Wrangling Over Proposed Privacy Laws Continues 177
zurab writes "USA Today reports several U.S. lawmakers introduced a long-awaited privacy bill Wednesday that would allow U.S. businesses to share information about customers who have not explicitly forbidden them to do so. And one of the supporters of this bill - the beloved Mr. Boucher."
The Joy of Opt-out... (Score:5, Insightful)
I mean, otherwise the aforementioned big business would stop paying them campaign contributions and such...
Re:The Joy of Opt-out... (Score:2, Funny)
What's wrong with Opt-out? (Score:3, Interesting)
Re:What's wrong with Opt-out? (Score:2, Insightful)
I count it as a difference between the personal and professional. Information about things -- software, hardware, science in general, the Law -- is not the same as information about an individual. Things don't vote, raise kids, or have emotions.
Personal privacy != Corporate secrecy.
Making promises in legalese (Score:1)
If you ask me for information, make no promises about what you're going to do with it, and I willingly give it to you
What if the entity that asks for information does make promises, but buries them in a ten-page document at a college (commonly called 'legalese') reading level rather than in a one-page privacy policy at an eighth-grade (newspaper) reading level?
Re:What's wrong with Opt-out? (Score:2)
Sound farfetched? In the last six months all credit card companies have sent out changes to their terms and conditions stating that you can no longer sue them - you must use binding arbitration. Don't like it? Just cancel all your credit cards. Which is a bit difficult for those who must travel, rent a car, get some cash far from home, etc. But you have a "choice".
sPh
Re:What's wrong with Opt-out? (Score:2)
Then you have the "choice" of getting a discount card and being tracked, or not eating.
Or opening up your own store, and only getting tracked in aggregate with all the other people who buy from your store. That is, if the "all stores have discount cards" thing actually happens, which it won't.
Re:What's wrong with Opt-out? (Score:2)
And this is without the national ID card which I suspect is coming fairly soon.
sPh
Re:What's wrong with Opt-out? (Score:2)
Well, opinions on that can differ
I vow that if all other stores have discount cards which track your purchases, I will personally open a store which doesn't. So for my lifetime at least, those opinions are wrong.
As a person who reads the fine print on all the "Terms and Conditions" junk sent to me by organizations with which I do business, I really can't agree.
Credit card companies have an oligopoly with much fewer members than "stores".
I think we are about 5 years from having every transaction tracked.
Guess I'll be dead in 5 years. Killed by the government so that they can track people?
And cash won't be an out (in the USofA), since the "USA Patriot Act" has greatly ratcheted down the threshhold for tracking and reporting cash transactions to the government.
What's it down to now? I thought it was still at $10,000.
And this is without the national ID card which I suspect is coming fairly soon.
We already have this national ID card. It's called the license. I once had a Wisconsin sherriff track me down (with help from the FBI) from my domain name, which listed an old address, from which I did not have mail forwarding, to my NJ driver's license, linked that to my NY drivers license, and got my unlisted phone number in NY. All this so he could ask me the name of someone who had a website on my system, and he suspected was sending threatening letters through the USPS.
As an aside, check out this proposal [loc.gov]. Congress wants to make it a crime with a 5 year sentence for lying to your registrar when you register your domain name.
Re:What's wrong with Opt-out? (Score:2)
But prey tell, where will you get the stock for your store? From a wholesaler, eh? And when the wholesaler starts requiring a data dump of your customers' purchase habits before he will make a delivery? Or your bank requires same before it will give you a letter of credit, which you will need to be able to import all those exotic beers?
When "just about everyone" starts capturing data, it really won't be feasible to be the only one who doesn't.
sPh
Re:The Joy of Opt-out... (Score:1)
PROBABLY true, but until they pass a law which prevents me from giving BOGUS information on everything I fill out on the internet this doesn't bother me in the least.
