Oregon Senator Ron Wyden has introduced a comprehensive new privacy bill he claims will finally address the lack of meaningful privacy protections for American consumers.
Wyden says his Consumer Data Protection Act is a direct response to the ocean of privacy scandals that have plagued the internet for the better part of the last decade. The Senator’s proposal would dramatically beef up Federal Trade Commission authority and funding to crack down on privacy violations, let consumers opt out of having their sensitive personal data collected and sold, and impose harsh new penalties on a massive data monetization industry that has for years claimed that self-regulation is all that’s necessary to protect consumer privacy. Wyden’s bill proposes that companies whose revenue exceeds $1 billion per year—or warehouse data on more than 50 million consumers or consumer devices—submit “annual data protection reports” to the government detailing all steps taken to protect the security and privacy of consumers’ personal information. The proposed legislation would also levy penalties up to 20 years in prison and $5 million in fines for executives who knowingly mislead the FTC in these reports. The FTC’s authority over such matters is currently limited—one of the reasons telecom giants have been eager to move oversight of their industry from the Federal Communications Commission to the FTC.
“Today’s economy is a giant vacuum for your personal information—everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database,” Wyden said in a statement. “But individual Americans know far too little about how their data is collected, how it’s used and how it’s shared.”
From Facebook’s Cambridge Analytica scandal to Verizon getting busted covertly tracking wireless users around the internet, it has become clear there’s not much in the way of genuine accountability or transparency when it comes to cavalier treatment of user data.
From the wrist slap Equifax received for failing to protect the private data of 145 million Americans, to the SIM hijacking and location data scandals plaguing the wireless sector in recent years, meaningful government inquiries, investigation, and punishment are often lacking. “It’s time for some sunshine on this shadowy network of information sharing,” Wyden said. “My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans’ most private information.”
The problem is that big business lobbyists will likely line up in opposition to a bill that genuinely protects privacy, meaning that Wyden’s bill faces a steep uphill climb.
Individually the telecom, advertising, marketing, insurance, Silicon Valley tech, banking, and entertainment industries are lobbying juggernauts. Combined they’re incredibly difficult to overcome, consumer groups have warned.
Companies like Facebook and Verizon publicly insist they support meaningful privacy rules. In fact, a handful of Silicon Valley companies have recently been lobbying the Trump administration to craft new privacy legislation. But activists and consumer groups claim the industry’s more interested in undermining tougher privacy rules with their own, weaker proposals—than actually crafting meaningful ones. For example, Facebook, Google, and Verizon collectively lobbied the GOP to kill modest but meaningful FCC privacy rules last year. They also worked in unison to scuttle scuttle state-level privacy rules in California, falsely claiming that such efforts would only “embolden extremists,” harm children, and somehow increase internet popups, according to an analysis by the Electronic Frontier Foundation.
The reality is that any privacy guidelines worth their salt will create informed, empowered consumers more likely to opt-out of data monetization schemes. Given that said opt outs would cost multiple industry billions in revenues, the motivation for their opposition to even the best-crafted reforms isn’t much of a mystery.
Still, consumer groups said Wyden’s proposal is a step in the right direction, even if battling an gauntlet of lobbyists intent on derailing it will surely prove to be challenging.
“We're very pleased to see the bill recognize that there are non-economic impacts to privacy violations and that those should be policed vigorously by the Federal Trade Commission,” Gaurav Laroia , lawyer for consumer group Free Press told Motherboard. “Staffing up at that agency to actually be able to protect people's privacy and putting the onus on CEOs to make sure their products are safe is a necessary addition to the privacy debate,” he added. Laroia suggested that while the lobbying opposition to meaningful privacy protections is massive, so too is the growing backlash from consumers tired of their privacy rights and personal data security being an afterthought. He pointed to recent Pew polling data that shows consumers have lost faith in companies’ ability to protect their data.
“People want additional protections,” he said. “The constant drumbeat of data breaches and people's rightful concerns over companies using that information to manipulate them has created an opening to get these important protections through.”