Sens. John Kerry (D-Mass.), chairman of the U.S. Senate Commerce Subcommittee on Communications, Technology, and the Internet, and John McCain (R-Ariz.), former chairman of the Commerce Committee, today introduced the Commercial Privacy Bill of Rights Act of 2011, which establishes a framework for safeguarding consumer information and behavior online.
Under the bill, companies that collect data and track the online behavior of consumers would be required to implement security measures to protect the information they collect and maintain, and only collect as much information as necessary to complete the transaction. The bill would allow for the collection and use of information for research and development to improve the transaction or service and allow companies to retain it for only a reasonable period of time. Collectors of information would also have to provide clear notice to individuals on their collection practices and the purpose for such collection.
Additionally, the law would grant consumers the right to opt-out of any behavioral tracking of their online activity and require companies or third-party aggregators to obtain their consent for the collection of sensitive personally identifiable information, including information about medical conditions or certain types of financial information. It would also require collectors to provide consumers the ability to access and correct their information, or to request that its use and distribution be stopped.
"John and I start with a bedrock belief that protecting Americans' personal, private information is vital to making the Information Age everything it should be," Kerry said in a statement. "Americans have a right to decide how their information is collected, used, and distributed, and businesses deserve the certainty that comes with clear guidelines. Our bill makes fair information practices the rules of the road, gives Americans the assurance that their personal information is secure, and allows our information-driven economy to continue to thrive in today's global market."
"Consumers want to shop, browse, and share information in an environment that is respectful of their personal information. Our legislation sets forth a framework for companies to create such an environment and allows businesses to continue to market and advertise to all consumers, including potential customers," McCain said in a statement. "However, the bill does not allow for the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing. It is this practice that American consumers reject as an unreasonable invasion of privacy."
The Consumers Union and the Consumer Federation of America immediately issued statements in praise of the bipartisan legislation.
Ioana Rusu, regulatory counsel for the Consumers Union, called the proposed legislation "an important step forward in giving people more control over their personal information online. For the first time, all businesses would have to operate under consistent, mandatory standards for online privacy protection. To us, that's progress.
"As the process moves forward, we want to work with the key stakeholders to provide consumers greater do-not-track protections, as well as protections aimed specifically at teens online," she added.
Susan Grant, director of consumer protection at the Consumer Federation of America, said, "We hope that this is a foundation that we can build on to give consumers the privacy protections they need."
The two groups have long advocated for privacy reforms to give consumers greater choice and control over how their personal online information is tracked and shared.