Reps. Eshoo and Cannon Introduce Online Privacy Bill

(January 24, 2001) Reps. Eshoo and Cannon introduced an online privacy bill in the House. It would prevent a commercial web site operator from collecting personally identifiable information from users of the web site unless it first gives notice of what information is collected and how it will be used, and gives the users the opportunity to limit the use of that information.

Rep. Anna Eshoo (D-CA) and Rep. Chris Cannon (R-UT) introduced HR 237, the Consumer Internet Privacy Enhancement Act, on January 20, 2001. It will likely be just one of many online privacy bills filed in the 107th Congress.

		Rep. Anna Eshoo (D-Silicon Valley)

"Consumers shouldn't have to reveal their life story every time they surf the web," Rep. Eshoo said in a release. "This legislation will help to assure the security that Americans expect when it comes to their privacy."

The bill would give administrative and enforcement authority to the Federal Trade Commission, but also allow states to bring parens patriae actions to enforce it. It provides for no private right of action. The bill would create civil, but not criminal, liability for violation.

The bill defines personally identifying information (PII) to include first name, last name, address, e-mail address, telephone number, social security number, and unique identifying information.

The information which must be included within the notice includes:

• the identity of the operator of the website and of any third party the operator knowingly permits to collect PII from users through the web site;
• a list of the types of PII that may be collected;
• a description of how the operator uses such information, including a statement as to whether the information may be sold, distributed, disclosed, or otherwise made available to third parties for marketing purposes
• a description of the categories of potential recipients of any such PII;
• whether the user is required to provide PII in order to use the website;
• a general description of what steps the operator takes to protect the security of PII; and
• a description of the means by which a user may elect not to have the user's PII used by the operator for marketing purposes or sold, distributed, disclosed, or otherwise made available to a third party.

The bill provides a "safe harbor" for web site operators that have complied with self-regulatory guidelines are issued by seal programs or representatives of the marketing or online industries that are approved by the FTC.

The bill contains the following limited pre-emption language: "No State or local government may impose any liability for commercial activities or actions by a commercial website operator in interstate or foreign commerce in connection with an activity or action described in this Act that is inconsistent with, or more restrictive than, the treatment of that activity or action under this section."

	Rep. Chris Cannon (R-UT)

Rep. Cannon said in release that "in today's high-tech economy, where an increasing amount of consumers depend on the Internet for both work and personal use, it is critical that we establish a set of standards to safeguard their privacy."

"We are going to rely heavily on the marketplace to help define and implement the guidelines established in this bill's language, just as the market has commendably worked with government officials to develop existing privacy standards and seal programs. The federal government can play an important role in bringing some uniformity to privacy policy and preventing the states from developing 50 different standards."

The bill has been referred to the House Commerce Committee, of which Rep. Eshoo is a member.