A new bill from Sens. Richard Blumenthal (D-CT) and Ed Markey (D-MA) would place significant new constraints on data collection by Facebook and other online services. Dubbed the CONSENT Act (short for Customer Online Notification for Stopping Edge-provider Network Transgressions), the bill requires explicit opt-in consent from users to use, share, or sell any personal information, as well as clear notification any time data is collected, shared, or used. The bill would also add new security and breach reporting requirements.

Crucially, the CONSENT Act relies on the Federal Trade Commission to enforce any violations of those new rules. If the bill passes, the result would be a significant expansion of the commission’s power and role in online advertising more broadly. The commission is already expected to take action against Facebook in response to a 2011 consent decree, which many believe the Cambridge Analytica data collection may have violated.

Sen. Blumenthal confronted Mark Zuckerberg over the apparent violation of the consent decree during the CEO’s testimony before the Senate Judiciary and Commerce committees earlier today.

“Doesn’t that [thisisyourdigitallife] term of service conflict with the FTC order that Facebook was under at that very time?” Blumenthal asked Zuckerberg, after presenting language from the app ultimately used to collect data for Cambridge Analytica. “Isn’t there a conflict there?”

“It certainly appears that we should have been aware that this app developer submitted a term that was in conflict with the rules of the platform,” Zuckerberg replied.

“What happened here was, in effect, willful blindness,” Blumenthal continued. “It was heedless and reckless, which in fact amounted to a violation of the FTC consent decree. Do you agree?”

“No, Senator. My understanding is not that this was a violation of the consent decree,” Zuckerberg said. “But as I’ve said a number of times today, I think we need to take a broader view of our responsibility around privacy than just what is mandated in the current laws.”

Later in the hearing, Sen. Markey pressed Facebook on whether it would support the bill and the principles of opt-in consent more generally. “Would you support that legislation to make it a national standard,” Markey asked Zuckerberg, “not just for Facebook but for all the other companies out there, some of which are bad actors?”

Zuckerberg demurred: “In general, I think that principle is exactly right and we should have a discussion…”

Markey continued to press Zuckerberg on his support for the bill, framing it as a US response to the impending GDPR requirements mandated by the European Union. “But would you support legislation and make that the American standard?” Markey asked. “Europeans have already passed that as a law, and Facebook’s going to live with that law beginning on May 25th. Would you support that as the law in the United States?”

“As a principle, I would,” Zuckerberg said. “I think the details matter a lot.”