Make the junk data junk (Score:2)
It would be possible to create interesting correlations by registering the same bogus name across multiple sites, this would be reflected automatically if you generated random details from a set of common tables. I can see Nadine doing a lot of shopping.
The possibilities are boundless...
Xix.
Re:The Joy of Opt-out... (Score:1)
"We current have you loosing out on theses free benefits. If you would like benifit we have un marked this box allowing us to use your information. If you would not like theses free benifit please remark."
Nothing, b/c you won't be able to sue if they don't abide by your opt out request.
Coming next (Score:3, Funny)
It's long-awaited? You americans are difficult to understand....
Re:Coming next (Score:2)
"I'll predict a much greater level of Internet usage with these privacy policies in place," Boucher said.
Ok, so if I wasnt going to use the internet before...I am now going to do so just because companies can trade my personal information? If anything, I'd think it would be deterrent. What's he thinking?
The rule (Score:2, Insightful)
I've heard this said about the DMCA too. Ay time businesses talk about balance between themselves and consumers through legislation, I instantly know that it's a terrible idea and I oppose it. They couldn't give a rat's ass about balance or compromise.
Re:The rule (Score:1)
Through the vast arrray of lobbying groups.
Big Business lobbying tends to sound louder than individuals, which is sad, and results in too many irritating bits of legislation (DMCA, I hope not the CBDTPA, et al) getting through.
Re:The rule (Score:2, Interesting)
The right balance. (Score:1)
Re:The rule (Score:1)
Privacy and personal information... (Score:5, Interesting)
Re:Privacy and personal information... (Score:1)
Re:Privacy and personal information... (Score:2)
And of course, once they've bought it, you're not exactly in a position to tell them what they can do with it.
That really doesn't help. (Score:1)
Nor will it ever, as such inalienably ideas are not, should not, and can not be considered property.
Besides being vague and unwieldy, considering such humanistic rights property (such humanistic rights as privacy, freewill, thought, etc.) tends to lead to trouble. Look at the patent system.
Of course, this is all just hyperbole, as redefining privacy as a property changes nothing. It's simply calling X by the name of Y.
Without suggestions of implementation it's only an interesting experiment in etymology.
Perhaps "Code" covers such implementation, though. Admittedly I haven't read it.
Re:That really doesn't help. (Score:1)
Wrong Name (Score:4, Funny)
Re:Wrong Name (Score:2)
Re:Wrong Name (Score:1)
Check out newspeakdictionary.com [newspeakdictionary.com] especially The Principles of Newspeak [newspeakdictionary.com] next time you feel bored.
Full Text of Bill (Score:2)
A BILL
To protect the online privacy of individuals who use the Internet.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the `Online Personal Privacy Act'.
The Congress finds the following:
(1) The right to privacy is a personal and fundamental right worthy of protection through appropriate legislation.
(2) Individuals engaging in and interacting with companies engaged in interstate commerce have a significant interest in their personal information, as well as a right to control how that information is collected, used, or transferred.
(3) Absent the recognition of these rights and the establishment of consequent industry responsibilities to safeguard those rights, the privacy of individuals who use the Internet will soon be more gravely threatened.
(4) To extent that States regulate, their efforts to address Internet privacy will lead to a patchwork of inconsistent standards and protections.
(5) Existing State, local, and Federal laws provide minimal privacy protection for Internet users.
(6) With the exception of Federal Trade Commission enforcement of laws against unfair and deceptive practices, the Federal Government thus far has eschewed general Internet privacy laws in favor of industry self-regulation, which has led to several self-policing schemes, none of which are enforceable in any meaningful way or provide sufficient privacy protection to individuals.
(7) State governments have been reluctant to enter the field of Internet privacy regulation because use of the Internet often crosses State, or even national, boundaries.
(8) States are nonetheless interested in providing greater privacy protection to their citizens as evidenced by recent lawsuits brought against offline and online companies by State attorneys general to protect the privacy of individuals using the Internet.
