Mind Your Own Business Act of 2019

Mind Your Own Business Act of 2019

This bill requires assessments, periodic reporting, and the development of an opt-out process for specified commercial entities that operate high-risk information systems or automated-decision systems, such as those that use artificial intelligence or machine learning. An automated-decision system or information system is considered high risk if it (1) raises security or privacy concerns; (2) involves the personal information of a significant number of people; or (3) systematically monitors a large, publicly-accessible physical location. An automated-decision system is also considered high risk if it (1) may contribute to inaccuracy, bias, or discrimination or (2) facilitates decision-making about sensitive aspects of consumers' lives by evaluating their behavior.

Covered commercial entities must assess such high-risk systems and evaluate the extent to which they protect against the risk of exposing personal information. The bill further requires certain larger commercial entities to submit an annual report for which corporate officers must certify that the entity is in compliance with the Federal Trade Commission's (FTC) implementing regulations. A failure to comply with the reporting requirements is subject to criminal penalties and excise tax.

Among other provisions, the bill requires the FTC to create a web portal for consumers to opt out of data sharing and view their opt-out status. Opting out prevents covered commercial entities from sharing personal information with third parties.

The bill increases the civil penalties for unfair trade practices, which the bill modifies to include practices that involve noneconomic impacts or create a significant risk of exposing personal information.