|Statement by Sen.
Conrad Burns (R-MT) in Congressional Record.
Re: introduction of S 809, the Online Privacy Protection Act.
Date: April 15, 1999.
Source: Congressional Record, April 15, 1999, page S3782.
Mr. BURNS. Mr. President, I am pleased to be joined by the distinguished Senator from Oregon, Mr. Wyden, in introducing a very important piece of legislation, the Online Privacy Protection Act of 1999. Last year, Congress worked together to protect our most vulnerable citizens from unprincipled information gathering online by passing the Children's Online Privacy Protection Act of 1998. That law provided online privacy protection for children up through age 13. Although teens and adults have a greater ability to identify the risks associated with online shopping and browsing, some guidance and protection is needed to ensure that web sites treat information in a fair and uniform way.
Before I tell you what this bill does, let me first tell you what this bill does not do. It does not bury online companies with regulatory paperwork. It does not impose a congressional mandate on privacy policies. It does not force compliance with arcane rules. It does not regulate the internet.
I want to be clear. We are trying to pilot the ship of internet commerce with a very light hand while trying to encourage the efforts currently underway within the online industry.
This bill sets very general guidelines for how an online company treats information it gathers from people interacting with their web sites. First of all, there must be a clear and conspicuous posting of the companies information collection policy. They must note what information is collected, and what they do with it. There must be a clear means for people to opt out of providing this information, if the data collected is not relevant to the web transaction. In fairness, we do allow the web site host to cancel the online transaction if the site visitor doesn't provide all of the needed information. For example, if a person buys a product, but won't give a mailing address, the company can terminate the sale.
A key provision of this bill allows people access to information that was collected and shared with outside companies. We recognize that there are many web sites that collect information to better serve their visitors. Amazon.com keeps track of book requests to help identify other potential books of interest to the customer. We appreciate the prosperity of that data and its use and want to protect and encourage that creativity. As long as the company discloses up front what information it is collecting and keeps that data internal, it won't be forced into disclosure and lose its competitive edge. However, all companies are required to establish and maintain procedures to protect the information that it collects.
To the uninformed listener, this may sound like a lot of regulation and paperwork for online companies to follow. The good news is that this bill recognizes the continuing progress being made in the commercial sector in providing secure and private transactions for customers. Concerns about misuse of information can drive many customers away, and many companies are recognizing the need for establishing some type of privacy rules. It's telling that 60 percent of Fortune 500 Chief Information Officers in a recent poll stated that they wouldn't divulge personal information online.
The Online Privacy Protection Act of 1999 is an important effort to shape the future of online commerce. By getting out front and then staying out of the way, we can create an electronic medium free from big-brother mentality that allows people to move freely through commercial sites without fearing for the data trail they leave behind. This bill is good for industry and good for consumers. I strongly encourage my colleagues to support the passage of this bill.