wyden data breach bill

PBS News Hour

Senator proposes jail time, fines for companies that hijack your data

The bill also includes a 'do not track' option.

Feb 9, 2019, 10:38 am

Layer 8

Joseph Knoop 

Joseph Knoop

Oregon Sen. Ron Wyden has proposed a bill that would punish tech companies with jail time and billions of dollars if they fail to ensure their users’ privacy.

Digital privacy violations have become increasingly common and ludicrously widespread. Just last month, 773 million email addresses were breached, the largest ever of its kind. Facebook was hacked in September 2018, exposing as many as 30 million to 50 million accounts.

Wyden compared the negligence of companies like Facebook to the corporate fraud scandals that rocked Enron and WorldCom and led to their collapse. His bill would give the Federal Trade Commission the authority to judge companies based on a yet-to-be-established series of privacy and cybersecurity standards. In the same way that Enron misrepresented its actions and thus broke the law, the bill would punish companies who misrepresent their users’ safety or negligently allow their data to be stolen.

Here are some other things the bill would ostensibly do:

  • Allow users to pay an unspecified fee to opt out of algorithms that track internet usage, dubbed the “do not track” option. This potentially undercuts digital advertisers who rely on user information to effectively place ads that will interest individual users.
  • Require large companies to make annual reports on their privacy practices.
  • Penalize large companies who make false statements in said reports. The penalty could be as much as 4 percent of annual revenue. Consider that Facebook made $55 billion last year, that could be an incredible sum.
  • Executives can face up to 20 years in jail for negligence and offenses.
  • Force companies to regularly assess algorithms for accuracy, bias, and discrimination.

“What we are essentially advocating is what the big financial services firms have to do under Sarbanes-Oxley,” Wyden told the Oregonian. Wyden is referring to the Public Company Accounting Reform and Investor Protection Act of 2002, which stipulates that companies must take steps to ensure the accuracy of their financial reporting and forcing executives to take responsibility for egregious errors.

Wyden called his new bill an effort to “recreate [the FTC] for the digital era,” calling the FTC’s current incarnation “toothless” in the face of massive data breaches.

Wyden has made a name for himself as one of the most aggressive politicians calling for action against companies like Facebook and their alleged negligence. Shortly before Facebook CEO Mark Zuckerberg testified before Congress in early 2018, Wyden said that Facebook ought to get its act together or risk being “broken up.”

Wyden first introduced his bill last year, but it has failed to gain traction since then. Wyden is hoping the recent slate of data breaches will provide enough public outcry to push the bill along.

Share this article
*First Published: Feb 9, 2019, 10:38 am