Oregon senator works on US equivalent to GDPR

Oregon senator works on US equivalent to GDPR
16 Nov 2018

Oregon Democrat senator Ron Wyden is working on a Bill that would bring US consumer privacy rights up to the same level as those laid out in the European Union’s General Data Protection Regulation (GDPR).

The new Bill - named the Consumer Data Protection Act (CDPA) - would even take safeguards one step further by jailing executives at large organisations for up to 20 years if they lied or failed to report privacy violations, according to ZDNet.

The Act would also grant the Federal Trade Commission (FTC) new powers when enforcing consumer privacy rights, thereby establishing minimum privacy and cybersecurity standards. If companies failed to meet these minimum standards, they would risk GDPR-style fines of up to 4% of their total annual gross revenues.

Firms that handle the private data of more than 50 million users, or generate annual turnover of over US$1 billion, would likewise be required to submit annual privacy reports to the FTC. The reports would be required to detail if and how the organisation complied with the CDPA's new privacy rules.

Wyden also proposes that the FTC establish and enforce a "Do Not Track" system, which would provide consumers with a choice not to share their personal information with companies. The Act would likewise provide users with a means to review the personal information that an organisation has collected on them and understand with whom it has been shared.

Finally, the CDPA would ban firms from blocking consumers from accessing services if they decide not to share their personal data. Instead, it would allow them to charge users to access their website or services, thereby treating an individual’s data as the equivalent of an entrance fee.

Wyden told Healthcare IT News: “Today’s economy is a giant vacuum for your personal information. Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database.”

The problem is that individuals know far too little about how their data is collected, how it is used and how it is shared, he said. As a result, “it’s time for some sunshine on this shadowy network of information sharing,” Wyden added.

 Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

GDPR: Opportunity or threat?

Ensuring GDPR compliance in HR and payroll

GDPR: Tackling the new data processor obligations

 

Oregon Democrat senator Ron Wyden is working on a Bill that would bring US consumer privacy rights up to the same level as those laid out in the European Union’s General Data Protection Regulation (GDPR).

The new Bill - named the Consumer Data Protection Act (CDPA) - would even take safeguards one step further by jailing executives at large organisations for up to 20 years if they lied or failed to report privacy violations, according to ZDNet.

The Act would also grant the Federal Trade Commission (FTC) new powers when enforcing consumer privacy rights, thereby establishing minimum privacy and cybersecurity standards. If companies failed to meet these minimum standards, they would risk GDPR-style fines of up to 4% of their total annual gross revenues.

Firms that handle the private data of more than 50 million users, or generate annual turnover of over US$1 billion, would likewise be required to submit annual privacy reports to the FTC. The reports would be required to detail if and how the organisation complied with the CDPA's new privacy rules.

Wyden also proposes that the FTC establish and enforce a "Do Not Track" system, which would provide consumers with a choice not to share their personal information with companies. The Act would likewise provide users with a means to review the personal information that an organisation has collected on them and understand with whom it has been shared.

Finally, the CDPA would ban firms from blocking consumers from accessing services if they decide not to share their personal data. Instead, it would allow them to charge users to access their website or services, thereby treating an individual’s data as the equivalent of an entrance fee.

Wyden told Healthcare IT News: “Today’s economy is a giant vacuum for your personal information. Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database.”

The problem is that individuals know far too little about how their data is collected, how it is used and how it is shared, he said. As a result, “it’s time for some sunshine on this shadowy network of information sharing,” Wyden added.

 Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

GDPR: Opportunity or threat?

Ensuring GDPR compliance in HR and payroll

GDPR: Tackling the new data processor obligations