Two leading U.S. senators introduced bipartisan privacy legislation Tuesday to safeguard consumer information online, aiming to prevent the misuse of personal data while not squelching the advertising that fuels the Internet economy.
Sens. John Kerry (D-Mass.) and John McCain (R-Ariz.), who both have a history of working on technology issues, said their Commercial Privacy Bill of Rights would protect Americans' personal information as it is increasingly shared between online companies.
"Right now there is no law protecting the information that we share. Companies can harvest our personal information online and keep it for as long as they like it," Kerry told reporters in Washington. "They can sell it without asking permission, or even letting you know that they're selling your own information. You shouldn't have to be a computer genius in order to be able to opt out of information sharing."
The bill would give consumers certain rights concerning their online data, and require companies to take steps to protect the data and obtain permission to share it.
Companies that collect consumer data would have to provide clear notice on their practices.
Those would include requiring consumers to provide clear consent — known as opt-in — for the collection of "sensitive, personally identifiable information." Companies also would have to allow consumers either to access and correct their information or request that the information not be used or distributed.
The legislation would allow the Federal Trade Commission to approve so-called "safe-harbor" programs — voluntary efforts that companies could design and establish on their own to comply with the legislation.
The bill also would require state attorneys general to back off on enforcing the legislation when the FTC steps in to take action against a violator. And Kerry and McCain would prohibit private lawsuits based on the law.
The senators said they were trying to strike the right balance.
"Our bill seeks to respect the ability of businesses to advertise and market and recruit new customers while also respecting consumers'[ personal information," McCain said, noting that many consumers enjoy receiving targeted advertisements and visiting websites that are free because they are supported by ads. "But consumers must have control over how their data is used when it is transferred to an unknown third party."
Kerry and McCain said that Microsoft Corp., Intel Corp. and EBay supported the bill, as did some consumer groups. The Obama administration has called for Congress to pass comprehensive online privacy legislation.
Noticeably missing from the bill is a requirement for a do-not-track mechanism in Web browsers, similar to the do-not-call list for telemarketers, that would give consumers the ability to stop companies from tracking their online movements. Kerry and McCain said they anticipated that other senators might try to add such a requirement, but they felt the opt-in requirements on companies were sufficient to protect consumer information.
In a letter to the senators, five consumer groups said they welcomed the new legislation, one of several privacy bills introduced or expected this year. But they said the Kerry/McCain legislation was "insufficient" to protect consumers and needed to be strengthened.
"We strongly believe that any privacy bill should direct the Federal Trade Commission to require and enforce a 'Do Not Track Me' mechanism," said the letter from Consumer Watchdog, the Center for Digital Democracy, Consumer Action, Privacy Rights Clearinghouse and Privacy Times. "Consumers should have the right to use the Internet and mobile devices with confidence that their privacy choices are respected, and with anonymity if they choose."