Photo: wb77/Shutterstock.com

Intel Corp. released a proposal for a federal bill on data privacy this week that it hopes will spur discussion on collection, use and sharing of consumers' personal information in the U.S. and lead to more uniform legislation on data security and privacy.

“The collection of personal information is a growing concern. The US needs a privacy law that both protects consumer privacy and creates a framework in which important new industries can prosper,” David Hoffman, Intel's associate general counsel and global privacy officer of the Santa Clara-based company said in the news release announcing the proposal. “Our model bill is designed to spur discussion that helps inspire meaningful privacy legislation.”

The bill proposed by the technology company would allow the U.S. Federal Trade Commission (FTC) to impose fines on noncompliant entities up to $1 million in criminal fines and would not allow someone to be imprisoned for more than 10 years. As far as civil penalties are concerned, there would be a cap of $1 billion for companies found to not be in compliance. The proposal indicates that those companies that would be affected by the bill, those that collect the information of over 5,000 people, should not process information that is not relevant to the company's specific purpose.

Unlike a data protection bill recently introduced by U.S. Sen. Ron Wyden, D-Oregon, the Intel proposal would cover most companies. Wyden's bill, the Consumer Data Protection Act of 2018, would only cover companies with $1 billion in revenue per year or those that collect the personal information of 50 million people or more. Both bills call for prison terms of executives of companies that fail to comply with the regulatory standards the FTC would set out in the event the bills are passed.

Currently, a patchwork of state and federal sector-specific laws govern data protection in the U.S. Demand for federal regulation in the U.S. has been increasing following the European Union's enactment of the General Data Protection Regulation.

Susanna McDonald, the chief legal officer of the Association of Corporate Counsel, said Friday that she did not have any opinions on the specifics of the Intel proposal. She did, however, say that 69 percent of ACC members would favor some form of federal, uniform regulations around cybersecurity. McDonald said, however, the ACC would want any kind of legislation to not be unduly burdensome to smaller companies.

“Our counsel would be interested in legislation that clear, actionable and not unduly burdensome,” McDonald said. “What would work for Intel may not work for everyone.”

Bart Lazar, a partner at Seyfarth Shaw in Chicago, said he would like to see something in the bill address what happens in the event of a data breach, which it does not. However, overall, he said it appears to be a solid outline with a few unknowns.

“The devil is going to be in the details,” Lazar said. “The burden would be on the FTC [if this were adopted and passed] to adopt regulations, and we don't know what those would be.”

One of the parts of the proposed bill Lazar questioned was the idea that executive officers of companies must certify to the FTC that they will do a compliance check on all of their third-party vendors every year.

“Does that mean that every company with a Facebook account has to do a privacy assessment?” Lazar questioned. “What would be good enough for an officer of a company to put themselves on the line when maybe they have 10,000 service providers?”

The proposed bill also includes a “safe harbor” clause which indicates that companies will not be subject to penalties as long as a corporate officer certifies in writing to the FTC that is has “conducted a thorough review of compliance with this Act.”

Intel is currently accepting feedback on the proposed bill on its website.

Read More: U.S. Senator Proposes Data Protection Bill