Federal Privacy Law Update: is “Mind Your Own Privacy” the Frankenstein’s Monster of Proposed Federal Privacy Legislation?
The latest move in the ever-changing privacy regulation landscape introduces a new and much more serious consequence to the conversation: criminalization of lies told to the Federal Trade Commission (“FTC”) by senior executives of tech companies. Senator Ron Wyden (D-OR) shared his official version of his “Mind Your Own Privacy” Act in mid-October. While criminalizing lying about privacy practices to the FTC is an attention grabbing headline, the Act would implement several other measures impacting individual’s privacy rights, including the following:
- Granting the FTC authority to establish minimum security requirements and issue fines of up to 4 percent of annual revenue for first offense violations of the Act. Additionally, state attorney generals are granted enforcement authority to broaden regulatory impact. This is similar to penalties under the General Data Protection Regulation (“GDPR”).
- Imposing criminal penalties of 10 to 20 years of prison time for senior executives that knowingly lie to the FTC. Further, a company will face tax penalties if its senior executive commits such a crime. There are similar provisions imposing criminal penalties under the Dodd-Frank Wall Street Reform and Consumer Protection Act.
- Creating a national Do Not Track system whereby a company must honor a consumer’s request for a company to not track an individual online, sell their personal information, or target advertising to such individual based on their personal information. This seems similar to the national “Do Not Call” lists implemented under the Telephone Consumer Protection Act of 1991 (“TCPA”).
- Providing privacy friendly versions of products, where if a company wishes to condition its product on the use of personal information, it must offer a version of the product that honors privacy rights, which may be associated with a fee. However, this fee must be waived for low income individuals, as a mechanism to ensure all individuals access to privacy rights. This provision could be considerably burdensome.
- Providing consumers the ability to review and correct their personal information stored by a company. These types of consumer rights are similar to those under the GDPR and California Consumer Protection Act of 2018 (“CCPA”).
Senator Wyden’s own website touts the proposed legislation as going further than even the European Union’s General Data Protection Regulation (GDPR). While Washington is far from any agreement on the Act or any federal privacy legislation, this proposed legislation does highlight key trends in the privacy discussion, including the grant of privacy rights to individuals and increasingly steep penalties for companies that violate such rights.