Senator Ron Wyden (D-Ore.) has proposed sweeping new legislation that would overhaul internet privacy protections in the United States in the same vein as the European Union General Data Protection Regulation (“GDPR”). The draft bill, introduced on November 1, 2018, is called the Consumer Data Privacy Act (“CDPA”), and, if enacted, would set minimum privacy and cybersecurity policies that companies would be mandated to follow. Those policies would be enforceable by the Federal Trade Commission (“FTC”), and any company that violated them, as well as their CEOs, would face harsh penalties.
The CDPA, which would apply to companies that generate more than $50 million in revenue and with personal data on more than 1 million people, would allow the FTC to create minimum standards for consumer privacy and data security. Similar to the GDPR, the bill also proposes to give consumers a way to review the data that companies have collected on them, as well all other companies, vendors, and business associates with which that data has been shared. Moreover, the CDPA would require large technology firms – those with revenues exceeding $1 billion or ones that store data on more than 50 million consumers or their devices – to submit “annual data protection reports” to the government that lay out their cybersecurity practices.
If a company fails to follow the FTC’s standards and regulations, the CDPA would empower the FTC to levy steep fines (up to 4% of annual revenue) against the company, similar to the fines permitted under the GDPR. The CDPA goes even further than the GDPR, however, in that it would create criminal penalties for CEOs and other senior executives who fail to follow the FTC’s regulations. Senior executives could face up to 20 years in prison, with individual fines reaching as high as $5 million for those executives who knowingly mislead regulators.
In a statement, Senator Wyden said his bill is a direct response to privacy scandals in recent years. “Today’s economy is a giant vacuum for your personal information – everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database. But individual Americans know far too little about how their data is collected, how it’s used, and how it’s shared,” Wyden said. “It’s time for some sunshine on this shadowy network of information sharing. My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans’ most private information.”
