At the start of November, 2018, Senator Ron Wyden (Democrat from Oregon) proposed a bill that is designed to amend the powers of the Federal Trade Commission (FTC), giving the agency the power to investigate and prosecute companies that collect and use personal data from their consumers. Known as the Consumer Data Protection Act (CDPA), this bill is clearly influenced by the EU’s recent activation of the General Data Protection Regulations (GDPR).
Senator Wyden’s new bill introduction represents the next step in the rapid arrival of legislation to the world of data collection. Building on such regulations as the GDPR and the upcoming California Consumer Privacy Act, the CDPA – if ratified – will give the average consumer new powers and far greater control when it comes to data collection.
How the Senate Bill Differs from the GDPR
On many levels, the CDPA is similar to the GDPR. Both pieces of legislature place responsibility on companies collecting and using personal data. In the case of the CDPA, it will affect any organization that generates more than $50 in revenue and collects or stores personal data from more than 1 million people. Affected business will be required to submit annual privacy reports to the FTC, ensuring that they meet any federal standards of consumer privacy protection currently in place.
Companies that fail to meet these criteria, or are found in violation of the CDPA, may lose up to 4% of annual gross revenue (the same standard as the GDPR). Unlike the EU document, however, the CDPA goes further on executive responsibility. If an executive fails to report a data breach within the appropriate time, this individual can face up to a 20-year prison sentence.
Furthermore, the CDPA will create a “Do Not Track” system, usable in any state across the US. This system will allow users to prevent companies from creating targeted advertisements based on personal data, as well as stopping third parties from tracking their information by sharing or selling data.
A Preview of Legislation to Come
The CDPA is still in its infancy and it is too early to say whether this particular bill will pass legislation. What is certain, however, is that some form of legal oversight is coming to US data collection companies. The upcoming California Consumer Privacy Act may only be state legislation, but it is expected to have national consequences. Other states may also follow suit, enacting their own specified regulations.
With so much changing in the legal landscape of data responsibility, service providers – especially organizations working with large amounts of consumer data – need to keep informed, or at the very least have informed partner companies helping to maintain compliancy. To help educate the community to the GDPR and other new data laws, Keypoint Intelligence – InfoTrends (InfoTrends) recently published the first in a series of pieces examining data responsibility. This analysis has a full breakdown of GDPR roles and responsibilities, as well as its similarities with the California Consumer Privacy Act. As a thINK member you have access to this document in the resource center, click here to login and view. Expect InfoTrends to continue to publish further documentation as the legislative situation continues to develop and how PSPs are impacted.
Colin McMahon is a Research Analyst at Keypoint Intelligence – InfoTrends. He primarily supports the Business Development Strategies and Customer Communications advisory services. He creates or refines much of InfoTrends’ content, including forecasts, industry analysis, and research reports. He also assists with the editing and formatting process for many deliverables.