CNET también está disponible en español.

Ir a español

Don't show this again


Net privacy protection measures proposed

Web sites could be forced to disclose their personal data collection practices under regulations being formulated by Sen. Conrad Burns (R-Montana).

    Web sites could be forced to disclose their personal data collection practices under regulations being formulated by Sen. Conrad Burns (R-Montana).

    As promised, the senator publicly posted a draft of the Online Privacy Protection Act, which would require sites to get permission before collecting, using, or sharing any private data they gather from visitors.

    In addition, the proposal calls for sites to clearly post their data collection policies; let surfers "opt-out" of giving up personal details; and give people access to records containing their identifiable information, such as names, addresses, phone numbers, Social Security numbers, and financial transaction data.

    "I believe this draft walks the fine line between protecting one person's privacy without hindering the rights of others," Burns said in a statement.

    But under the proposal, sites could skirt the mandate if they already comply with voluntary guidelines, such as those outlined by the Online Privacy Alliance or the Direct Marketing Association.

    With the exception of the Children's Online Privacy Protection Act passed last year, the online industry has lobbied hard to stave off Net privacy regulations as it scrambles to gain wider adoption of self-regulatory plans.

    Most major Web sites promise to comply with standards similar to those laid out in Burns's proposal. Still, these sites only account for a minor portion of the Net, and critics from the European Union to U.S. privacy advocates have complained that current voluntary privacy protection schemes aren't backed up with strong enforcement mechanisms.

    Privacy advocates have claimed that the safe harbors in Burns's draft are loopholes, and say that they want them closed before the plan is introduced or adopted.

    "The bill is positive in that it recognizes that federal privacy protection needs to extend beyond children," said David Sobel, general counsel for the Electronic Privacy Information Center. "But the question is how easy it might be to get around those provisions. The safe harbors raise the same question that has always been the sticking point--the enforceability of voluntary guidelines."

    Under the draft, the Federal Trade Commission would set standards for the voluntary guidelines and would enforce the law. In response to concerns about the safe harbors today, Burns's camp insisted that the draft would evolve to address any doubts.

    "Like [Burns] said, we're walking a tight line between the privacy advocates and folks who like it the way it is now," said Ben O'Connell, a spokesman for Burns. "I will guarantee that the bill we put online will look different by the time we introduce it."