Senator's data privacy law draft could put CEOs in jail for lying

Penalties could go as high as 20 years in prison for a failure to protect your data.

Alfred Ng
Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
3 min read
Senator Ron Wyden

Sen. Ron Wyden introduced a draft of a data privacy bill on Thursday.

Aaron P. Bernstein / Getty Images

A year after Equifax's massive breach, millions of people were frustrated that nothing had changed.

There were class action lawsuits across the country, which is often the response to data breaches -- lawyers also sued Facebook and Uber this year -- but lawmakers still felt that the companies involved weren't being held accountable for mishandling data on millions of people.

Sen. Ron Wyden, a Democrat from Oregon, wants to change that with the proposed Consumer Data Protection Act.

The lawmaker, who has been at the forefront of cybersecurity and privacy issues in the Senate, introduced a draft data privacy bill on Thursday, with harsh penalties for companies that violate your privacy. The bill would apply to companies that bring in  more than $50 million in revenue and have personal information on more than 1 million people.

"Today's economy is a giant vacuum for your personal information," Wyden said in a statement. "Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation's database. But individual Americans know far too little about how their data is collected, how it's used and how it's shared."

The draft recommends boosting the ability of the Federal Trade Commission to take action on privacy violations. Right now, the FTC can only fine tech companies if they agree to a consent decree, as Facebook did in 2011.

Watch this: Stronger data privacy laws may be coming to the US

The bill would also require companies to submit an annual data protection report, similar to how companies like Google and Apple voluntarily release transparency reports on government demands. The report would need to be signed by CEOs, who could face up to 20 years in prison if they lie to the FTC.

Wyden's draft bill also introduces a national "Do No Track" website, which would create a central page allowing Americans to opt out of data sharing across the internet. As things stand, if you want to opt out of data tracking, you have to do it in your settings on each individual website where you've signed up. In some cases, the only way to opt out is to just not use the website. 

The FTC would also be able to issue fines up to 4 percent of the company's annual revenue, which is also the same percentage that the European Union's General Data Protection Regulation uses.

A push for a federal data privacy law has been brewing on Capitol Hill over the last year, fueled by privacy issues like Facebook's problems with Cambridge Analytica. Multiple lawmakers have been working on their own privacy bills, and members of Congress have held hearings with tech giants and tech advocates to work on the legislation. 

Silicon Valley has taken notice. Apple CEO Tim Cook has called for a federal data privacy law, arguing that privacy is a "fundamental human right." Google, Facebook and Amazon have also said they support a federal data privacy law, though there's a major difference in what tech companies want and what privacy advocates want. 

Through trade organizations like the Internet Association, tech companies have called for pre-empting state laws, which would mean that strict laws like California's Consumer Protection Act  would be overruled by a federal bill. 

Advocates warn that this stipulation makes it difficult for states to catch up with new data privacy issues, warning that technology advances much faster than the law does. 

You can read the draft bill here: 

First published Nov. 1, 6:57 a.m. PT.
Updates, 7:17 a.m.: Adds details about data privacy legislation; 9 a.m.: Includes statement from Wyden.

Mark Zuckerberg, you're invited: UK and Canadian politicians push for a privacy hearing.

Vote this way: How your personal data gets used to create the perfect election ad.