MediaPost reports on a draft privacy bill from Sen. John Kerry (D-Mass.):
A draft of privacy legislation floated by Sen. John Kerry (D-Mass.) would give the Federal Trade Commission authority to craft privacy regulations and to operate a Web site where consumers can opt out of online behavioral targeting. The potential measure would generally require companies to notify consumers about the collection of their data, and also allow them to opt out of having data used by third parties, like ad networks.
Industry self-regulatory standards generally call for companies to notify consumers about online online behavioral targeting — or serving ads to Web users based on the sites they have visited in the past — and allow them to opt out. However, those standards are voluntary. Kerry’s bill would impose “major and significant new obligations on businesses dealing with personal information,” says Future of Privacy Forum Co-Chair Christopher Wolf in a written analysis of the bill. […]
The bill would apply to a broad swath of data about consumers, including not only names and phone numbers but also email addresses, if they include names, customer numbers held in cookies and unique device identifiers.
In its current form, the bill requires companies to obtain users’ explicit opt-in consent before collecting “sensitive” data, defined expansively as personal information that “if lost, compromised, or disclosed without authorization could result in harm to an individual.”
The bill, which currently names Sen. John McCain (R-Ariz.) as co-sponsor, apparently remains a work-in-progress. But some provisions in the current version are virtually certain to be opposed by privacy advocates. For instance, the measure would preempt many state laws. Additionally, consumers wouldn’t be allowed to file private lawsuits to enforce the bill.