Pack your pyjamas, Zuck: US bill threatens execs with prison for data failures
Senator Ron Wyden's on the warpath with 'Mind Your Own Business Act'
A proposed law bill in the US aims to give regulators genuine powers to go after companies that fail to protect citizens' privacy up to and including jailing bosses.
The brilliantly titled "Mind Your Own Business Act" (PDF) would give the Federal Trade Commission, which is responsible for privacy protections, the power to do more than just fine companies that drop the ball with their customers' data.
Ron Wyden, Democrat senator for Oregon, said: "Mark Zuckerberg won't take Americans' privacy seriously unless he feels personal consequences. A slap on the wrist from the FTC won't do the job, so under my bill he'd face jail time for lying to the government."
The FTC was heavily criticised when it fined Facebook $5bn for repeatedly ignoring privacy protections earlier this year. Even though it was the largest ever fine imposed by the FTC, it represented just a month's sales for the data broker. Senator Wyden said at the time that the FTC had "failed miserably".
Wyden said he had spent a year talking to experts about what was required and three clear messages emerged. Consumers need to be given back control of their data; companies must be far more transparent about what they do with that data; and there must be real consequences for executives who break the rules.
The bill would exceed European protections offered by the General Data Protection Regulation but includes the same level of fines – 4 per cent of annual revenues for first offences. But executives who lie to regulators face between ten and 20 year prison sentences. The FTC would have to set minimum standards for privacy and cybersecurity for all organisations to follow.
The bill calls for a nationwide Do Not Track register for consumers to stop companies monitoring their activity online or selling or sharing that data to target advertising. Companies that wish to sell consumer data as a condition of their business must offer an alternative privacy-friendly service for which they can make a reasonable charge.
Companies must also provide an easy way for people to see what data is held on them, which other companies have access to it and to correct inaccuracies.
The FTC would get 175 extra staff should the bill pass – it currently has about 50 people policing technology and credit companies for data security and privacy.
The body would also get the power to fund state-based organisations to file complaints on behalf of consumers, and be able to force companies to ensure any algorithms used to process consumer data are accurate, fair and not biased or discriminatory.