A House bill was introduced Monday that would require companies to get Web surfers' permission to collect sensitive information--health, finances--or share less sensitive (but still personal) information with third parties. It would require an opt-out regime for other personal information collection.
Sensitive information that would trigger opt-in would also include race or ethnicity and Social Security numbers.
The bill, dubbed the "Best Practices Act," was introduced by Rep. Bobby Rush (D-Ill.), chairman of the House Commerce Subcommittee on Commerce, Trade, and Consumer Protection. The subcommittee has scheduled a July 22 hearing on the bill, as well as a draft of a similar bill introduced by Reps. Rick Boucher (D-Va.), chairman of the Communications Subcommittee, and Communications Subcommittee ranking member Cliff Stearns (R-Fla.).
According to a briefing memo on the bill, its creation was prompted by, among other things, changes to Facebook privacy settings and the collection of data from WiFi networks by Google Street View cars.
"The purpose of this bill is to foster transparency about the commercial use of personal information and provide consumers with meaningful choices about the collection, use, and disclosure of such information," according to the memo.
The bill would require companies to provide "concise, meaningful, timely, prominent, and easy-to-understand notice to users about their privacy policies, including what information is being collected and why. Among the criticisms of current online privacy policies is that they are buried inside lengthy statements.
The bill would not apply some of its requirements if a company "participates in a Safe Harbor Self-Regulatory Choice Program approved by FTC." The Federal Trade Commission would be charged with coming up with templates for the kind of notice companies would have to provide of their data collection policies.
And while the FTC's expedited rulemaking authority was excised from the Financial Services bill before it passed, this bill would reinstate it, at least for online privacy. "The bill grants enforcement authority to FTC and the states, including civil penalty authority, and grants FTC streamlined rulemaking authority to implement the bill," according to the memo. Scheduled to testify at the hearing are David Vladeck , director of the FTC Bureau of Consumer Protection; Ed Mierzwinski, consumer program director, U.S. PIRG; Leslie Harris, president, Center for Democracy and Technology; David Hoffman, global privacy officer, Intel Corporation; Ira Rubinstein, adjunct professor, New York University School of Law.