Congress has begun considering issues that implicate online privacy. On April 23, 2009, the House Energy and Commerce Subcommittee on Communications, Technology and the Internet held a hearing to consider the impact on consumer privacy of using certain online technologies, including deep packet inspection technology, for advertising purposes. The hearing covered the privacy implications arising from advertising practices and addressed issues of transparency, informed consent, and the appropriate regulatory approach to privacy concerns. Then, on May 5, 2009, the House Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection held a hearing to consider H.R. 2221, the Data Accountability and Trust Act, and H.R. 1319, the Informed P2P User Act. This hearing focused on securing consumer data. H.R. 2221 would create a federal standard for data breach notification and would require companies that possess electronic data containing personal information to take steps to secure it. H.R. 1319 would require peer-to-peer software providers to disclose that an installed program could make a consumer’s files available to others. A stated purpose of H.R. 1319 is to prevent inadvertent disclosure of information on a computer.

I. House Subcommittee Hearings

Rep. Boucher (D-VA), during the April 23rd hearing, and Rep. Rush (DIL), during the May 5th hearing, both pledged to hold a joint subcommittee hearing on online privacy in mid-June, which they indicated will be the first in a series of hearings to consider consumer privacy issues. The June hearing will likely focus on online privacy issues.

II. Privacy Legislation

Rep. Boucher is expected to introduce privacy legislation based on a bill he previously introduced with Rep. Stearns (R-FL) during the 109th Congress. In a May 6, 2009, speech to the Computer & Communications Industry Association, Rep. Boucher indicated that the new bill is likely to cover offline as well as online data collection and transfers. Rep. Boucher also stated that the bill will require companies to allow consumers to “opt-out” of first party information uses, and to obtain a consumer’s “opt-in” consent for transfers of information to third parties. The Stearns-Boucher privacy bill introduced in the 109th Congress contained, among other provisions, requirements for data collection organizations to adopt a privacy policy statement to be made available to consumers, and to deliver an initial privacy notice at the point of collecting personally identifiable information for a purpose other than the transaction at hand.