A commercial privacy bill of rights, introduced by John Kerry and John McCain on April 12, will not stop online tracking, although its intentions are good, according to digital rights group Electronic Frontier Foundation (EFF).
The most “glaring defect” in the bill is emphasis on regulating information use and sharing, “rather than the collection of data in the first place,” states the EFF.
The bipartisan bill is meant to establish a code of conduct for how a user’s personal information is used, stored, and distributed.
According to a post on John Kerry’s website, the legislation aims to build consumer trust in the market and protect users from “unscrupulous actors in the market by creating a set of basic rights to which all Americans are entitled.”
The EFF is concerned the bill affects companies using targeted advertising rather than “the unchecked accumulation and storage of data about consumers’ online activities.”
“While EFF applauds efforts to update privacy laws to address the needs and expectations of today’s digital consumers, we can’t help but wish this well-meaning bill provided more comprehensive rights to users. There is a growing public demand for meaningful privacy controls when using the Internet,” states the EFF.
Privacy advocates have been calling attention to issues ofpervasive online tracking for some time. Often intertwined with the issue of behavioral targeting, online tracking refers to the difficult-to-elude mechanisms by which most or all of our reading and other activities on the Web are recorded by third parties, without our knowledge or permission.
Users can currently do quite a bit to take matters into their own hands to guard their private data online. I personally recommend Hotspot Shield, which will encrypt your online data and hide your identity. I wrote a feature on it for The Epoch Times.
Ghostery is also a great tool. It lets you see every bit of tracking information on each website and block any of them.
All around though, the U.S. digital privacy law is in dire need of revision. Most of it is still guided by the Electronic Communications Privacy Act (ECPA) of 1969. The Senate is currently working to revise it — a challenge that Senator Patrick Leahy stated “could be one of Congress’s greatest challenges.”
The new legislation from Kerry and McCain is a good step though. It lays down a few basic rights, including:
- The right to security and accountability: Collectors of information must implement security measures to protect the information they collect and maintain.
- The right to notice, consent, access, and correction of information: Collectors of information must provide clear notice to individuals on the collection practices and the purpose for such collection. Additionally, the collector must provide the ability for an individual to opt-out of any information collection that is unauthorized by the Act and provide affirmative consent (opt-in) for the collection of sensitive personally identifiable information. Respecting companies existing relationships with customers and the ability to develop a relationship with a potential customers, the bill would require robust and clear notice to an individual of his or her ability to opt-out of the collection of information for the purpose of transferring it to third parties for behavioral advertising. It would also require collectors to provide individuals either the ability to access and correct their information, or to request cessation of its use and distribution.
- The right to data minimization, constraints on distribution, and data integrity: Collectors of information would be required to collect only as much information as necessary to process or enforce a transaction or deliver a service, but allow for the collection and use of information for research and development to improve the transaction or service and retain it for only a reasonable period of time. Collectors must bind third parties by contract to ensure that any individual information transferred to the third party by the collector will only be used or maintained in accordance with the bill’s requirements. The bill requires the collector to attempt to establish and maintain reasonable procedures to ensure that information is accurate.
The legislation will also establish a few key methods of making sure this happens:
- Enforcement: The bill would direct State Attorneys General and the Federal Trade Commission (FTC) to enforce the bill’s provisions, but not allow simultaneous enforcement by both a State Attorney General and the FTC. Additionally, the bill would prevent private rights of action.
- Voluntary Safe Harbor Programs: The bill allows the FTC to approve nongovernmental organizations to oversee safe harbor programs that would be voluntary for participants to join, but would have to achieve protections as rigorous or more so as those enumerated in the bill. The incentive for enrolling in a safe harbor program is that a participant could design or customize procedures for compliance and the ability to be exempt from some requirements of the bill.
- Role of Department of Commerce: The Act directs the Department of Commerce to convene stakeholders for the development of applications for safe harbor programs to be submitted to the FTC. It would also have a research component for privacy enhancement as well as improved information sharing.
Photo Credit: Image courtesy of the Electronic Frontier Foundation.