On April 13, 2011, Representatives Cliff Stearns (R-FL) and Jim Matheson (D-UT) introduced privacy legislation that seeks to ensure that consumers have greater control and are better informed on the collection and use of their personal information. The Consumer Privacy Protection Act of 2011 would provide consumers with control over certain uses of personal information collected online and offline. Protections under the bi-partisan Stearns-Matheson bill include consumer notice requirements and the ability for consumers to limit disclosures of personal information to third parties.
The bill contains many provisions consistent with the Commercial Privacy Bill of Rights Act of 2011, introduced in the Senate by Senators Kerry (D-MA) and McCain (R-AZ) on April 12, 2011. Both bills would be enforced by the Federal Trade Commission (FTC), include a self-regulatory ‘safe harbor’ framework, permit the FTC to seek civil penalties for violations, preempt similar state laws, and exclude a private right of action. Contrary to the Kerry-McCain bill, the Stearns-Matheson bill does not cover certain telecommunications providers within its scope. Additionally, civil penalties under the Stearns-Matheson bill are set at double the amount permitted under the FTC Act (for a total of $32,000 per violation) with a maximum civil penalty of $500,000. The potential civil penalties under the Stearns-Matheson bill are greater per violation, but less overall, than the civil penalties proposed in the Kerry-McCain bill.