Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) introduced a new consumer privacy bill to the Senate, the Consumer Privacy Bill of Rights Act of 2011, the first piece of bipartisan privacy legislation introduced this session.
Unlike other pending legislation, the law does not include a do-not-track provision, but requires companies to inform consumers about their online information collection practices and allow them to opt out of behavioral targeting. The legislation covers entities that collect, use, transfer or store covered information – defined as unique identifier information and personally identifiable information like names, addresses, e-mail addresses, and phone numbers – of more than 5,000 individuals over a consecutive 12-month period.
The proposed bill would also require consumers to opt in affirmatively before companies can collect both personally identifiable information and sensitive information – defined as information that carries a significant risk of economic or physical harm, or relates to a medical condition, health record, or religious affiliation. The legislation does not provide for private rights of action, although both the Federal Trade Commission and state attorneys general have enforcement authority.
Most importantly, the bill allows the FTC to approve a safe harbor program overseen by nongovernmental organizations. The program would have to achieve protection at least as rigorous as that provided in the bill.
One day later, Rep. Cliff Stearns (R-Fla.) introduced another piece of privacy legislation in the House, the Consumer Privacy Protection Act of 2011. Under his bill, companies that collect “personally identifiable information” – names, e-mail addresses, and phone numbers – must post their privacy policies and allow consumers to opt out of the sale or use of their information. The legislation joins the Do Not Track Me Online Act and Rep. Rush’s Best Practices Act, a repeat proposal from last legislative session, but specifically excludes the use of “anonymous or aggregate data” from coverage.
To read the Consumer Privacy Bill of Rights Act of 2011, click here.
To read the Consumer Privacy Protection Act of 2011, click here.
Why it matters: Of the privacy legislation introduced to Congress to date, Sens. Kerry and McCain’s bill has several advantages that include its bipartisan sponsorship, its status as the only privacy bill currently pending in the Senate, and the fact that it tracks many of the points raised by the Obama Administration in support of a federal privacy law. The bill also received support from companies like Microsoft, HP, and eBay. Others, however, expressed concern about the proposed legislation. Linda Woolley, a Direct Marketing Association vice president, told the Christian Science Monitor that her organization “is wary of any legislation that upsets the information economy without a showing of actual harm to consumers.” And Mike Zaneis, head of public policy for the Interactive Advertising Bureau, told AdAge that the bill “provides the FTC with far too much discretion in drafting and implementing rules.”