Oregon Senator Ron Wyden has drafted a proposed federal data privacy bill (formally called the “Consumer Data Protection Act”) and has posted it for discussion and comments. The proposal is pretty raw, but it calls for an amendment to the Federal Trade Commission Act, to essentially give it some teeth in the area of data privacy. The draft bill comes on the heels of the California Privacy law that was passed earlier this year and will go into effect in 2020.
As written, Senator Wyden’s bill covers businesses that are collecting consumer data and bringing in an average of over $1 billion a year gross revenue, or have store data for fifty-million plus “consumers” or “devices”, whereas the California Privacy Law (A.B. 375) applies broadly to businesses with over $25mm a year gross revenue, and requires these companies to submit annual data protection reports to the government. The most interesting, and certainly newsworthy aspects of the bill, are the punitive measures which include large fines and potential jail time for senior executives.
A summary of the bill put out by the Senator’s office listed the important points of the bill as the following:
- “Establish minimum privacy and cybersecurity standards.
- Issue steep fines (up to 4% of annual revenue), on the first offense for companies and 10-20 year criminal penalties for senior executives.
- Create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data, or targeting advertisements based on their personal information. It permits companies to charge consumers who want to use their products and services, but don’t want their information monetized.
- Give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
- Hire 175 more staff to police the largely unregulated market for private data.
- Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.”