Hollings pulls together Net privacy bill

In an effort to pre-empt all state regulations on Internet privacy, the senator proposes requiring companies to obtain permission from individuals before collecting and sharing their data.

3 min read
Sen. Ernest "Fritz" Hollings, D-S.C., on Thursday introduced an online privacy bill that would force companies to obtain explicit permission from individuals before collecting and sharing information about them.

Hollings' Online Personal Privacy Act aims to make privacy laws consistent across the United States, pre-empting all state statutes and regulations related to Internet privacy. Hollings said the proposal has been significantly narrowed from previous versions and reflects the European Union privacy directive, which recognizes different types of information.

The proposed bill slices online personal information into two camps: sensitive and nonsensitive information. It defines sensitive information as relating to any financial, medical, ethnic identification, religious affiliation, sexual orientation or political data. Before any company can collect, use, disclose or sell sensitive information, they would need the consent of individuals, a procedure known as "opt-in." In addition, the bill would require businesses to provide "opt-out" options when collecting nonsensitive information, such as that related to online purchases of clothing or sports equipment.

"Privacy fears are stifling the development and expansion of the Internet as an engine of economic growth," Hollings, chairman of the Senate Commerce Committee, said in a statement.

Hollings' proposal comes against a backdrop of consumer frustration over consumer data-collection practices. Among other incidents, drugmaker Eli Lilly was in the center of a Federal Trade Commission probe into the disclosure of e-mail addresses of hundreds of people. Three months ago, the FTC concluded that Eli Lilly violated its online privacy policy but that it did not face fines because the incident was unintentional and not a clear case of fraud. The company, however, agreed to bolster its existing security and to create an internal program to prevent future privacy violations.

Hollings' bill would require companies to provide consumers with a "clear and conspicuous" notice on how their personal information will be used and give individuals reasonable access to their data. If companies use or release sensitive information, the bill would let the FTC and state attorney's general take action and would let individuals take their complaints to federal court.

Civil liberties group the Electronic Frontier Foundation (EFF) applauded the inclusion of liability provisions for companies that violated online privacy laws.

"One of the basic elements of any kind of privacy protection is the ability for people to sue or for serious government agencies to sue and therefore cause the company to really do something about privacy. Otherwise, it's just words" said Lee Tien, senior staff attorney for the EFF. "Companies can have all sorts of great privacy polices...but at the end of the day, they don't feel the bite of possible legal liability."

The U.S. Chamber of Commerce, however, disagreed. The organization opposes Hollings' proposal, saying it would hinder online commerce and would open a plethora of class-action lawsuits.

"This proposal is nothing more than a solution in search of a problem," Bruce Josten, executive vice president of the organization, said in a statement.

While Hollings' proposal aims to protect the privacy of consumers, it also would provide online businesses with "a new market of willing consumers." Hollings said because of consumer distrust, companies are losing potential business and collecting bad data, "blocking the Internet and its wide range of services from reaching its full potential."

The Direct Marketing Association (DMA) said it continues to support industry self-regulation on privacy.

"For Internet privacy-related issues, you kind of open up a Pandora's box when you start getting into federal legislation" said Louis Mastria, director of public and international affairs at the DMA. The Internet is "a borderless network...If you start legislating it, you really give the green light to any country in the world to come effectively in the U.S. to set up legislation for us. And that is a concern that we are very, very worried about."

The Senate Commerce, Science and Transportation Committee is expected to hold a hearing regarding online privacy April 25. The co-sponsors of the legislation are Sens. Conrad Burns, R-Mont.; John Kerry, D-Mass; Ted Stevens, R-Ark.; John Rockefeller, D-W.Va.; Daniel Inouye, D-Hawaii; John Breaux, D-La.; Max Cleland, D- Ga.; Bill Nelson, D-Fla.; and Jean Carnahan, D-Mo.