(9) The ease of gathering and compiling personal information on the Internet, both overtly and surreptitiously, is becoming increasingly efficient and effortless due to advances in digital communications technology which have provided information gatherers the ability to compile seamlessly highly detailed personal histories of Internet users.
(10) Personal information flowing over the Internet requires greater privacy protection than is currently available today. Vast amounts of personal information, including sensitive information, about individual Internet users are collected on the Internet and sold or otherwise transferred to third parties.
(11) Poll after poll consistently demonstrates that individual Internet users are highly troubled over their lack of control over their personal information.
(12) Market research demonstrates that tens of billions of dollars in e-commerce are lost due to individual fears about a lack of privacy protection on the Internet.
(13) Market research demonstrates that as many as one-third of all Internet users give false information about themselves to protect their privacy, due to fears about a lack of privacy protection on the Internet.
(14) Notwithstanding these concerns, the Internet is becoming a major part of the personal and commercial lives of millions of Americans, providing increased access to information, as well as communications and commercial opportunities.
(15) It is important to establish personal privacy rights and industry obligations now so that individuals have confidence that their personal privacy is fully protected on the Internet.
(16) The social and economic costs of establishing baseline privacy standards now will be lower than if Congress waits until the Internet becomes more prevalent in our everyday lives in coming years.
(17) Whatever costs may be borne by industry will be significantly offset by the economic benefits to the commercial Internet created by increased consumer confidence occasioned by greater privacy protection.
(18) Toward the close of the 20th Century, as individuals' personal information was increasingly collected, profiled, and shared for commercial purposes, and as technology advanced to facilitate these practices, the Congress enacted numerous statutes to protect privacy.
(19) Those statutes apply to the government, telephones, cable television, e-mail, video tape rentals, and the Internet (but only with respect to children).
(20) Those statutes all provide significant privacy protections, but neither limit technology nor stifle business.
(21) Those statutes ensure that the collection and commercialization of individuals' personal information is fair, transparent, and subject to law.
SEC. 4. PREEMPTION OF STATE LAW OR REGULATIONS.
This Act supersedes any State statute, regulation, or rule regulating Internet privacy to the extent that it relates to the collection, use, or disclosure of personally identifiable information obtained through the Internet.
TITLE I--ONLINE PRIVACY PROTECTION
SEC. 101. COLLECTION, USE, OR DISCLOSURE OF PERSONALLY IDENTIFIABLE INFORMATION.
(a) IN GENERAL- An internet service provider, online service provider, or operator of a commercial website on the Internet may not collect personally identifiable information from a user, or use or disclose personally identifiable information about a user, of that service or website except in accordance with the provisions of this Act.
(b) APPLICATION TO CERTAIN THIRD-PARTY OPERATORS- The provisions of this Act applicable to internet service providers, online service providers, and commercial website operators apply to any third party, including an advertising network, that uses an internet service provider, online service provider, or commercial website operator to collect information about users of that service or website.
SEC. 102. NOTICE AND CONSENT REQUIREMENTS.
(a) NOTICE- Except as provided in section 104, an internet service provider, online service provider, or operator of a commercial website may not collect personally identifiable information from a user of that service or website online unless that provider or operator provides clear and conspicuous notice to the user in the manner required by this section for the kind of personally identifiable information to be collected. The notice shall disclose--
(1) the specific types of information that will be collected;
(2) the methods of collecting and using the information collected; and
(3) all disclosure practices of that provider or operator for personally identifiable information so collected, including whether it will be disclosed to third parties.
(b) SENSITIVE PERSONALLY IDENTIFIABLE INFORMATION REQUIRES OPT-IN CONSENT- An internet service provider, online service provider, or operator of a commercial website may not--
(1) collect sensitive personally identifiable information online, or
(2) disclose or otherwise use such information collected online, from a user of that service or website,
unless the provider or operator obtains that user's affirmative consent to the collection and disclosure or use of that information before, or at the time, the information is collected.
