Prison time, hefty fines for data privacy violations: draft U.S. Senate bill

[steven36]

WASHINGTON (Reuters) - A senior Democratic U.S. senator on Thursday unveiled draft legislation that would allow hefty fines and as much as 20-year prison terms for executives who violate privacy and cybersecurity standards.

 

 

Senator Ron Wyden released a draft of legislation that would grant the Federal Trade Commission authority to write privacy regulations. The measure would also allow maximum fines of 4 percent of revenue - matching European rules adopted earlier this year.

 

“It’s time for some sunshine on this shadowy network of information sharing,” Wyden said in a statement. “My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules.”

 

Data privacy has become an increasingly important issue since massive breaches compromised the personal information of millions of U.S. internet and social media users, as well as breaches involving large retailers and credit reporting agency Equifax Inc.

 

Wyden would also create a national “Do Not Track” system to stop companies from tracking internet users by sharing or selling data and targeting advertisements based on their personal information. The bill would also subject senior executives at companies with privacy violations to fines of $5 million or more.

 

Facebook Inc , the world’s largest social media network, said earlier this year that the personal information of about 70 million U.S. users was improperly shared with political consultancy Cambridge Analytica. It said last month that cyber attackers stole data from 29 million Facebook accounts using an automated program that moved from one friend to the next.

 

In September, Amazon.com Inc , Alphabet Inc , Apple Inc , AT&T Inc , Charter Communications Inc  and Twitter Inc all told senators they would back new federal privacy regulations.

Senator John Thune, who chairs the Commerce Committee, is also working on privacy legislation.

 

The Internet Association, which represents more than 40 major internet and technology companies, backs modernizing data privacy rules but wants a national approach that would pre-empt new regulations in California that take effect in 2020. The Trump administration is also seeking comments on how to set nationwide data privacy rules.

 

The European Union General Data Protection Regulation took effect in May, replacing the bloc’s patchwork of rules dating back to 1995.

 

Breaking EU privacy laws can result in fines of up to 4 percent of global revenue or 20 million euros ($22.8 million), whichever is higher, as opposed to a few hundred thousand euros.

 

Source