Should company bosses face jail for mishandling your privacy?

Mark Z, how do you feel about orange? Like, say, in a jumpsuit style?

Kidding! No court has found that you, the Facebook CEO, has purposefully misled the government about how your company did/did not protect consumers’ data during, say, the multifaceted, ever-unfolding, Cambridge Analytica privacy debacle.

Senator Ron Wyden’s on the case, though, and has now put on the table a bill that would throw execs into jail for up to 20 years if they play loosey-goosey with consumer privacy.

Under his proposed bill, introduced on Thursday and called the Consumer Data Protection Act, execs who knowingly mislead the Federal Trade Commission (FTC) about how their companies protect consumer data could face up to 20 years in prison and $5 million fines.

He’s proposing sunshine. He’s proposing “radical transparency.” He’s proposing legislation with “real teeth” when it comes to punishing companies that vacuum up our data without telling us “how it’s collected, how it’s used and how it’s shared,” Wyden said in a statement.

This is a way to arm consumers against the massive data monetization industry that’s flourished over the past decade, dragging privacy scandals along with it, Wyden said:

Today’s economy is a giant vacuum for your personal information – Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database. But individual Americans know far too little about how their data is collected, how it’s used and how it’s shared.

Besides fines and jail time, Wyden’s proposal would also dramatically beef up resources to go after data miscreants. The cops in this case would be the FTC: to give the Commission the muscle it would need, the senator is proposing jacking up its authority, funding and staffing to crack down on privacy violations. The bill would also mandate easy opt-out for consumers to shrug off hidden tracking of their sensitive personal data.

This is what the bill would enable the FTC to do:

  1. Establish minimum privacy and cybersecurity standards.
  2. Issue steep fines (up to 4% of annual revenue), on the first offense for companies and 10-20 year criminal penalties for senior executives.
  3. Create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data, or targeting advertisements based on their personal information. It permits companies to charge consumers who want to use their products and services, but don’t want their information monetized.
  4. Give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
  5. Hire 175 more staff to police the largely unregulated market for private data.
  6. Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.


Senator Wyden got a thumbs-up from the Consumers Union, search engine DuckDuckGo, and four former FTC chief technologists. This would be awesome for us, said CEO Gabriel Weinberg of DuckDuckGo, the privacy-oriented browser that eschews profiteering off our data:

Senator Wyden’s proposed consumer privacy bill creates needed privacy protections for consumers, mandating easy opt-outs from hidden tracking. By forcing companies that sell and monetize user data to be more transparent about their data practices, the bill will also empower consumers to make better-informed privacy decisions online, enabling companies like ours to compete on a more level playing field.

The bill proposes that companies with annual revenues in excess of $1 billion, or those whose warehouses contain data on more than 50 million consumers or their devices, submit “annual data protection reports” to the government that detail all the steps they’ve taken to protect the security and privacy of consumers’ personal information.

Execs who sign off on reports that are less than truthful could be looking at the stiff fines, the jail time, or both.

The Do Not Track list would bar companies from sharing with third parties the data of those who sign up, or from using their data to target ads to them. The bill addresses the “Well, how do we make money, then?” aspect of the pay-or-get-marketed-at dilemma of paying for websites by giving companies permission to charge customers on the list a fee to use their products and services.

But even those consumers who don’t sign on to the Do Not Track list would be granted the ability to review information collected about them, see who it’s been shared with or sold to, and challenge any inaccuracies.

What are the bill’s chances of passing?

“Activists and consumer groups claim the industry’s more interested in undermining tougher privacy rules with their own, weaker proposals – than actually crafting meaningful ones”, says Motherboard.

For example, Facebook, Google, and Verizon collectively lobbied the GOP to kill modest but meaningful FCC privacy rules last year. They also worked in unison to scuttle scuttle state-level privacy rules in California, falsely claiming that such efforts would only “embolden extremists,” harm children, and somehow increase internet popups, according to an analysis by the Electronic Frontier Foundation.