(c) NONSENSITIVE PERSONALLY IDENTIFIABLE INFORMATION REQUIRES ROBUST NOTICE AND OPT-OUT CONSENT- An internet service provider, online service provider, or operator of a commercial website may not--
(1) collect personally identifiable information not described in subsection (b) online, or
(2) disclose or otherwise use such information collected online, from a user of that service or website,
unless the provider or operator provides robust notice to the user, in addition to clear and conspicuous notice, and has given the user an opportunity to decline consent for such collection and use by the provider or operator before, or at the time, the information is collected.
(d) INITIAL NOTICE ONLY FOR ROBUST NOTICE- An internet service provider, online service provider, or operator of a commercial website shall provide robust notice under subsection (c) of this section to a user only upon its first collection of non-sensitive personally identifiable information from that user, except that a subsequent collection of additional or materially different non-sensitive personally identifiable information from that user shall be treated as a first collection of such information from that user.
(e) PERMANENCE OF CONSENT-
(1) IN GENERAL- The consent or denial of consent by a user of permission to an internet service provider, online service provider, or operator of a commercial website to collect, disclose, or otherwise use any information about that user for which consent is required under this Act--
(A) shall remain in effect until changed by the user; and
(B) shall apply to the collection, disclosure, or other use of that information by any entity that is a commercial successor of, or legal successor-in-interest to, that provider or operator, without regard to the legal form in which such succession was accomplished (including any entity that collects, discloses, or uses such information as a result of a proceeding under chapter 7 or chapter 11 of title 11, United States Code, with respect to the provider or operator).
(2) EXCEPTION- The consent by a user to the collection, disclosure, or other use of information about that user for which consent is required under this Act does not apply to the collection, disclosure, or use of that information by a successor entity under paragraph (1)(B) if--
(A) the kind of information collected by the successor entity about the user is materially different from the kind of information collected by the predecessor entity;
(B) the methods of collecting and using the information employed by the successor entity are materially different from the methods employed by the predecessor entity; or
(C) the disclosure practices of the successor entity are materially different from the practices of the predecessor entity.
SEC. 103. POLICY CHANGES; BREACH OF PRIVACY.
(a) NOTICE OF POLICY CHANGE- Whenever an internet service provider, online service provider, or operator of a commercial website makes a material change in its policy for the collection, use, or disclosure of sensitive or nonsensitive personally identifiable information, it--
(1) shall notify all users of that service or website of the change in policy; and
(2) may not collect, disclose, or otherwise use any sensitive or nonsensitive personally identifiable information in accordance with the changed policy unless the user has been afforded an opportunity to consent, or withhold consent, to its collection, disclosure, or use in accordance with the requirements of section 102 (b) or (c), whichever is applicable.
(b) Notice of Breach of Privacy-
(1) IN GENERAL- If the sensitive or nonsensitive personally identifiable information of a user of an internet service provider, online service provider, or operator of a commercial website--
(A) is collected, disclosed, or otherwise used by the provider or operator in violation of any provision of this Act, or
(B) the security, confidentiality, or integrity of such information is compromised by a hacker or other third party, or by any act or failure to act of the provider or operator,
then the provider or operator shall notify all users whose sensitive or nonsensitive personally identifiable information was affected by the unlawful collection, disclosure, use, or compromise. The notice shall describe the nature of the unlawful collection, disclosure, use, or compromise and the steps taken by the provider or operator to remedy it.
(2) Delay of notification-
(A) ACTION TAKEN BY INDIVIDUALS- If the compromise of the security, confidentiality, or integrity of the information is caused by a hacker or other external interference with the service or website, or by an employee of the service or website, the provider or operator may postpone issuing the notice required by paragraph (1) for a reasonable period of time in order to--
(i) facilitate the detection and apprehension of the person responsible for the compromise; and
(ii) take such measures as may be necessary to restore the integrity of the service or website and prevent any further compromise of the security, confidentiality, and integrity of such information.
