Senator John Kerry of Massachusetts and Senator John McCain of Arizona on Tuesday made a bipartisan call for new legislation to protect consumer privacy on the Internet.
In introducing the Commercial Privacy Bill of Rights Act of 2011, Mr. Kerry cited the 107 trillion e-mails that were sent last year and the nearly 600 million Facebook users as proof of how much consumers used the Internet.
“Every single day each of us produces a staggering amount of personal information on the Internet,” Mr. Kerry said in a news conference with reporters. “That journey can be tracked, it can be stored and it can be shared on an almost unimaginable scale.”
The privacy “rights” would ensure that companies that collected data implemented security measures to protect that data. It would also require companies to provide consumers with notice about what data were being collected and allow them to opt-out if they chose.
The legislation also would require consumers to opt-in to the collection of sensitive information like their medical condition or religious affiliation. Users would also be able to access and correct the information that had been collected about them or request that companies cease to use or distribute that information.
The bill also seeks to limit the amount of data that can be collected on any one consumer by requiring that companies only gather what is needed to perform a specific transaction for a specific amount of time.
The proposed legislation received mixed reaction from advertisers, technology companies and consumer advocates, many who were still sorting through the details on Tuesday.
While consumer advocacy organizations like the Consumer’s Union and the Consumer Federation of American supported the proposal, a separate contingent of consumer privacy advocates — including Consumer Watchdog and the Center for Digital Democracy — applauded the bipartisan effort, but said more could be done.
In a letter to the senators, the advocates said the bill should require and enforce a “do not track” mechanism and place stronger controls on social networking sites like Facebook.
Mr. Kerry said “do not track,” which also was advocated by the Federal Trade Commission in a December report on privacy, “didn’t seem to fit into our ability to get the balance between consumer support and industry support that we were able to get.” As the bill makes the rounds, “it may well be one of the amendments that we continue to talk about,” he said.
One issue of concern to both the Direct Marketing Association and the Interactive Advertising Bureau was allowing consumers to access and correct their data from marketing databases.
“In order to allow access and correction you probably need more privacy controls rather than fewer,” said Linda Woolley, the executive vice president of Washington operations at the Direct Marketing Association. Accessing and correcting data would be expensive and would require a user to authenticate who they were almost as if they were logging into a bank account, she said.
Mike Zaneis, senior vice president and general counsel at of the Interactive Advertising Bureau, called that level of access for consumers problematic, “requiring possibly 1.1 million Web sites to comply with an unnecessary provision would be unduly expensive and wasteful.”