A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
CONTENTS:
(1) Sen. Hollings Introduces Privacy Legislation
(2) Bill Includes Fair Information Practices; Distinguishes between Sensitive and Non-sensitive Data
(3) Hearing Scheduled for April 25, 2002
In an important step toward instituting consumer privacy protection in federal law, Senator Ernest F. Hollings (D-SC) introduced on April 16 his long-awaited Online Personal Privacy Act, a bill to protect the privacy of individuals who use the Internet. CDT welcomes the introduction of the bill as reinvigorating the privacy debate and reaffirming that consumer privacy in the digital age remains a critical issue in the wake of September 11. CDT has consistently argued that, in addition to industry self-regulation and privacy enhancing technologies like the Platform for Privacy Preferences (P3P), federal legislation establishing workable and enforceable baseline standards is part of a comprehensive solution to the legitimate privacy concerns of Internet users.
Hollings chairs the Senate Commerce Committee, which will have jurisdiction over the bill. Co-sponsoring the bill are most of the Democrats on the Committee and two of its senior Republicans: Senators Breaux (D-LA), Burns (R-MT), Carnahan (D-MO), Cleland (D-GA), Inouye (D-HI), Kerry (D-MA), Nelson (D-FL), Rockefeller (D-WV) and Stevens (R-AK). The ranking Republican, Sen. John McCain (R-AZ), has refrained from co-sponsoring the legislation, but is believed to favor certain elements of the bill.
The Hollings bill is available in PDF at http://www.cdt.org/legislation/107th/privacy/oppa.pdf
The Hollings legislation incorporates the basic elements of fair information practices - long standing guidelines for collecting and handling information about individuals. The provisions of the bill include:
In addition, sites would be required to notify users upon making a change in their privacy policy, and could not change their information collection or use practices unless users have been given a chance to consent to the use of their information under the new policy. States would be empowered under the legislation to bring a civil action against sites to stop any practice in violation of the legislation, to enforce compliance and to obtain damages on behalf of residents of the state.
The bill only relates to online privacy - on the theory that the Internet poses unique issues of data collection and disclosure meriting separate treatment, it does not address data collection and sharing in offline contexts.
Several of the provisions, particularly the access requirements and the private right of action, are likely to meet with resistance from industry, while some privacy advocates are likely to argue that the bill does not go far enough. A hearing on the legislation is scheduled for April 25, 2002 before the Senate Commerce Committee. Witnesses expected to testify include Marc Rotenberg of EPIC, Frank Torres of Consumers Union, and representatives of Hewlett-Packard, Amazon.com, and the financial services industry.
For further resources about the consumer privacy debate, go to CDT's privacy page at http://www.cdt.org/privacy/
Links to other privacy legislation in Congress are at http://www.cdt.org/legislation/107th/privacy/
Information about how to better protect your privacy now is at the Consumer Privacy Guide, a resource created by CDT and other privacy and consumer advocates, http://www.consumerprivacyguide.org , and at the Privacy Toolbox: http://www.privacytoolbox.org
Detailed information about online civil liberties issues may be found at http://www.cdt.org/.
This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_8.08.shtml.
Excerpts may be re-posted with prior permission of ari@cdt.org
Policy Post 8.08 Copyright 2002 Center for Democracy and Technology
