Policy Post 6.14 | McCain Introduces S. 2928 To Improve Notice And Choice

CDT POLICY POST Volume 6, Number 14 August 10, 2000

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY

CONTENTS:
(1) McCain Introduces S. 2928 To Improve Notice And Choice
(2) FTC Unanimously Commends NAI Self-Regulatory Principles
(3) S. 2898 Introduced To Prevent "Blatant Invasion" of Employee Privacy
(4) Microsoft Tests Cookie Control Features for Internet Explorer

____________________________________________________________

(1) MCCAIN INTRODUCES S. 2928 TO IMPROVE NOTICE AND CHOICE

On July 26, Senator McCain (R-AZ) introduced the Consumer Internet Privacy Enhancement Act. The bill represents another in a series of congressional efforts to address wide-spread concerns regarding online privacy policies. S. 2928 requires commercial Web sites to provide "clear, conspicuous and easily understood" notice, which must include a description of "opt-out" procedures and consequences. It also prohibits the collection of personal information unless consumers are given the choice to "opt-out" of disclosure and use beyond the primary purpose. Senator Kerry (D-MA), Senator Abraham (R-MI) and Senator Boxer (D-CA) co-sponsored the legislation.

S. 2928 addresses two of the central problems associated with online personal data privacy: the prevailing lack of clear and conspicuous notice and online companies' failure to provide meaningful choices with respect to the collection, use and disclosure of personal data. However, as Senator McCain recognized in his introductory remarks, S. 2928 does not address a number of serious privacy concerns. Those include the covert use of Internet technologies that aid companies in their profiling efforts, consumers' inability to access their personal information, and the lack of consistent security measures that protect the confidentiality and integrity of personal data.

CDT will work to improve the Consumer Internet Privacy Enhancement Act. The pre-emption clause of the legislation, for instance, represents a substantial concern: it is undesirable for individual states to perceive the Act's provisions as a floor and a ceiling on data privacy protection. Another central weakness is the bill's lack of an access provision, which would require online companies to provide consumers with the ability to view and correct the personal information that has been collected. CDT insists that legislation designed to protect consumer privacy be based on the widely accepted Fair Information Practices.

____________________________________________________________

(2) FTC Unanimously Commends NAI Self-Regulatory Principles

On July 27, the FTC issued the second part of its Online Profiling report to Congress. In the report, the Commissioners joined the Clinton Administration in declaring their unanimous support of the NAI set of industry guidelines for Online Preference Marketing (OPM). The NAI Self-Regulatory Principles for OPM commit its members, which include DoubleClick, AdKnowledge and MatchLogic, to information practices that prohibit the use of sensitive personal, medical and financial data for OPM, require "opt-in" for the merger of personally identifiable information (PII) with previously collected non-personally identifiable information (non-PII) and require that consumers be given notice and the ability to "opt-out" of identifiable tracking.

While the NAI principles represent a step forward, they do not provide adequate privacy protection to consumers. CDT will release a detailed analysis of online profiling and the NAI principles before Congress resumes session in August.

____________________________________________________________

(3) S. 2898 Introduced To Prevent "Blatant Invasion" of Employee Privacy

On July 20, Senator Charles Schumer (D-NY) introduced the Notice of Electronic Monitoring Act that addresses the widespread business practice of surreptitiously monitoring employees' electronic communications. The legislation requires employers to provide detailed notice of electronic monitoring -- i.e., the type of computer monitored, the kind of information obtained, procedure of access and storage of obtained information, the frequency of monitoring -- as individuals are hired and annually thereafter. In the House, the bill is supported by Reps. Canady (R-FL) and Barr (R-GA).

The bill's requirement of conspicuous notice is an important step in the direction of employee protection. Privacy invasive practices and technologies, if used without employee awareness, greatly violate individuals' reasonable expectation of privacy in the workplace environment. The requirement of conspicuous notice is an essential component of privacy protection in the age of electronic information and communication.

____________________________________________________________

(4) Microsoft Tests Cookie Control Features for Internet Explorer

On July 20, Microsoft announced its plan to test new cookie management software within its Internet Explorer browser. Internet cookies are small lines of unique computer code, automatically placed on your hard drive by an online company, that your browser saves and sends back to the Web server when you revisit a Web site. Microsoft's new features provide Internet users with notice when sites send cookie files, allow users to easily eliminate stored cookies with a "delete all cookies" button from the browser's main "internet options" page, and enable differentiation between first- and third-party cookies. (First-party cookies are those set by the online company whose Web site a user visits; third-party cookies are set by "third parties" such as the original company's affiliates and network advertisers.)

CDT looks forward to participating in Microsoft's beta testing of the cookie management features when the public version is released. Web user's awareness of and control over the use of first- and third-party cookies that track and monitor online behavior is a step that will increase privacy on the Internet. We encourage users of Internet Explorer to participate in Microsoft's testing of its privacy-enhancing software.

_____________________________________________________________

Detailed information about online civil liberties issues may be found at http://www.cdt.org/.

This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_6.14.shtml.

Excerpts may be re-posted with prior permission of ari@cdt.org