U.S. Senators John Kerry and John McCain have more in common then being veterans of the Vietnam War and failed presidential bids—and having the first name John. The two have introduced a new bill dubbed the “Commercial Privacy Bill of Rights” (PDF) that would regulate how Internet companies like Facebook, Google, Apple, and Microsoft can collect and user personal data, as well as make it more difficult for companies to clandestinely collect personal and behavioral information about Internet users to establish profiles.
The proposed legislation, which apparently has the backing of the Obama administration, seeks to establish baseline regulations for how commercial enterprises can uniquely identify individuals or their devices. At a basic level, the legislation would require companies to provide clear notice to individuals about their information collection practices and how that information may be used; the bill would also require companies offer both opt-out and opt-in functionality: users would have to opt-in to authorize the collection of personally identifiable information allowed under the act, and be able to opt-out of the collection of information specifically not authorized by the act.
Companies would also be required to provide a clear opt-out mechanism that prevents their personal information from being shared with third parties for use in behavioral advertising. The bill requires companies set up “reasonable procedures” to ensure collected information is accurate, and to hold third parties to contracts that information shared with them will only be used in ways permitted under the bill.
Although the bill provides for the Federal Trade Commission (FTC) and state attorneys general to take action to enforce the bill’s provisions—and the FTC could bring fines of up to $3 million per violation—the proposed legislation explicitly bars private individuals from bringing court action—and that includes class action lawsuits.
The bill represents a compromise of competing interests: Internet companies and digital marketers on one hand, with consumer and privacy advocates on the other. Industry lobbying efforts from the likes of the Interactive Advertising Bureau, Microsoft, Google, and others have warned lawmakers that too-restrictive legislation would hamper their industries, one of the few bright spots of growth in an otherwise struggling economy. Consumer privacy advocates have noted the bill prevents individuals from going after companies and bad actors that violate the bill’s provisions, and the bill omits “Do not track” provisions (supported by the FTC). Others describe the legislation as doing little more than enshrine the current status quo, and being riddled with loopholes and exemptions to appease specific companies—like Facebook.
