"After the Equifax breach there was a surge in consumer sentiment for strong consumer privacy legislation," says Dan Schuyler, VLCM Cybersecurity Solutions Architect. "When Senator Wyden first introduced his draft of the 'Consumer Data Privacy Act', it felt like there was some real momentum and we might actually see some legislation passed. However, true to form partisan politics put a damper on that momentum.
I commend Senator Wyden for continuing the good fight by listening to privacy experts and updating his consumer privacy bill with the 'Mind Your Own Business Act'. The revised bill imposes strong penalties and fines, and prison for senior executives that lie about their privacy standards. However, considering the current state of affairs with Congress and the President, it’s unlikely we will see a vote on any legislation until after the Presidential election."
Photo by Erin Schaff for The Verge
On Thursday, tech hawk Sen. Ron Wyden (D-OR) introduced a sweeping new data privacy bill aimed at forcing tech platforms to mind their own business and face tough penalties if they fail to meet new privacy and security standards.
Wyden’s “Mind Your Own Business Act” is the official version of a draft bill he circulated around to other members and consumer groups late last year. The legislation would empower the Federal Trade Commission with new authorities to fine tech companies that violate user privacy and bolster the agency with more resources to better regulate the industry in the future.
“Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences,” Wyden said in a statement. “A slap on the wrist from the FTC won’t do the job.”
If approved, the bill would allow the FTC to establish minimum privacy and cybersecurity standards for tech platforms and give it the authority to issue fines of up to 4 percent of a company’s annual revenue for first-time offenses, similar to provisions in the GDPR. The FTC has resolved a number of privacy investigations into companies like Facebook, YouTube, and Equifax over the past year, but officials have faced significant criticism for not taking stronger action.
FTC Chairman Joe Simons has pleaded with Congress to empower the Commission with new authorities to fine companies for first-time privacy violations. Wyden’s bill would do just that, and also make it a crime for senior executives of tech companies to knowingly lie to the agency in regards to privacy.
“Consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share our data,” Wyden said. “Corporate executives need to be held personally responsible when they lie about protecting our personal information.”
State attorneys general would be able to enforce the regulations in the Mind Your Own Business Act, too, putting more “cops on the privacy beat” other than just the FTC, according to a press release for the measure.
Wyden’s bill would institute a federal Do Not Track requirement, giving users the option to opt out of data tracking that’s used to target ads. Platforms like Facebook and Twitter would also be required to offer “privacy-protecting” versions of their products for a fee. Interestingly, Wyden’s measure would extend the Federal Communications Commission’s Lifeline program for low-income people to use to obtain these privacy-focused versions of products so “privacy does not become a luxury good,” as his office put it.
Lawmakers in both the House and Senate have introduced data privacy bills, but so far none have been put up for a vote. Leaders on the Senate Commerce Committee have said that they’d introduce their own bill by the end of the year, but that’s looking less likely as time goes on. One of the main sources of conflict has been whether to preempt states from legislating their own privacy regulations. Wyden’s bill would not bar any states from creating those rules.