among other things, the proposed legislation hopes to impose strict fines against and possibly imposes jail time for executives of major US corporations found to have mishandled, misused or lost/exposed the personal data of US citizens throughout the future.
According to Wydens website, “The Consumer Data Protection Act protects Americans’ privacy, allows consumers to control the sale and sharing of their data, gives the FTC the authority to be an effective cop on the beat, and will spur a new market for privacy-protecting services.”
Overview of Data Protection Act:
- Establish minimum privacy and cybersecurity standards.
- Issue steep fines (up to 4% of annual revenue), on the first offense for companies and 10-20 year criminal penalties for senior executives.
- Create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data, or targeting advertisements based on their personal information. It permits companies to charge consumers who want to use their products and services, but don’t want their information monetized.
- Give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
- Hire 175 more staff to police the largely unregulated market for private data.
- Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.
However, it is important to note that, if passed as is, these laws would only apply to companies receiving more than $50 million in yearly revenue, which actively host the personal information of greater than 1 million people/customers. Moreover, the act excludes 3rd party data hosting providers, small business owners, as well as data brokers or commercial entities who “as a substantial part of their business, collects, assembles or maintains personal information concerning an individual who is not a customer or an employee of that entity in order to sell or trade the information.”
Being as this is a “Discussion Draft” for the time being, Mr. Wyden is currently accepting feedback, criticisms, critiques and constructive criticisms of his legislation. If you have something you would like to say in response to it, you can reach Senator Wyden at: PrivacyBillComments@wyden.senate.gov
Full Text of Data Protection Act:Wyden Privacy Bill Discussion Draft Nov 1