(B) SYSTEM FAILURES AND OTHER FUNCTIONAL CAUSES- If the unlawful collection, disclosure, use, or compromise of the security, confidentiality, and integrity of the information is the result of a system failure, a problem with the operating system, software, or program used by the internet service provider, online service provider, or operator of the commercial website, or other non-external interference with the service or website, the provider or operator may postpone issuing the notice required by paragraph (1) for a reasonable period of time in order to--
(i) restore the system's functionality or fix the problem; and
(ii) take such measures as may be necessary to restore the integrity of the service or website and prevent any further compromise of the security, confidentiality, and integrity of the information after the failure or problem has been fixed and the integrity of the service or website has been restored.
SEC. 104. EXCEPTIONS.
(a) IN GENERAL- Section 102 does not apply to the collection, disclosure, or use by an internet service provider, online service provider, or operator of a commercial website of information about a user of that service or website necessary--
(1) to protect the security or integrity of the service or website or to ensure the safety of other people or property;
(2) to conduct a transaction, deliver a product or service, or complete an arrangement for which the user provided the information; or
(3) to provide other products and services integrally related to the transaction, service, product, or arrangement for which the user provided the information.
(b) PROTECTED DISCLOSURES- An internet service provider, online service provider, or operator of a commercial website may not be held liable under this Act, any other Federal law, or any State law for any disclosure made in good faith and following reasonable procedures in responding to--
(1) a request for disclosure of personal information under section 1302(b)(1)(B)(iii) of the Children's Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.) to the parent of a child; or
(2) a request for access to, or correction or deletion of, personally identifiable information under section 105 of this Act.
(c) Disclosure to Law Enforcement Agency or Under Court Order-
(1) IN GENERAL- Notwithstanding any other provision of this Act, an internet service provider, online service provider, operator of a commercial website, or third party that uses such a service or website to collect information about users of that service or website may disclose personally identifiable information about a user of that service or website--
(A) to a law enforcement, investigatory, national security, or regulatory agency or department of the United States in response to a request or demand made under authority granted to that agency or department, including a warrant issued under the Federal Rules of Criminal Procedure, an equivalent State warrant, a court order, or a properly executed administrative compulsory process; and
(B) in response to a court order in a civil proceeding granted upon a showing of compelling need for the information that cannot be accommodated by any other means if--
(i) the user to whom the information relates is given reasonable notice by the person seeking the information of the court proceeding at which the order is requested; and
(ii) that user is afforded a reasonable opportunity to appear and contest the issuance of requested order or to narrow its scope.
(2) SAFEGUARDS AGAINST FURTHER DISCLOSURE- A court that issues an order described in paragraph (1) shall impose appropriate safeguards on the use of the information to protect against its unauthorized disclosure.
SEC. 105. ACCESS.
(a) IN GENERAL- An internet service provider, online service provider, or operator of a commercial website shall--
(1) upon request provide reasonable access to a user to personally identifiable information that the provider or operator has collected from the user online, or that the provider or operator has combined with personally identifiable information collected from the user online after the effective date of this Act;
(2) provide a reasonable opportunity for a user to suggest a correction or deletion of any such information maintained by that provider or operator to which the user was granted access; and
(3) make the correction a part of that user's sensitive personally identifiable information or nonsensitive personally identifiable information (whichever is appropriate), or make the deletion, for all future disclosure and other use purposes.
(b) EXCEPTION- An internet service provider, online service provider, or operator of a commercial website may decline to make a suggested correction a part of that user's sensitive personally identifiable information or nonsensitive personally identifiable information (whichever is appropriate), or to make a suggested deletion if the provider or operator--
(1) reasonably believes that the suggested correction or deletion is inaccurate or otherwise inappropriate;
(2) notifies the user in writing, or in digital or other electronic form, of the reasons the provider or operator believes the suggested correction or deletion is inaccurate or otherwise inappropriate; and
(3) provides a reasonable opportunity for the user to refute the reasons given by the provider or operator for declining to make the suggested correction or deletion.
