Calendar year 2018 has been unprecedented in terms of international and domestic privacy legislation. From the European Union General Data Protection Regulation to states’ enactment of more restrictive data privacy laws, and from Federal Trade Commission actions to the fake news scandals, companies are expending significant resources on compliance.
There has also been much discussion of late about whether the U.S. will enact federal privacy legislation in order to ensure more consistency. Senator Ron Wyden has now proposed sweeping new data privacy legislation that would reform domestic online privacy protections. The proposed legislation has numerous similarities to the GDPR.
The proposed bill has been dubbed the Consumer Data Privacy Act and it imposes minimum cybersecurity and data privacy requirements for companies that generate more than $50 million in revenue and that possessed personal data of more than 1 million people. Companies with revenues exceeding $1 billion or that store data on more than 50 million consumers or their devices would be required to submit annual data protection reports to the government that explain their cybersecurity practices.
Not only would the legislation be subject to FTC enforcement, it would permit the agency to create minimum standards for consumer privacy and data security. Consult with an experienced FTC attorney to discuss the similarities to GDPR, including the enhanced control and transparency that consumers would have to be provided, including mechanisms to request and review the data that companies have collected on them, and who it has been shared with.
Penalties would include fines by the FTC of up to 4% of annual revenue. Importantly, it would impose criminal penalties for senior executives that fail to follow the regulations, including up to 20 years in prison and individual fines as high as $5 million for knowingly misleading regulators.
In a statement, Senator Wyden states that the CDPA “creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans’ most private information.”