U.S. Democratic Senator Ron Wyden released an early draft of a bill today that would subject company CEOs and senior executives to tough penalties including 10 to 20 years of imprisonment for failing to protect consumer data. Colin Lecher reporting in The Verge: "Wyden's draft proposal, called the Consumer Data Protection Act, would give the FTC more authority and resources to police the use of data by adding a total of 175 new staff. Under the proposal, the FTC would also be allowed to fine companies up to 4 percent of revenue for a first offense."
In summary, the bill empowers the Federal Trade Commission to:
- Establish minimum privacy and cybersecurity standards.
- Issue steep fines (up to 4% of annual revenue), on the first offense for companies and 10-20 year criminal penalties for senior executives.
- Create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data, or targeting advertisements based on their personal information. It permits companies to charge consumers who want to use their products and services, but don't want their information monetized.
- Give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
- Hire 175 more staff to police the largely unregulated market for private data.
- Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.
The big picture: "If voters flip the House or, less likely, the Senate on Tuesday [US midterm election], it could supercharge the debate over privacy," says David McCable of Axios. "Lawmakers are trying to get federal legislation in place before California’s new rules go into effect in 2020."