A draft of a bill from Sens. John Kerry (D-Mass.) and John McCain (R-Ariz.) suggests that the Federal Trade Commission be given rulemaking authority when it comes to privacy issues.
The bill was posted by Hogan Lovells law firm on Wednesday.
The proposed “Commercial Privacy Bill of Rights Act of 2011” would charge the FTC with making privacy regulations and requiring companies to allow consumers to opt out of having their data used by third parties. It would also allow the FTC to require companies to provide notice about their collection of data and allow the FTC to host a Web site that allows consumers to opt out of online behavioral targeting.
Under the measure, companies would have to get consent from consumers before collecting sensitive data, which the bill defines as information “which if lost, compromised, or disclosed without authorization could result in harm to an individual.”
The bill defines personally identifying information as including addresses, e-mail addresses that include names, telephone numbers, credit card accounts, biometric data, birth information and geolocation data . It also lists “unique persistent identifiers,” such as computer cookies that hold personal information.
In a summary of the bill, Christopher Wolf, director of privacy and information management at Hogan Lovells, said the measure would “impose major and significant new obligations on businesses dealing with personal information.”
Additionally, Wolf wrote, the bill directs the Commerce Department to encourage companies to “to develop codes of conduct” supporting Safe Harbor programs, work to promote cooperation between the U.S. commercial data privacy framework and other existing framework and “conduct research to improve privacy protection under the Act.”