Congressman Rick Boucher (D-Va.) and Cliff Stearns (R-Fla.) — who are Chairman and Ranking Member of the Subcommittee on Communications, Technology, and the Internet of the U.S. House Committee on Energy and Commerce –Â have released a discussion draft (pdf) and an executive summary (pdf) of a bill concerning privacy protections for consumers both online and offline. In their press release, Boucher said, â€œOur legislation confers privacy rights on individuals, informing them of the personal information that is collected and shared about them and giving them greater control over the collection, use and sharing of that information.” Stearns said, â€œI have been working for years to enact meaningful privacy protection legislation and this draft is advancing the process. While I may not support everything in the current draft bill, it is important to get the input of stakeholders. I look forward to working with Chairman Boucher to improve upon his hard work.”
It was just released, so I haven’t had time to review it. I’ll write more later. Here are guidelines that Privacy Lives and other groups recommend.Â And here’s info from the one-page executive summary for the Boucher-Stearns bill:
Online advertising supports much of the commercial content, applications and services that are available on the Internet today without charge, and this legislation will not disrupt this well established and successful business model. It simply extends to consumers these baseline privacy protections:
Collection and use of information: As a general rule, companies may collect information about individuals unless an individual affirmatively opts out of that collection. Opt-out consent also applies when a website relies upon services delivered by another party to effectuate a first party transaction, such as the serving of ads on that website.
No consent is required to collect and use operational or transactional dataâ€”the routine web logs or session cookies that are necessary for the functioning of the websiteâ€”or to use aggregate data or data that has been rendered anonymous.
Companies need an individualâ€™s express opt-in consent to knowingly collect sensitive information about an individual, including information that relates to an individualâ€™s medical records, financial accounts, Social Security number, sexual orientation, government-issued identifiers and precise geographic location information.
Disclosure of information to unaffiliated parties: An individual has a reasonable expectation that a company will not share that personâ€™s information with unrelated third parties. If a company wants to share an individualâ€™s personally-identifiable information with unaffiliated third parties other than for an operational or transactional purpose, the individual must grant affirmative permission for that sharing.
Many websites work with third-party advertising networks, which collect information about a person or an IP address from numerous websites, create a profile and target ads based on that profile. The bill creates an exception to the opt-in consent requirement for third-party information sharing by applying opt-out consent to the sharing of an individualâ€™s information with a third-party ad network if there is a clear, easy-to-find link to a webpage for the ad network that allows a person to edit his or her profile, and if he chooses, to opt out of having a profile, provided that the ad network does not share the individualâ€™s information with anyone else.
Implementation and enforcement: The Federal Trade Commission would adopt rules to implement and enforce the measure. States may also enforce the FTCâ€™s rules through State attorneys general or State consumer protection agencies.