Under the proposed legislation, the Federal Trade Commission would be given new authority to police corporations that have their hands on a significant amount of user data. That would put a much more critical eye on the tech industry, which has had its share of data-related scares in recent months, from the Cambridge Analytica scandal at Facebook to the recent breach of Google+.
The FTC would add 175 new members to its staff to carry out enforcement and would be given the ability to penalize a company up to four percent of its revenue for its first violation. Companies would also be required to submit regular reports to the FTC to disclose any privacy lapses that have occurred. Companies making more than $1 billion in revenue and handling information from more than one million people and smaller companies handling the data of more than 50 million people would be subject to the regular check-ins. Failure to comply would care a punishment of potential jail time for executives.
The legislation would also institute a Do Not Track list. When a consumer joins the list, companies would be barred from sharing their data with third parties or using it to serve up targeted advertisements. As a trade-off, companies would be given permission to charge customers on the Do Not Track list a fee to use their products and services to make up for lost ad revenue. Even if consumers don't choose to join the list, they would be granted the ability to review information collected about them, see who it has been shared with or sold to and challenge any inaccuracies.
Wyden's proposal would mark a major change in how companies handle consumer data and offer real consequences for those who fail. Turning it into law will likely present a major challenge. While consumer advocates and privacy-minded companies like DuckDuckGo have lent their support, companies with massive amounts of user data and equally big lobbying budgets are likely to push back against it.