CEOs who lie about misusing consumers’ data could face up to 20 years in jail under a new piece of US legislation proposed last week.

The Mind Your Own Business Act, authored by Senator Ron Wyden, would jail top executives for 20 years if their companies were found lying about misusing citizens’ information.

The legislation follows a draft version known as the Consumer Data Protection Act, released for consultation on 1 November 2018.

The bill requires companies to submit annual data protection reports confirming that they’ve complied with the regulations, and explaining any shortcomings. This applies to any companies holding data on more than 50m people, or over a million people if they make more than $1bn in revenue.

The CEO or chief privacy officer must personally certify that annual report. If they deliberately certify something that isn’t true, then the courts can fine them up to $5m, or a quarter of the largest payment they received from the company across the last three years. They can also face up to 20 years in prison.

Companies would have to describe to consumers what information they were collecting and what they were going to do with it. They would also have to provide a site that enables consumers to opt out of any personal data collection, either through a web form or an application programming interface (API) which would let them do this via a piece of software, like a mobile app.