Sen. Ron Wyden (D-Ore.) Wants tech and computer companies to remember their own business and get your nose out of you. To that end, he has introduced a bill that will punish them, potentially with jail time for leaders, for failing to do so.
The proposed bill (PDF), actually called the "Mind Your Own Business Act of 201
The draft does not name any company specifically, but instead focuses on the general concepts of personal data and corporate responsibility. That said, Wyden gave a name in a statement, and Facebook is clearly front and center of his radar.
"Mark Zuckerberg will not take Americans' privacy seriously unless he feels personal consequences," Wyden said. "A flap on the wrist from the FTC will not do the job, so under my bill he would face jail for lying to the government."
Not only do companies need to be more transparent and give consumers more control, Wyden added, but also "business leaders need to be held personally accountable when they lie about protecting our personal information."
The proposal nullifies a few major challenges. First, consumers are tracked and made money, but do not have an effective way of controlling that tracking or even knowing what is done with the data collected from them. Second, companies that filter and trade with consumer data have a terrible track record in securing that data and preventing unauthorized access. And third, the Federal Trade Commission, which is the closest we have to a privacy regulator, is sadly underpowered and under-resourced to tackle the challenge.
Sen. Widen's bill will then address these concerns by 1) introducing minimum privacy and security standards for user data, 2) increasing transparency for consumers to access their own data and learning what has been done with it, 3) creating steep penalties for companies that blow it, and 4) expand the FTC's authority and resources so that it will be able to enforce these penalties. The bill would allow companies to charge for versions with higher privacy of services, but it would exempt those fees from anyone who uses a life allowance (a small credit that low-income individuals and families can use to pay for telephone or broadband services) . This would be a gesture towards reserving privacy as a luxury item.
Putting someone on the beat
The FTC recently created a small division dedicated to technology improvement issues, but Widen's proposal would defeat it significantly.
Chairman Joseph Simons has said several times this year that he feels his agency is hampered by its inability to impose stiff penalties for first-time violations of FTC law or the security rule, which requires financial institutions to be particularly careful about consumer data.
"The CFPB and the states were able to obtain civil penalties for this huge breach of a major financial institution. The FTC could not," Simons said at a July press conference explaining the agency's settlement with Equifax. "Fortunately, other agencies were able to fill in the gap this time. That may not always be the case, which sends the wrong signal about deterrence."
A few days later, when we were discussing the $ 5 billion settlement between the FTC and On Facebook, Simons again asked Congress for a new bill. "We are a law enforcement agency without the authority to announce general privacy regulations," Simons said at the time. "Our authority in this matter comes from a 100-year-old statute that was never intended to address privacy issues like the ones we address today."
If Senator Wyden's bill were to become law, the FTC would get 175 additional staff to help enforce data and privacy standards – and the penalties could be steep. A first offense, which currently has no fines, will cost a company up to 4% of its annual revenue. In the case of Equifax's data breach, for example, it would have been an additional $ 136 million to the FTC, on top of the existing $ 500 million deal.
Company officers would also be held personally responsible for the company's behavior. If a business, such as Facebook or Google, was found to file inaccurate privacy reports, executives would be penalized equivalent to 5% "of the largest amount of annual compensation received during the previous three-year period," or $ 1 million, depending on what is bigger, and up to 10 years in prison.
It's just for an "oops." If those officers were found to have deliberately lied about these reports, the sentences jump up to 25% of the compensation or $ 5 million, whichever is greater, and up to 20 years in prison.
Almost everyone with an interest in the matter, including politicians from both major parties, agrees that we in the US are too late for some kind of update to privacy laws and regulations. However, the questions of what such a law should cover, what it should allow and who should benefit from it, are at best controversial.
More than 50 of the nation's largest companies – including Amazon, AT&T and Comcast, among dozens of others – In September, signed a letter (PDF) to Congress asking for federal privacy laws.
The companies wrote:
We are committed to protecting consumer privacy and want consumers to trust companies to process their personal information responsibly. .. We are also united in our belief that consumers should have meaningful rights over their personal information, and that companies accessing this information should be held continuously accountable under comprehensive federal consumer data privacy laws.
The Electronic Frontier Foundation and other critics called the corporate campaign "disingenuous", saying it constituted a "ploy to undermine real privacy progress" being done at the state level across the country.
The poster for the state effort is California's Consumer Privacy Act, which comes into effect in less than three months, Jan. 1. California's high population and influence as a tech center has effectively made its privacy-related regulations de facto national standards, and companies that rely on the ability to collect, remix and leverage user data are not thrilled with that idea. They probably won't love Widen's federal proposal, as it explicitly does not exempt states from setting their own, stricter guidelines.
However, beyond the issue of corporate money and corporate preferences, the biggest challenge to get through Congress this decade is Congress. Weak observers may have noticed that the political process in Washington, DC, is somewhat critical these days. Not only is there a significant partisan divide to contend with, but in the immediate sense, both chambers are preoccupied with questions like "Can we keep this government funded last November?" and "Do we admit the president?"
That said, Widen's bill could easily become a template that he and other senators will return to in future sessions of Congress, when conditions for making actual law can be more favorable.