Story: Another Online Privacy Bill Filed in House, 2/8/00.

Another Online Privacy Bill Introduced in House

(February 8, 2000). Rep. Frelinghuysen introduced the Online Privacy Protection Act of 2000 in the U.S. House on January 31. It is the House companion to a bill filed in the Senate last April by Sen. Burns and Sen. Wyden.

Related Pages

HR 3560 IH, Online Privacy Protection Act of 2000.

TLJ Summary of Online Privacy Bills in the 106th Congress.

Rep. Rodney Frelinghuysen's (R-NJ) bill, HR 3560 IH, joins a growing list of other pending bills that would regulate privacy practices of web sites and online services.

The bill requires web sites and online services to provide notice of what personal information they collect, how they use it, and how they share it with others.

Specifically, the bill provides that the operator must:

"provide notice on its Web site, in a clear and conspicuous manner, of the identity of the operator, what personal information is collected by the operator, how the operator uses such information, and what information may be shared with other companies"

Also, individuals must be given the opportunity to opt out of having their personal information disclosed to others, for purposes unrelated to those contained in the notice.

The bill also requires web sites and online services to provide individuals both a description and copies of their personal information. Finally, the bill requires web sites and online services to protect the confidentiality of personal information.

The bill gives rule making and civil enforcement authority to the Federal Trade Commission under its jurisdiction over unfair and deceptive trade practices. The bill would preempt state laws, but allow state Attorney Generals to bring civil suits under the federal act on behalf of state residents. The bill does not create any private causes of action.

A staff assistant to Rep. Frelinghuysen told Tech Law Journal that he introduced the bill because he believes that industry efforts at self-regulation have not gone far enough in protecting individuals' privacy online.

The Frelinghuysen bill is the companion bill to S 809 IS, filed by Sen. Conrad Burns (R-MT) and Sen. Ron Wyden (D-OR) on April 15, 1999.

On May 5, 1999, Rep. Rick Boucher (D-VA) and Rep. Bob Goodlatte (R-VA) introduced a bill with a section on online privacy which takes a less regulatory approach. HR 1685 IH, the Internet Growth and Development Act, would only require posted privacy policies. It provides:

Any person operating a commercial Internet website shall clearly and conspicuously provide notice of its collection, use, and disclosure policies with regard to personally identifiable information nation, including---

(1) the personally identifiable information that the website operator collects from individuals visiting the website; and

(2) the uses that the website operator makes of the personally identifiable information, including whether the operator makes the information available to any third parties.

At the other end of the spectrum, Rep. Edward Markey (D-MA) has introduced a bill that provides more draconian measures for regulating online privacy. HR 3321 IH includes much of the language of the Frelinghuysen and Burns-Wyden bills, but then goes further.

FTC Opposes Online Privacy Legislation, 7/13/99.

House Subcommittee Holds Hearing on Online Privacy, 7/14/99.

Reaction to FTC Report on Online Privacy, 7/16/99.

Online Privacy Bill Runs Aground, 7/27/99.

Steve Forbes Gives Speech on Privacy, 12/21/99.

Advocates Split over which Threatens Privacy Most -- Government or Commerce, 12/21/99.

For example, all of these bills require posting of privacy policies, a right to opt out, access to one's records, and security measures. However, the Frelinghuysen and Burns-Wyden bills include many exceptions and exemptions which are not contained in the Markey bill.

Also, the Markey bill adds a private cause of action. Plaintiffs would be able to recover actual damages, or $1,000 per violation, whichever is greater. Moreover, if a violation were willful, the statutory damages could rise to $10,000 per violation. This could lead to a multitude of multi-billion dollar class action lawsuits against online companies.

There are also a large number of other bills that would affect online privacy, but do not deal with online privacy generally. There are a number of bills pertaining to financial privacy, for example.

So far no online privacy bill has been adopted by any committee, although S 809 received a hearing in the Senate Commerce Committee.

The Clinton administration, and especially Secretary of Commerce William Daley, oppose government regulation of online privacy. And of course, electronic commerce companies generally oppose any new legislation. On July 13, 1999, the Federal Trade Commission released an annual report which recommended against any legislation to regulate online privacy at this time. This report effectively undercut efforts to pass an online privacy bill.

Excerpt from speech by Commerce Secretary William Daley.
Re: online privacy.
Event: Fairfax County Chamber of Commerce.
Date: January 14, 2000.
Source: U.S. Department of Commerce.

First, is privacy. Poll after poll shows this is the number one concern of consumers online. People want a choice as to how their personal information will be used.

I have challenged industry to develop enforceable policies, and they have taken me seriously. The number of websites with them has greatly increased.

A thousand websites now have seals from enforcement groups like TRUSTe and BBBOnline, and a thousand more have applications pending. I'm a lawyer, and I can read all the legalese you sometimes see in policy agreements. At least I think I can. But it's a lot easier just to look for seals, which tell consumers: you can trust this place.

Let me also mention, one-third of the largest web advertisers refuse to place ads on sites with no privacy policies. And America Online and several others, like Microsoft, have programs requiring all their stores to adhere to fair information practices.

So, things are moving forward. Could they be better? Absolutely. According to a survey done last year, only one in ten of the most popular sites have good policies, that offer real choice.

So, our challenge is to get more companies to join in. This year we will work with trade associations to educate their members, and to urge them to convince their colleagues to join this effort.

And our challenge is to understand how the latest technologies may affect privacy. Technologies like profiling. That's where companies are able to follow my clicks, and share the information, behind the screen. So they can figure out I'm interested in, say, golf courses in Chicago.

This technology is fantastic for business, and targeting consumers -- but we need to be careful and make sure Americans feel comfortable with this. And we need to give them the choice to know what's being collected behind their backs.

We held a workshop with the Federal Trade Commission, and it got tremendous attention. It's a hot issue. The private sector plans to come back with guidelines in early February, and we are looking forward to seeing them.

And I am pleased to report this year we will convene discussions with the privacy and business communities on biometrics. This technology is a way of identifying me by my thumbprint, or my eyeball. So when I sign on, the computers can tell it's really Bill Daley.