Last month, a draft of a bill called the “Consumer Data Protection Act” (CDPA) was released, and is supposed to mirror the European GDPR by creating new minimum privacy and security policies that will enacted all over the US.
The CPDA bill is a part of a bigger phenomenon characterized by the growing urgency of the US government to change its weak privacy policies. An example of such change will be the new Californian bill, Senate Bill 327, that we reported about on the October 10th. This bill forces manufactures of connected devices to equip them with a reasonable security feature during production time, or to ensure that the user is forced to add one while using the device for the first time.
This urgency was triggered by a number of incidents, the latest and most controversial is the Cambridge Analytica case. The company managed to gather information on more than 50 million Facebook users by simply creating a quiz app that was marketed as a “research tool”. This event caused great discomfort in the world, and a lot of people were blaming Facebook for not protecting their personal information. This event caused great discomfort in the world, and a lot of people were blaming Facebook for not protecting their personal information.
The CDPA bill from last month, proposed by Sen. Ron Wyden, will give the Federal Trade Commission the authority to establish new privacy and cybersecurity standards, to stop third-party companies from tracking consumers by creating a “do not track system”, to be able to issue fines on companies which break the law (even on the first offence), and to make senior executives face 10-20 criminal penalties.
As the American regulator gets more involved, the bigger the chance more cases like Cambridge Analytica will be brought to the public’s attention, which may cause different media and tech companies to object to new bills going the same path as those mentioned above.