U.S. Senator Ron Wyden, D-Oregon, recently introduced comprehensive privacy legislation, known as the “Mind Your Own Business Act” (MYOB Act), to provide protections for the private data of Americans and to hold corporate executives accountable if they abuse such information. While this isn’t the first such legislation introduced in Congress and is unlikely to be the last, the MYOB Act is notable for its breadth, including the size and scope of the potential penalties that could be imposed on offenders.
According to a press release issued by Sen. Wyden’s office, the bill (which is an updated version of one he introduced last session) contains the most comprehensive protections for Americans’ private data ever introduced, and goes further than Europe’s General Data Protection Regulation (GDPR). The MYOB Act allows consumers to control the sale and sharing of their data, and gives the Federal Trade Commission (FTC) the authority to implement and enforce the law.
Among other things, the MYOB Act empowers the FTC to establish minimum privacy and cybersecurity standards and issue steep fines (up to 4% of annual revenue) for the first offense on companies that violate the law as well as 10- to 20-year criminal penalties for senior executives who knowingly lie to the FTC. Further, the FTC is to create a national Do Not Track system that lets consumers stop companies from tracking them on the web, selling or sharing their data, or targeting advertisements based on their personal information. The Commission also shall give consumers a way to review their personal information that a company possesses, learn whether and how it has been shared or sold, and challenge inaccuracies in the information. The FTC also can require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy and security. The MYOB Act also allows for state attorneys general to enforce the data privacy regulations and for privacy watchdogs to sue companies on behalf of people affected by data violations.
While other lawmakers have proposed data privacy bills, progress has been slow, as there has been no consensus among legislators, consumers, privacy advocates, and corporations as to what should be included in such legislation. Whether the proposed MYOB Act gains any traction in Congress remains to be seen.