Privacy, seriously

Firms may face new $16,500 privacy fines under White House bill

Many consumers have grown resigned to the parade of privacy breaches that occur when apps or big tech companies like Facebook or Google misuse their personal data. These incidents typically result in a slap on the wrist for the offending company, but that could change under a new privacy law the White House is expected to propose next month.

According to Politico, which offers details from three Administration sources, the proposed law would work by strengthening data protection rules and by greatly increasing the power of the Federal Trade Commission to impose fines.

This last point is significant since the FTC, which is the country’s de facto privacy cop, is often incapable of meting out real punishments, even in the event of most egregious privacy breaches. A recent example is a company that used a free flashlight app to steal personal data from 50 million Android users but avoided even a fine. As a result, newer companies like Snapchat may be tempted to play fast and loose with privacy, knowing there will be few consequences.

While the FTC has been able to punish repeat offenders, including Facebook and Google, through the use of 20-year consent decrees, the companies sometimes appear to treat such measures as just a cost of doing business. But under the new bill, the FTC would pack more of a punch, including a new power to fine $16,500/day:

The agency, under the administration’s proposal, would gain the power to issue civil penalties against companies, sources said. Currently, the FTC can only levy fines when companies break existing privacy or security settlements with the agency. But the bill would empower the FTC to slap businesses with penalties of $16,500 per violation per day for breaking the law, one source indicated. Other portions of the bill would firm up the FTC’s legal authority over nonprofits and telecom companies.

If passed, the law would also reportedly increase the FTC’s oversight over data brokers and in emerging areas of tech like facial recognition software. It may also give consumers new power to learn what information internet companies possess about their personal lives, though it would not go as far as Europe’s controversial “right to be forgotten” law.

While the additional powers FTC may be welcomed by many consumers, the proposed law could prove contentious in Congress, and with the increasingly powerful tech lobby. Opponents are likely to claim that the stricter controls on data and privacy could inhibit innovation, and risk imposing emerging industries in red tape.

To learn more, and to hear directly from the FTC, come join Gigaom at Structure Data in New York City on March 18, where I’ll be speaking with FTC Commissioner Julie Brill.

2 Responses to “Firms may face new $16,500 privacy fines under White House bill”

  1. I’m sorry – could you point out a single instance where Google ‘misused’ the personal data of someone?
    They have been very up front about their business model from day one. There is no ‘misuse’ to it.

  2. MedicalQuack

    One thing that is fairly straight out to fix and I’m all over this being a victim myself, index and license all data sellers. I’m a marked person now who takes blood thinners and found this out getting a call from a clinical trial company wanting to enroll me. They said they had it in their files that I take blood thinners.

    I have been repackaged and resold on this and I can’t fix it as I don’t know where to go and I’m former developer and know my way around pretty well. It’s not at any data broker either. Here’s the campaign and idea I started 3 years ago.

    This works for another reason too as with all the hacking, stolen data will be innocently purchased by other companies and used as well, so a license number with each sale tagged to it is needed more than ever.