Kerry, McCain offer bill to protect Web users’ privacy rights
By Cecilia Kang,
Senate lawmakers introduced an Internet privacy bill on Tuesday that would create first-time rules for Facebook, Google and other Web firms that thrive by collecting information about users.
Sen. John F. Kerry (D-Mass.) and Sen. John McCain (R-Ariz.) said their measure aims to protect Internet users by forcing companies to explain how they collect information and what they do with it. The bill would also make it harder for Web sites to target individuals through personally identifiable information and create profiles about them.
The bill’s sponsors, backed by the Obama administration, also sought to take into consideration intense lobbying by such businesses as the Interactive Advertising Bureau, Microsoft and Yahoo, which have warned that broad laws could hamper their ability to prosper online. Similar legislation has been introduced in the House.
“Consumers want to shop, browse and share information in an environment that is respectful of their personal information,” McCain said at a news conference. “Our legislation sets forth a framework for companies to create such an environment and allows businesses to continue to market and advertise to all consumers, including potential customers.”
But some consumer groups immediately criticized the bill as being too weak because it does not include a measure that would prevent Web sites from tracking users through a “do not track” mechanism that has been recommended by the Federal Trade Commission.
If the bill becomes law, companies would be unable to collect identifying information — including names, e-mail addresses and credit-card numbers — without an individual’s consent. Sensitive data about religion, sexual identity and health would also be out of bounds unless the person consents.
Web companies would have to offer users the ability to opt out of data collection entirely, and businesses would have to make it clear how the data are being used.
Companies would be required to make consumer information secure, and the rules would be enforced by the FTC and state attorneys general. When there is a violation of the rules, the FTC could impose fines of as much as $3 million. Private lawsuits, including class-action suits, against companies would be prohibited.
The bill got a generally good reception from industry. “We appreciate that this legislation . . . allows for flexibility to adapt to changes in technology,” said a joint statement by Intel, Cisco, eBay and Hewlett-Packard. “The bill also strikes the appropriate balance by providing businesses with the opportunity to enter into a robust self-regulatory program.”
But privacy advocate Jeffrey Chester, executive director of the Center for Digital Democracy, said consumers need limits on how long a company can store their data and how that information can be used.
“This doesn’t get us much further from where we are today, which is with no rules,” Chester said.