The Boucher Bill is still under review, even after being met with heavy criticism earlier this year. The bill, which was dubbed the “Best Practices Act,” is a comprehensive framework that intends to regulate the protection of consumer data.
The Boucher Bill is set to right what some believe is a “gap” in the regulation of collection and use of personal data. Right now, there is no national legislation governing how companies tell consumers that they are collecting data, but companies post privacy notices because a California law requires it, and for most companies it is difficult to separate California consumers from non-California consumers. On the other hand, companies such as Google and Facebook are constantly scrutinized for not posting adequate privacy policies, or otherwise failing to address what exactly they are doing with the data that these Internet giants collect via the web. The bill attempts to clarify these questions and provide a framework for any company that collects personal data from consumers.
The notice requirements would not apply to personal information that is collected by any means that does not utilize the Internet. This means that data collected at a trade show or via a sales event may not be covered by the bill. The notice requirements also do not apply to information that is collected for a transactional purpose or operational purpose, or that consists solely of a first name or initial and last name, a postal address, a telephone or fax number, and/or an email address, and is part of a first party transaction. At this point, this appears to exempt the routine web logs or session cookies that are collected and necessary for the functioning of the website, but a question remains whether these limitations would include personal information, such as name and billing information, if this information is used for no other purpose but to effectuate the transaction.
The reactions to the Boucher Bill thus far have been negative, with companies complaining that it is overly broad and that the opt-in requirements would prevent the free-flow of information that has made operating businesses online effective and consumer friendly.