Senator Ron Wyden, D-Ore.,introduced sweeping new privacy legislation Thursday, called the Mind Your Own Business Act, to create what he called the strongest-ever protections for Americans’ private data and to hold accountable the corporate executives responsible for abusing our information.
Wyden’s bill contains the most comprehensive protections for Americans’ private data ever introduced, and goes further than Europe’s General Data Protection Regulation (GDPR). It would give American consumers an easy, one-click way to stop companies from selling or sharing their personal information, give consumers radical transparency into how corporations use and share their data, and impose harsh fines and even prison terms for executives at corporations that misuse Americans’ data and lie about those practices to the government.
“Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences. A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government,” Wyden said. “I spent the past year listening to experts and strengthening the protections in my bill. It is based on three basic ideas: Consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share our data, and corporate executives need to be held personally responsible when they lie about protecting our personal information.”
Wyden said the Mind Your Own Business Act protects Americans’ privacy, allows consumers to control the sale and sharing of their data, gives the FTC the authority to be an effective cop on the beat, and will spur a new market for privacy-protecting services. The bill empowers the FTC to:
Establish minimum privacy and cybersecurity standards.
Issue steep fines (up to 4% of annual revenue), on the first offense for companies and 10-20 year criminal penalties for senior executives who knowingly lie to the FTC.
Create a national Do Not Track system that lets consumers stop companies from tracking them on the web, selling or sharing their data, or targeting advertisements based on their personal information. Companies that wish to condition products and services on the sale or sharing of consumer data must offer another, similar privacy-friendly version of their product, for which they can charge a reasonable fee. This fee will be waived for low-income consumers who are eligible for the Federal Communication Commission’s Lifeline program.
Give consumers a way to review the personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
Hire 175 more staff to police the largely unregulated market for private data.
Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy and security.
New provisions added since the November, 2018 discussion draft
The bill incorporates feedback Sen. Wyden received over the past year, and strengthens a number of pro-consumer provisions:
Strengthen the impact of the “Do Not Track” opt-out to stop companies from mining user data to target ads on behalf of other companies, which was allowed under the draft bill. A company could continue use data it holds for its own benefit (for example, examine user emails to develop a spell-checker, or improve its own service).
Extend “lifeline” protections for privacy-friendly services to low-income users. The bill ensures that privacy does not become a luxury good by requiring companies to offer privacy-protecting versions of their products for free to consumers who are eligible for the FCC’s Lifeline program. Companies will be able to recoup this lost income by charging higher-income consumers a slightly higher fee for privacy-friendly services.
Permits state attorney generals to enforce the regulations created by the bill to get more cops on the privacy beat.
Creates a right of action for protection and advocacy organizations. Each state will be able to designate one “protection and advocacy” organization that can file civil suits against companies that violate privacy regulations. This provision would allow dedicated watchdogs to sue companies over privacy violations on behalf of consumers. The bill allows the FTC to distribute some of the money it collects in fines to the designated nonprofits.
Levies new tax penalties on companies whose CEOs lie about privacy protections. Companies whose executives are convicted will have to pay a tax based on the salary they paid to the officials who lied.
Clarifies that the bill does not preempt any state law.
A copy of the bill text is available here.
A one-page summary of the bill is available here.