As Facebook CEO Mark Zuckerberg testified on Capitol Hill on Tuesday about the company’s policies related to user data, a bill was introduced in the U.S. Senate to establish a privacy bill of rights to protect the personal information of America’s online consumers.
U.S. Sens. Edward Markey (D-MA) and Richard Blumenthal (D-CT) introduced the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act, S. 2639. Edge providers like Facebook and Google would be required to gain consent before using, selling or sharing users’ personal information under the bill.
“America deserves a privacy bill of rights that puts consumers, not corporations, in control of their personal, sensitive information,” Markey said. “The avalanche of privacy violations by Facebook and other online companies has reached a critical threshold, and we need legislation that makes consent the law of the land. Voluntary standards are not enough; we need rules on the books that all online companies abide by that protect Americans and ensure accountability. I thank Sen. Blumenthal for his partnership and look forward to working with my colleagues on a bipartisan basis to pass the long-overdue privacy bill of rights.”
Edge providers would also be required to establish “reasonable” data security practices under the CONSENT Act. The bill would also require companies to notify users about the personal information that it collects, uses and shares — and when data breaches occur. The Federal Trade Commission (FTC) would be tasked with enforcing these measures.
“The startling consumer abuses by Facebook and other tech giants necessitate swift legislative action rather than overdue apologies and hand-wringing,” Blumenthal said. “Our privacy bill of rights is built on a simple philosophy that will return autonomy to consumers: affirmative informed consent. Consumers deserve the opportunity to opt in to services that might mine and sell their data — not to find out their personal information has been exploited years later.”
In March, Markey and Blumenthal raised concerns about Facebook data collection policies in a letter to Zuckerberg. The senators cited reports about an app developed by Cambridge University lecturer Dr. Aleksandr Kogan that harvested data from 50 million Facebook users for psychological profiling, although just 270,000 users installed the app.
“In 2014, Facebook revised its official policies to prohibit application developers from accessing ‘friends data’ — personal information about the friends of application users, including their status updates, check-ins, location and interests,” the letter stated. “Aside from Dr. Kogan’s app, for a full seven years Facebook hosted thousands of applications — including the popular game FarmVille and the dating app Tinder — that were able to use this ‘friends data,’ despite a 2011 Federal Trade Commission consent decree, which requires Facebook to obtain explicit permission before sharing data about its users.”
The senators also cited claims from a former Facebook executive that the company had “explicitly discouraged him from conducting audits of external applications that had collected user data.” The senators requested a summary of Facebook policies for approving apps that collect user data, information on the number of apps that collected friend data, the extent of Facebook’s auditing of apps that collect user data, and the chain-of-command for app audits.