Senators John Kerry and John McCain have introduced proposed legislation for a "Privacy Bill of Rights" to prevent data collectors from misusing Americans' private information.
The bill lays out a code of conduct for handling a user's identifying information in an effort to keep unscrupulous actors from stirring up privacy concerns. It would be the first comprehensive privacy legislation to be enacted.
Senator Kerry released the following statement regarding the bill:
John [McCain] and I start with a bedrock belief that protecting Americans' personal, private information is vital to making the Information Age everything it should be. Americans have a right to decide how their information is collected, used, and distributed and businesses deserve the certainty that comes with clear guidelines. Our bill makes fair information practices the rules of the road, gives Americans the assurance that their personal information is secure, and allows our information driven economy to continue to thrive in today's global market.
Acknowledging that businesses can use such information in advertising and marketing without crossing the line, the legislation seeks to draw a distinction between reasonable uses of certain data and unreasonable invasions of privacy.
One provision of the bill guarantees the user's security by requiring accountability from information collectors, who will be required to protect the information they gather and to clearly indicate to consumers why they are collecting such information.
The Kerry-McCain proposal also mandates that collectors provide a clear option for users to "opt-out" from the collection of potentially sensitive personal data, as well as personal information not explicitly sanctioned for collection by the bill.
The legislation also stipulates that data collectors would be required to collect only the information they needed to deliver their service, or for research regarding the service, and to keep such data for a limited time. The same would apply to third-party companies that might obtain the data.
The bill makes provisions for enforcement, as well. State Attorneys General and the FTC would have the power to enforce the legislation, though not simultaneously, while private lawsuits based on this law would be prohibited. Additionally, companies could potentially design "safe-harbor" programs to comply with legislation.
The bill does not include a do-not-track provision that would let consumers stop companies from tracking their web activity, a measure that companies including Microsoft, Google, and Mozilla have already begun to roll out in their browsers.
HP, Microsoft, eBay and Intel issued a statement expressing their support for the bill, saying they believe such legislation "will support business growth, promote innovation and ensure consumer trust in the use of technology."
However, Consumer Watchdog, the Center for Digital Democracy, Consumer Action, Privacy Rights Clearinghouse and Privacy Times put out their own letter stating they could not support the bill in its current form, listing the lack of a Do Not Track mechanism, special interest treatment of social media marketers, and denial of private action against violations as some of their reasons for opposition.