Oregon Senator Introduces Sweeping Legislation to Secure Personal Information and Hold Corporations Accountable
U.S. Senator Ron Wyden, D-Ore., recently introduced comprehensive privacy legislation, known as the “Mind Your Own Business Act” (MYOB Act), to provide protections for the private data of Americans and to hold corporate executives accountable if they abuse such information. While this isn’t the first such legislation introduced in Congress and is unlikely to be the last, the MYOB Act is notable for its breadth, including the size and scope of the potential penalties that could be imposed on offenders.
According to a press release issued by Wyden’s office, the bill (which is an updated version of one he introduced last session) contains the most comprehensive protections for Americans’ private data ever introduced, and goes further than Europe’s General Data Protection Regulation (GDPR). The MYOB Act allows consumers to control the sale and sharing of their data, and gives the Federal Trade Commission (FTC) the authority to implement and enforce the law.
Among other things, the MYOB Act empowers the FTC to establish minimum privacy and cybersecurity standards and issue steep fines (up to 4 percent of annual revenue) on the first offense for companies who violate the law as well as 10- to 20-year criminal penalties for senior executives who knowingly lie to the FTC. Further, the FTC is to create a national Do Not Track system that lets consumers stop companies from tracking them on the web, selling or sharing their data, or targeting advertisements based on their personal information. The Commission also shall give consumers a way to review the personal information a company possesses on them, learn whether and how it has been shared or sold, and challenge inaccuracies in the information. The FTC also can require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy and security. The MYOB Act also allows for state attorneys general to enforce the data privacy regulations and for privacy watchdogs to sue companies on behalf of people affected by data violations.
While other lawmakers have proposed data privacy bills, progress has been slow as there has been no consensus among legislators, consumers, privacy advocates, and corporations as to what should be included in such legislation. Whether the proposed MYOB Act gains any traction in Congress remains to be seen.