Touted as tougher than EU GDPR, Sen. Wyden proposes giving consumers more control over their data and taxing companies that fail to meet privacy standards, among other regulations.
Sen. Ron Wyden, D-Oregon, introduced stringent privacy legislation on Wednesday, creating tough penalties for businesses that fail to meet standards and giving the Federal Trade Commission more authority to enforce privacy violations.
The Mind Your Own Business Act is touted as tougher than the EU General Data Protection Regulation, but will not supersede state law. Wyden aims to provide individuals with transparency into how their data is used and shared, as well as control into how and when their data is collected.
Wyden first introduced a draft of the bill in 2018, but the latest legislation extends proposed regulations to further tighten privacy regulations.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
A number of senators and state regulators have been steadily working to shore up gaps in privacy legislation, including those in HIPAA, which does not cover health apps. After the massive Facebook scandal and what was seen as a lenient FTC fine, Wyden is proposing legislation to crack down on organizations that fail to protect consumer data.
For the past year, Wyden has spent time speaking to industry stakeholders on just where those privacy gaps exist and how regulations can reduce some of those challenges.
“Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences. A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government,” Wyden said in a statement.
“[The bill is] based on three basic ideas: Consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share our data, and corporate executives need to be held personally responsible when they lie about protecting our personal information,” he added.
The legislation would establish minimum privacy and security standards, while issuing fines up to 4 percent of annual revenue for the first offense for companies. Executives that knowingly lie to the FTC could receive up to 10- to 20-year criminal penalties.
Further, the bill establishes a ‘Do Not Track’ system to allow consumers to stop companies from tracking them online, selling or sharing their data, or targeting advertisements based on their information. Those organizations that want to condition their products or service based on the sale or sharing consumer data, must also offer a privacy-friendly version – but will be allowed to charge a reasonable fee.
However, the bill would allow companies to use the data of individuals for their own benefit, such as improving its own product or service.
Consumers will also be allowed to review the personal data a company has about them, learn the companies that have been shared or sold their data, and will be allowed to challenge inaccuracies.
The legislation would also mandate the hiring of 175 more staff to “police the largely unregulated market for private data, and require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy and security.”
Notably, if passed, the bill would allow state attorneys general to enforce its regulations, as a way to “get more cops on the privacy beat.” Each state will be permitted to designate a protection and advocacy organization empowered to file civil suits against those companies that violate privacy regulations.
As a result, dedicated watchdogs could file civil lawsuits against companies over privacy violations on behalf of individuals. While it’s unlikely the proposed bill will pass in its current form, it’s one of the toughest privacy proposals to date.
Sens. Amy Klobuchar, D-Minnesota, and Lisa Murkowski, R-Arkansas, have proposed closing privacy gaps in HIPAA to cover consumer-focused health technology, while Sen. Edward Markey, D-Massachusetts has proposed giving individuals more control over their data by allowing them to opt-out of data collection.
While it may be some time until sweeping federal legislation is passed, the Department of Health and Human Services has been looking to update HIPAA and states like New York and California are enacting privacy laws to better protect consumers.
Source: HealthITSecurity
