A long-awaited, bipartisan bill on online privacy has been introduced in the U.S. Senate. If enacted, what would it mean for Internet users and their privacy?
First, the bill would create the nation’s first ever, comprehensive “online privacy bill of rights” to protect online consumers. Second, it would require companies to keep the personal information of users safe from hackers.
Those are just two elements of the “Commercial Privacy Bill of Rights Act of 2011” introduced Tuesday by Democratic Sen. John Kerry (Mass.) and Republican Sen. John McCain (Ariz.).
Their bill, if it becomes law, would also require companies to tell consumers why data is being collected, whom it will be shared with and how it will be safeguarded, as well as provide consumers with an ‘opt-out’ option to not have their information collected.
“Americans have a right to decide how their information is collected, used, and distributed and businesses deserve the certainty that comes with clear guidelines,” Kerry said in a statement. “Our bill makes fair information practices the rules of the road, gives Americans the assurance that their personal information is secure, and allows our information driven economy to continue to thrive in today’s global market.”
Kerry first began work on privacy legislation last summer as a companion to bills already introduced in the U.S. House by Reps. Jackie Speier (D-Calif.) and Bobby Rush (D-Ill.).
The bill’s rules would apply to any company or nonprofit organization that collects information about consumers, over the Internet or otherwise, including search engines, telephone companies and cable companies.
They would also apply to any data that is unique to a person, like name, physical address, email address, telephone number, Social Security number and credit card numbers. Current laws cover only the user of certain types of personal data such as financial and medical information.
Sen. McCain stressed that the bill allows companies to still market and advertise to consumers, but “does not allow for the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing.”
State attorney generals and the Federal Trade Commission (FTC) would be in charge of enforcing the bill’s provisions, which are largely in line with those proposed last month by the Obama administration.
The legislation met with mixed reaction.
Sen. Kerry indicated at a news conference that the measure had support from big technology companies.
“These companies agree with us that it doesn’t just make good business sense to protect their customer; they know it’s the right thing to do,” he told reporters.
Meanwhile, a coalition of consumer groups and privacy advocates said in a letter to the senators that the legislation needs to be “significantly strengthened if it is to effectively protect consumer privacy rights in today’s digital marketplace.”
“We cannot support the bill at this time,” said the letter signed by the Center for Digital Democracy, Consumer Action, Consumer Watchdog, Privacy Rights Clearinghouse and Privacy Times.
And the advertising industry took a seemingly proactive and defensive step when its national trade association, the 4A’s, announced the day before the bill’s introduction that it was creating its own privacy committee to better monitor and improve the industry’s self-regulation efforts.
The 15-member group, to be led by John Montgomery, chief operating officer of GroupM Interaction, will meet every six weeks to address Internet privacy issues as they relate to advertising.
“One of the key topics to be covered is the current call for privacy legislation that lawmakers say will protect the collection of personal information about consumers that could be used for marketing purposes,” the 4As said in announcing the committee.