Prison time, hefty fines for privacy violations: draft US Senate Bill

WASHINGTON (Reuters) – A senior democratic US senator on Thursday unveiled draft laws that would allow major fines and as much as 20 years in prison for executives who violate privacy and cyber security standards.

Senator Ron Wyden published a bill that would allow the Federal Trade Commission authority to write privacy rules. The measure will also provide maximum fines of 4 per cent of revenues – corresponding to European rules adopted earlier this year.

"It's time for some sunshine on this shady network of information sharing," Wyden said in a statement. "My bill creates transparent transparency for consumers, giving them new tools to control their information and support it with tough rules."

Data security has become an increasingly important issue since massive violations of the personal information of millions of US internet and social media users, as well as breaches involving major retailers and credit reporting agency Equifax Inc ( EFX.N ).

Wyden would also create a national "Non Track" system to stop companies from tracking Internet users by sharing or selling data and targeting ads based on their personal information. The bill will also be subject to senior executives in companies with a breach of privacy on fines of $ 5 million or more.

Facebook Inc (19459016) FB.O ), the world's largest social media network, said earlier this year that the personal information of about 70 million US users was mistaken for political analysts, Cambridge Analytica. It said last month that cyber attackers stole data from 29 million Facebook accounts using an automated program that moved from one friend to the next.

In September, Amazon.com Inc. ( AMZN.O ), Alphabet Inc. ( GOOGL.O ), Apple Inc. (AAPL.O), AT & T Inc TN ), Charter Communications Inc. (CHTR.O) and Twitter Inc. ( TWTR.N ) all told senators that they would repay new federal privacy rules.

Senator John Thune, who stands for the Trade Committee, also works with the Privacy Policy.

The Internet Association, which represents more than 40 major internet and technology companies, supports the modernization of privacy rules, but wants a national approach that will prevent new California provisions coming into force in 2020. The Trump Administration also seeks comments on how to set nationwide privacy rules.

The European Union Data Protection Regulations came into force in May, replacing the patchwork work of the 1995 rules.

Violation of EU privacy laws can lead to fines of up to 4 percent of global income or 20 million euros ($ 22, 8 million), depending on which one is higher, as opposed to a few hundred thousand euros.