At the tail end of a year full of egregious data mining scandals and privacy violations by corporate giants like Facebook, Google, and Equifax—behavior that went virtually unpunished in the United States—Sen. Ron Wyden (D-Ore.) introduced a bill on Thursday that would dramatically strengthen internet privacy protections and hit executives who violate the rules with up to 20 years in prison.

"My bill creates radical transparency for consumers, gives them new tools to control their information, and backs it up with tough rules with real teeth to punish companies that abuse Americans' most private information."

—Sen. Ron Wyden"Today's economy is a giant vacuum for your personal information—everything you read, everywhere you go, everything you buy, and everyone you talk to is sucked up in a corporation's database. But individual Americans know far too little about how their data is collected, how it's used and how it's shared," Wyden said in a statement.

"It's time for some sunshine on this shadowy network of information sharing," the Oregon senator added. "My bill creates radical transparency for consumers, gives them new tools to control their information, and backs it up with tough rules with real teeth to punish companies that abuse Americans' most private information."

There need to be consequences when corporations don’t protect your data. My bill will put reckless CEOs in jail if they lie about protecting your personal information. — Ron Wyden (@RonWyden) November 1, 2018 Congress must take action to increase transparency about how corporations sell, share & use data. I look forward to working with my colleagues in the Senate to put measures in place that will put consumers back in the driver’s seat when it comes to controlling their own data. — Ron Wyden (@RonWyden) November 1, 2018

SCROLL TO CONTINUE WITH CONTENT Never Miss a Beat. Get our best delivered to your inbox.







Titled the Consumer Data Protection Act (pdf), Wyden's legislation aims to fill a void left by the federal government's failure to confront the new and complex threats facing consumers in the internet age.

The government, Wyden notes, has failed to prevent consumers' sensitive information from being "sold and monetized without their knowledge" and refused to empower internet users to "control companies' use and sharing of their data."

According to a summary (pdf) of the new bill released by Wyden's office on Thursday, the legislation would:

Establish minimum privacy and cybersecurity standards;

Issue steep fines (up to four percent of annual revenue), on the first offense for companies and 10-20 year criminal penalties for senior executives;

Create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data, or targeting advertisements based on their personal information. It permits companies to charge consumers who want to use their products and services, but don't want their information monetized;

Give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it;

Hire 175 more staff to police the largely unregulated market for private data;

Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security.

While Wyden's legislation is likely to run up against strong opposition from tech giants and the lawmakers who do their bidding, consumer advocacy groups applauded the new bill as a crucial first step in the right direction.

"We're very pleased to see the bill recognize that there are non-economic impacts to privacy violations and that those should be policed vigorously," Gaurav Laroia, an attorney with Free Press, told Motherboard. "People want additional protections. The constant drumbeat of data breaches and people's rightful concerns over companies using that information to manipulate them has created an opening to get these important protections through."