Data privacy has gotten out of the government’s control, the Government Accountability’s Office found in a report released on Wednesday.
The study, requested in 2017 by House Energy and Commerce committee chairman Rep. Frank Pallone, recommended a federal US privacy law that would allow for real consequences against tech giants.
It found that over the last 10 years, most of the Federal Trade Commission’s actions against data privacy abuses did not come with any civil penalties, as the agency doesn’t have the authority to fine companies for those violations.
In the past, the FTC has fined companies like Google and Vizio for tracking your data, but the GAO found that of the 101 data privacy violations the FTC investigated since 2009, nearly all of them ended in settlement agreements.
“Since I requested this report, the need for comprehensive data privacy and security legislation at the federal level has only become more apparent,” Pallone said in a statement. “From the Cambridge Analytica scandal to the unauthorized disclosures of real-time location data, consumers’ privacy is being violated online and offline in alarming and dangerous ways.”
The report comes as privacy concerns reached a boiling point in 2018, following a flurry of breaches and data abuses from household tech names like Facebook and phone companies allowing for location tracking. While the European Union’s General Data Protection Regulation kicked in last May, the US does not have an equivalent.
Lawmakers have pushed for federal regulation of data privacy, such as the Data Care Act, introduced by a group of 15 senators last December. In November, Sen. Ron Wyden, a Democrat from Oregon, introduced the Consumer Data Protection Act, which would jail CEOs for lying about data protection.
The GAO interviewed Apple, Google and Facebook during its report, as well as internet service providers like Verizon and Comcast. It found that most of them prefer the current model of regulation on data privacy — the one where the FTC cannot fine over violations unless they agreed to a consent decree for a previous violation.
At a Congress hearing last November, the FTC told lawmakers that under the current structure, the agency doesn’t have enough resources to protect consumers from data abuse.
Consumer advocacy groups and former FTC and FCC commissioners told the GAO that this needed to change, with a federal law that would allow penalties for first-time violations. Some called for a new agency specifically for overseeing data privacy.
The government watchdog group recommended Congress create a federal privacy law that would give an agency authority over tech giants, and the ability to punish them for violating these rules.
With the report, Pallone announced a hearing on Feb. 26 to discuss data privacy.
“Congress needs to act, and this hearing is an important first step,” Rep. Jan Schakowsky, the Consumer Protection and Commerce subcommittee chair, said in a statement.
- Government watchdog finds weak enforcement of US privacy regulations
- MacOS Trojan disables Gatekeeper to deploy malicious payloads
- Emotet malware tweaks tactics in fresh attack wave
- Today in thoughtcrime: UK bill makes clicking on ‘terrorism’ links worth a jail term
- State rules complicate push for federal data privacy law
- 'Alexa, are you invading my privacy?' – the dark side of our voice assistants
- South Africa: Dare South Africans Dream Again As They Celebrate Their 23rd Freedom Day?
- Malawi: New Escom Management Worries With 'Nefficiency'
- Panama Papers could cast shadow on Delaware