Hexbyte – Tech News – Ars Technica | Proposed data privacy law could send company execs to prison for 20 years

Hexbyte – Tech News – Ars Technica |

Making privacy non-negotiable —

Privacy law would let consumers opt out of data sharing.


Hexbyte - Tech News - Ars Technica | A man with white hair, wearing a button-down shirt and tie, standing behind the bars of a jail cell.

Getty Images | Ed Bock

A US senator has proposed a privacy law that could issue steep fines to companies and send their top executives to prison for up to 20 years if they violate Americans’ privacy.

Sen. Ron Wyden, D-Ore. announced a discussion draft of his Consumer Data Protection Act yesterday. The bill would establish new privacy rules that major companies must follow and establish fines and prison sentences big enough to make even the largest companies take notice.

Consumers would have the right to opt out of systems that share their data with third parties. Companies that don’t follow the proposed law could be fined up to 4 percent of annual revenue on their first offense. The FTC currently is unable to fine first-time corporate offenders, and “fines for subsequent violations of the law are tiny, and not a credible deterrent,” Wyden’s bill summary says.

Hexbyte – Tech News – Ars Technica | Fines and prison for execs

Besides giving the FTC new powers, the bill would let the agency hire another 175 staffers “to police the largely unregulated market for private data,” Wyden’s bill summary says.

Under the proposed law, executives could be “fined not more than $5,000,000 or 25 percent of the largest amount of annual compensation the person received during the previous 3-year period from the covered entity, prisoned not more than 20 years, or both,” the bill says. (The more readable bill summary is available here.)

The bill seems unlikely to pass, given the extreme penalties, lobbying clout of big businesses, and Republicans’ control of Congress. But both Republicans and Democrats have been pushing for some kind of privacy law, and Wyden’s proposal would make big fines and prison sentences part of the discussion. Wyden’s announcement said his bill is supported by Consumers Union, search engine operator DuckDuckGo, and four former FTC chief technologists.

Hexbyte – Tech News – Ars Technica | Private data is “tracked, sold and monetized”

“Today’s economy is a giant vacuum for your personal information,” Wyden said. “Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database.”

US residents know very little about how their data is collected, used, and shared, Wyden continued. “It’s time for some sunshine on this shadowy network of information sharing,” he said. “My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans’ most private information.”

“Information about consumers’ activities, including their location information and the websites they visit is tracked, sold and monetized without their knowledge by many entities,” Wyden’s bill summary said. Meanwhile, “corporations’ lax cybersecurity and poor oversight of commercial data-sharing partnerships has resulted in major data breaches and the misuse of Americans’ personal data, [and] consumers have no effective way to control companies’ use and sharing of their data.”

The legislation would affect large companies under the jurisdiction of the Federal Trade Commission. Specifically, the law would apply to companies that earn more than $50 million in average annual revenue or collect personal information on at least 1 million consumers or at least 1 million consumer devices.

The law would thus apply to big Web giants like Google and Facebook, big Internet service providers that face FTC jurisdiction, and any other large company that faces FTC jurisdiction and collects data on at least 1 million of th

Read More