The bill, the Commercial Privacy Bill of Rights Act, would require companies that collect data from consumers to implement security measures to protect the data. The companies would also be required to provide consumers with “clear notice” about what data was being collected.
Organizations would be required to provide consumers with the ability to opt-out of data collection. For sensitive data, consumers would have to opt-in before any data could be collected.
If enacted, the legislation would be the first comprehensive privacy law in the United States. Current laws cover privacy of certain types of information, such as medical or financial records.
“Americans have a right to decide how their information is collected, used, and distributed, and businesses deserve the certainty that comes with clear guidelines”, said Kerry. “Our bill makes fair information practices the rules of the road, gives Americans the assurance that their personal information is secure, and allows our information driven economy to continue to thrive in today’s global market.”
McCain added: "Consumers want to shop, browse and share information in an environment that is respectful of their personal information….the bill does not allow for the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing. It is this practice that American consumers reject as an unreasonable invasion of privacy.”
The bill would require “robust and clear notice” and an opt-out option for consumers when companies want to transfer information to third parties for behavioral advertising. Consumers would have the ability to access and correct their information or request that the information not be distributed.
Companies and third-parties would only be able to collect enough information from consumers to carry out a transaction or improve service, but that information could only be retained for a “reasonable period of time.”
The bill would require companies that collect information to institute “reasonable procedures” to ensure the information is accurate. The bill would give the Federal Trade Commission the authority to implement the information privacy rules covered in the legislation.
Privacy groups were supportive of the bill. "Senators Kerry and McCain have shown impressive leadership in putting forward a bipartisan bill to address the privacy concerns of the 21st century," said Leslie Harris, president of the Center for Democracy and Technology.
Ioana Rusu, regulatory counsel for the Consumers Union, noted: "This is an important step forward in giving people more control over their personal information online. For the first time, all businesses would have to operate under consistent, mandatory standards for online privacy protection. To us, that's progress."