Oregon Senator Ron Wyden has unveiled updated privacy legislation he says will finally bring accountability to corporations that play fast and loose with your private data.
Dubbed the Mind Your Own Business Act, the bill promises consumers the ability to opt out of data collection and sale with a single click. It also demands that corporations be transparent as to how consumer data is collected, used, and who it’s sold to, while imposing harsh fines and prison sentences upon corporations and executives that misuse consumer data and lie about it.
“I spent the past year listening to experts and strengthening the protections in my bill,” Wyden said in a statement provided to Motherboard, referring to an earlier draft of his privacy proposal unveiled late last year.
“It is based on three basic ideas: Consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share our data; and corporate executives need to be held personally responsible when they lie about protecting our personal information,” Wyden added.
If you hadn’t noticed, United States internet privacy oversight is akin to the wild west. Outside of the Children's Online Privacy Protection Act (COPPA) of 1998, there’s few real rules governing how corporations treat your private data, and even less accountability for corporations that repeatedly treat consumer privacy and security as a distant afterthought.
The result hasn’t been pretty. Wireless carriers have been caught selling your private location data to any nitwit with a nickel, companies routinely leave private consumer data accessible to the open internet, and an endless series of major hack attacks result in consumer data being exposed to criminals. The government’s response has been maligned as feckless and pathetic.
Wyden’s bill authorizes the FTC to impose fines of up to 4 percent of annual revenues on companies that fail to protect consumer data. The bill also proposes 10-20 year prison sentences for senior executives who knowingly lie to the FTC. Companies whose executives are convicted will pay a tax based on the salary they paid to the officials who lied, Wyden’s office told Motherboard.
“Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences,” Wyden said. “A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government.”
The Mind Your Own Business Act also mandates the creation of a national Do Not Track system that gives consumers the ability to quickly and easily opt out of the collection and sale of their private data without having to dig through confusing corporate websites.
The bill also restricts companies looking to make privacy a luxury option. AT&T, for example, spent several years charging its broadband users an additional $500 more a year just to stop receiving targeted ads, a move AT&T somehow insisted was a "discount." Wyden’s bill would limit such fees to the amount of money the company would actually be giving up by not being able to sell a user’s data, his office said.
Wyden’s proposal would also require that corporations give consumers an easy way to review all of the data a company has about them and correct inaccuracies. Giants like Facebook would also be required to analyze any algorithms that process consumer data—to more closely examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.
Wyden’s proposal comes as a coalition of industries work hand in hand to scuttle meaningful privacy reform. Given well-crafted rules could inform and empower consumers, companies fear losing billions of dollars generated from monetizing your daily behavior.
As a result, efforts to pass meaningful rules generally wind up in the scrap bin courtesy of our well-lobbied Congress. For example, a 2016 FCC attempt to impose fairly modest broadband privacy rules was dismantled in 2017 courtesy of a Senate intimately familiar with campaign contributions from the health care, telecom, technology, insurance, and marketing industries.
While companies like Facebook and AT&T insist they support privacy legislation, groups like the Electronic Frontier Foundation have argued their real goal is legislation written by their own lawyers so filled with loopholes as to be largely useless. Such show pony legislation would serve one real purpose: to invalidate or “preempt” tougher state-level protections.
As such, industry isn’t likely to enjoy Wyden’s bill, which not only doesn’t preempt state privacy law, it advocates the state by state creation of a “protection and advocacy” organization that can file additional civil suits against companies that violate privacy regulations.
Cumulatively, the goal is to finally create something vaguely resembling accountability for the laundry-list of American industries that have spent the better part of the last decade not only monetizing your every waking breath, but routinely failing to ensure that data remains secure.