A congressional privacy hawk wants to put the power of people’s personal data back into their own hands—and punish corporations that aren’t transparent about information collection with high fines and prison time.
The Mind Your Own Business Act, introduced Thursday by Sen. Ron Wyden, D-Ore., grants the Federal Trade Commission resources and six new authorities to establish stricter protections that safeguard Americans’ data and impose tougher penalties against companies that lie about their data collection and use.
“[The bill] is based on three basic ideas,” Wyden said in a statement. “Consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share our data, and corporate executives need to be held personally responsible when they lie about protecting our personal information.”
The senator spent the last year engaging thought leaders and quietly crafting the legislation. A Wyden aide told Nextgov he was informed by experts from organizations including the Electronic Frontier Foundation, American Civil Liberties Union, and the Consumers Union, along with ex-FTC Chief Technologist Ashkan Soltani and Alastair Mactaggart from the International Association of Privacy Professionals, among others. In November, Wyden also sent around a discussion draft, which outlined the legislation’s aims to “create radical transparency into how corporations use and share their data.”
Specific entities are not named in the bill, but the senator indicated he’s likely targeting companies involved in recent data-collection scandals, including social media giant Facebook. In July the FTC instituted a $5 billion penalty against Facebook partially because it had inadvertently exposed 87 million users’ personal data to a political consulting firm Cambridge Analytica and was not initially clear with consumers about the incident. But the move held little weight—the company’s stock price reportedly jumped following reports of the fine (which is about what Facebook makes in a month) and Wyden was one of several lawmakers to call for greater accountability at the time.
“Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences,” the senator said this week. “A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government.”
The MYOB Act explicitly aims to make up where Wyden said the FTC falls short. It would empower the commission to issue fines of up to 4% of companies’ annual revenue if they do not honestly and adequately protect user data. On a company’s second offense, the law calls for senior executives who lie to the FTC to face between one to two decades in prison.
In a one-pager about the bill, the senator also made clear that he aims to boost the commission’s resources.
“The FTC does not have enough staff, especially skilled technology experts,” the document said. “Currently about 50 people at the FTC police the entire technology sector and credit agencies.”
If passed, the legislation would enable the agency to add 175 new members to its staff. The FTC would also be tasked with creating minimum privacy and cybersecurity standards to products and services that process consumer data and would allow.
Further, the legislation prompts companies to institute new avenues to build consumer trust. Corporations would be required to evaluate their algorithms that process user data for accuracy, bias and security and consumers would gain the ability to review how and to whom companies collect and sell their information. MYOB also calls for the implementation of a “national Do Not Track system,” which would enable consumers to stop companies from tracking or selling their data with and cue companies to offer low-cost “privacy-friendly” versions of their products.
A group of moderate Democrats in the House of Representatives also recently endorsed their own privacy-focused bill—though the Information Transparency and Personal Data Control Act does not impose severe prison time.