Published by LawTechie - April 14, 2011 - LawTechie

Members of the US Senate and House have introduced four new online privacy bills which range from weak to strong on the issue of personally identifiable information.

Rep. Cliff Stearns (R-Fla.):

Stearns’ measure would not require companies engaged in cookie-based behavioral targeting to notify consumers about online data collection and allow them to opt out. Instead, the Consumer Privacy Protection Act of 2011 would only impose new requirements on companies that collect “personally identifiable information” like names, email addresses, phone numbers.

Rep. Jackie Speier (D-Calif.):

Rep. Jackie Speier (D-Calif.) recently proposed the Do Not Track Me Online Act, which would enable the Federal Trade Commission to issue regulations ensuring that consumers can opt out of online data collection by companies engaged in interstate commerce.

Rep. Bobby Rush (D-Ill.):

[R]equires Web sites to obtain users’ permission before sharing their personal information with third parties… calls for users to explicitly consent to the data transfer, unless the companies collecting the information participate in an opt-out program operated by industry groups.

These are in addition to the bill introduced in Senate yesterday by Senators John Kerry and John McCain. Their bill is the strongest of the bunch. According to Reuters it “would require companies to tell consumers why data was being collected, whom it would be shared with and how it would be safeguarded. Companies collecting data must also allow consumers to opt out of some data collection and they must agree, or opt in, to the collection of sensitive data like medical conditions. The bill would also press businesses to collect only the information needed for any particular transaction.”

Stearn’s bill, while the weakest in terms of general data collection, does provide protection for personally identifiable info which is on par with the strength of the other bills. Arguably, the other bills which seek to limit the collection of general (read: not personally identifiable info) tend to overreach beyond companies’ current capabilities of allowing users to opt out of general cookies without breaking normal website functionality (e.g., most e-commerce shopping carts would not work or would be extremely annoying to use without cookies).

The bill, if it becomes law, would require companies to tell consumers why data was being collected, whom it would be shared with and how it would be safeguarded.

Companies collecting data must also allow consumers to opt out of some data collection and they must agree, or opt in, to the collection of sensitive data like medical conditions.

The bill would also press businesses to collect only the information needed for any particular transaction.

LawTechie is a blog focusing on trends in tech and digital media. Areas covered include intellectual property, cyberlaw, venture capital, transactions and litigation as they relate to the emerging sectors. The blog is edited by the firm's partner Tim Bukher with contributions from the firm's experts in their respective areas of law.

Contact

Enter your email to get started.