In yet another sign that top U.S. congressional leaders are ready and willing to hold big tech giants in Silicon Valley responsible for any privacy violations, Senator Ron Wyden (D-Oregon) has updated his proposed privacy bill to include much stiffer financial penalties for tech giants as well as potential jail time for senior executives who lie about protecting consumer privacy. Simply put, the era of giving tech companies a “slap on the wrist” (as Wyden pus it) is coming to a close. Companies will now be held responsible when they lie about their privacy policies, or when they fail to protect our personal information.
New financial penalties included in privacy bill
Similar to Europe’s General Data Protection Regulation (GDPR), which went into effect in May 2018, Wyden’s privacy bill – which will be known as the Mind Your Own Business Act – will impose financial penalties of up to 4% of a company’s annual revenue for first-time privacy violations. As supporters of the privacy bill see it, this is the only way to make sure that tech companies get the message. A financial penalty of 4% might not sound like much, but for the biggest tech companies, this might amount to billions of dollars.
Privacy advocates are especially outraged that big tech giants such as Facebook and Google appear to have gotten by in the past with very minor fines and penalties. For example, the Federal Trade Commission (FTC) recently levied a penalty of $5 billion on Facebook for privacy violations related to the Cambridge Analytica scandal. On the surface, this might sound like a huge penalty, and indeed, it is the largest penalty that the FTC has ever levied against a tech company. However, when you take into account that a company like Facebook makes billions of dollars in profit each quarter, it does not sound like a particularly daunting penalty. One privacy bill supporter, for example, likened the FTC penalty to a “mosquito bite.” And the same sort of logic applies to Google, which recently received a $170 million penalty from the FTC for YouTube-related privacy violations. If the maximum amount of 4% had been imposed instead, that penalty would have inflated to nearly $4.5 billion.
Potential jail time for Silicon Valley execs
Where the new privacy bill breaks the most ground, however, is in its attempt to criminalize privacy violations. The new privacy bill would make it a crime to lie to government agencies about privacy violations. If the CEO (or other top official) is found to have lied or covered up a privacy violation, he or she could be facing anywhere from 10 to 20 years in prison. This raises the specter, of course, that someone like Facebook CEO Mark Zuckerberg might wind up in prison one day if the social media giant continues on its current trajectory. In addition, companies would be forced to pay a tax to the government if any of their executives actually wind up behind bars.
To make sure that the privacy bill is not just all bluster, Senator Wyden has also proposed empowering state Attorneys General to enforce the new regulation. In addition, the new privacy bill would beef up the staffing of the FTC by at least 175 new members, all of whom would be tasked with privacy-related cases. This would essentially mean “more cops on the beat,” and more ways to make sure that big tech companies take responsibility for their actions.
Beefed up data privacy provisions
The new Mind Your Own Business privacy bill also includes significant new protections for consumers, especially with regard to data privacy. The goal is an entirely new approach to the way companies use, collect and analyze data. As Wyden said in a statement, consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share data, and corporate executives need to be held personally responsible when they lie about protecting privacy.
The privacy bill proposes the creation of a federal Do Not Track registry, which would enable Internet users to opt out of data tracking for targeted ads. In essence, this would mirror the current “Do Not Call” registry that consumers can sign up for in order to avoid annoying telemarketing phone calls. With the “Do Not Track” provision, consumers would have much greater control over who gets to use their data, and how it is eventually used.
Paid privacy versions of data products
Somewhat controversially, the new privacy bill also will require big social media platforms such as Facebook or Twitter to offer a paid “privacy-protecting” version of their services. In other words, Facebook would offer a free version to people who don’t mind getting tracked and monitored by advertisers, and also a paid version for people who take their privacy seriously and who don’t want big tech companies to share our data.
To keep big tech giants from turning this paid version of their offering into a big moneymaking venture, the privacy bill puts certain guardrails in place. For example, the annual cost of the privacy-protecting version of the service will be capped at a certain level. Wyden has proposed that the maximum price for such a service not exceed the amount of money a company would forfeit by not selling a user’s data. In the case of Facebook, that figure would be close to $26 per year. And, just to make sure that privacy does not become a luxury good only available to the wealthiest consumers, the new privacy bill will use the FCC Lifeline program (which was designed to provide phone service to low-income individuals) to also help out low-income Internet users.
Potential impact of new privacy bill
While the new privacy bill certainly sounds like something that will fundamentally change the way companies use personal data and boost the amount of care that they take in protecting personal information, there is also the issue of whether this new privacy bill will ever go for a final vote in its current form. By the time tech lobbyists get involved, there might be much weaker penalties put in place, as well as plenty of loopholes for companies to wiggle through.
However, the fact that a known privacy hawk like Senator Ron Wyden is behind the bill is a good sign. This esteemed politician has spent the past year refining and honing a previous piece of legislation that he proposed back in 2018, and it looks like he is on the right path to delivering America a GDPR-style piece of legislation. Now we can only hope that this privacy bill attracts bipartisan support before tech companies get a chance to scuttle this bold new effort at privacy reform.