Modernizing Authentication — What It Takes to Transform Secure Access
WASHINGTON -- U.S. lawmakers are preparing to resume the debate over how to craft policies to protect online privacy, and in the House, that process will begin with a largely self-regulatory framework.
Rep. Cliff Stearns (R-Fla.), who has authored privacy legislation in the past, said today that he has developed a draft bill that he hopes to shepherd through at least the subcommittee level to take up before the full Energy and Commerce Committee.
Stearns, speaking here at an event hosted by the Technology Policy Institute think tank, said his draft builds on legislation that he introduced in 2005, and drew heavily on the comments that poured in from industry groups, consumer advocates and others in response to a draft bill that he worked on in the last Congress.
But when the details of the more recent legislation emerged last May, privacy advocates were incensed at the significant latitude it left advertisers, Web companies and other data brokers to use consumers' information to build behavioral profiles for targeting ads.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
If anything, the bill Stearns described today is likely to take a step back, relying entirely on a self-regulatory framework that would emphasize transparency and notice to consumers about what types of information is being collected.
"The bottom line is only the consumer -- only the consumer -- knows what he or she feels about the information being collected and the parties doing the collecting, the purpose for which the information is collected. Congress cannot and should not make that decision for them," Stearns said.
"Overreaching privacy regulation, particularly in the absence of consumer harm, could have a significant negative economic impact at a time when many businesses in our economy are struggling," he added.
Stearns described his legislation as a bid to provide incentives for Web companies and advertisers to bring their privacy practices in line with the best actors in the field. He suggested that the bill would set standards for "clear and easy-to-understand language" describing what personal information is being collected, and how it is used.
"The goal of the legislation is to empower consumers so that they can make their own privacy choices," he said.
Several major Web companies, including Google (NASDAQ: GOOG), Yahoo (NASDAQ: YHOO) and Facebook, have been pushing out new mechanisms for users to visualize how their information is being used, and working to provide more intuitive settings to limit or opt out of data collection.
Stearns also said that his bill would grant the Federal Trade Commission authority to oversee an industry-led self-regulatory program for online privacy. While he stressed that the effort would be guided by the industry, he said the legislation would give the FTC enforcement authority in the event of a consumer dispute.
Stearns' announcement of his draft bill follows the release of two major agency reports on the state of play in Internet privacy, one from the FTC, which floated the idea of a browser-based do-not-track opt-out, and another from the Department of Commerce, which advocated an online bill of rights for consumers.
In the Senate, John Kerry (D-Mass.) is continuing his probe into online privacy in the context of establish law on fair information practices, according to aide Daniel Sepulveda, who said today that a hearing on the issue would be scheduled "relatively soon."
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.