Intel's Proposed Bill Would Jail Execs Who Lie About Data Privacy
Intel is seeking to spur discussion about data privacy regulation in the U.S. with proposed legislation that would, among other things, fine companies that don't take reasonable safeguards to protect personal data and jail executives who lie about the measures they're taking.
The 27-page bill was released this week by the Santa Clara, Calif.-based company as part of a new interactive website that "aims to bring together policymakers and others in a transparent and open process that helps drive the development of actual data privacy legislation," Intel said Thursday.
[Related: Intel Mum On When Entry-Level CPU, IoT Supply Will Improve]
"The collection of personal information is a growing concern. The US needs a privacy law that both protects consumer privacy and creates a framework in which important new industries can prosper," David Hoffman, Intel's associate general counsel and global privacy officer, said in a statement.
The proposed legislation comes as technology companies face increased scrutiny over how they handle personal data. Earlier this year, the European Union's General Data Protection Regulation rules went into effect, requiring companies to be transparent about how user data is handled and to get permission before that data can be used, or else face heavy fines. Apple CEO Tim Cook recently said it's time for the U.S. and other countries to follow Europe with stronger data privacy laws.
Intel's proposed bill calls for companies to provide annual certification to the Federal Trade Commission of the safeguards they are taking to protect personal data. If the certification is found to contain false or inaccurate information, the company officer who issued the report could face up to $1 million in fines and up to 10 years in prison, according to the proposal.
The proposed bill would require companies to receive explicit consent from users for the collection of personal information that could create "significant privacy risk," including geolocation data, biometric data, physical and mental health data, sexual life data and genetic data. Beyond that, companies would have to provide public information about how they specifically use personal data.
Intel's model legislation also seeks to regulate the use of personal data for machine learning, algorithms, predictive analytics and similar applications. Companies would have to determine that those applications "are reasonably free from bias and error" when processing personal data.
Companies in violation of the rules would face a fine of $16,500 per user impacted and no greater than $1 billion under the proposal. However, companies that provide annual certification with no false statements would be protected from any fines under a safe harbor provision. The rules wouldn't apply to companies with fewer than 15 employees and those that collect data from fewer than 5,000 individuals.
Intel said it encourages the public to review and comment on the proposed bill on its interactive website to "help to promote the development of constructive data privacy legislation in Congress."