(c) REASONABLENESS TEST- The reasonableness of the access or opportunity provided under subsection (a) or (b) by an internet service provider, online service provider, or operator of a commercial website shall be determined by taking into account such factors as the sensitivity of the information requested and the burden or expense on the provider or operator of complying with the request, correction, or deletion.
(d) Reasonable Access Fee-
(1) IN GENERAL- An internet service provider, online service provider, or operator of a commercial website may impose a reasonable charge for access under subsection (a).
(2) AMOUNT- The amount of the fee shall not exceed $3, except that upon request of a user, a provider or operator shall provide such access without charge to that user if the user certifies in writing that the user--
(A) is unemployed and intends to apply for employment in the 60-day period beginning on the date on which the certification is made;
(B) is a recipient of public welfare assistance; or
(C) has reason to believe that the incorrect information is due to fraud.
SEC. 106. SECURITY.
An internet service provider, online service provider, or operator of a commercial website shall establish and maintain reasonable procedures necessary to protect the security, confidentiality, and integrity of personally identifiable information maintained by that provider or operator.
TITLE II--ENFORCEMENT
SEC. 201. ENFORCEMENT BY FEDERAL TRADE COMMISSION.
Except as provided in section 202(b) of this Act and section 2710(d) of title 18, United States Code, this Act shall be enforced by the Commission.
SEC. 202. VIOLATION IS UNFAIR OR DECEPTIVE ACT OR PRACTICE.
(a) IN GENERAL- The violation of any provision of title I is an unfair or deceptive act or practice proscribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(b) ENFORCEMENT BY CERTAIN OTHER AGENCIES- Compliance with title I of this Act shall be enforced under--
(1) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of--
(A) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency;
(B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 and 611), by the Board; and
(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Directors of the Federal Deposit Insurance Corporation;
(2) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), by the Director of the Office of Thrift Supervision, in the case of a savings association the deposits of which are insured by the Federal Deposit Insurance Corporation;
(3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the National Credit Union Administration Board with respect to any Federal credit union;
(4) part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part;
(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act; and
(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association.
(c) EXERCISE OF CERTAIN POWERS- For the purpose of the exercise by any agency referred to in subsection (b) of its powers under any Act referred to in that subsection, a violation of title I is deemed to be a violation of a requirement imposed under that Act. In addition to its powers under any provision of law specifically referred to in subsection (b), each of the agencies referred to in that subsection may exercise, for the purpose of enforcing compliance with any requirement imposed under title I, any other authority conferred on it by law.
(d) ACTIONS BY THE COMMISSION- The Commission shall prevent any person from violating title I in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. Any entity that violates any provision of that subtitle is subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of that subtitle.
(e) Disposition of Civil Penalties Obtained by FTC Enforcement Action Involving Nonsensitive Personally Identifiable Information-
(1) IN GENERAL- If a civil penalty is imposed on an internet service provider, online service provider, or commercial website operator in an enforcement action brought by the Commission for a violation of title I with respect to nonsensitive personally identifiable information of users of the service or website, the penalty shall be--
(A) paid to the Commission;
(B) held by the Commission in trust for distribution under paragraph (2); and
(C) distributed in accordance with paragraph (2).
(2) DISTRIBUTION TO USERS- Under procedures to be established by the Commission, the Commission shall hold any amount received as a civil penalty for violation of title I for a period of not less than 180 days for distribution under those procedures to users--
(A) whose nonsensitive personally identifiable information was the subject of the violation; and
(B) who file claims with the Commission for compensation for loss or damage from the violation at such time, in such manner, and containing such information as the Commission may require.
(3) AMOUNT OF PAYMENT- The amount a user may receive under paragraph (2)--
(i) shall not exceed $200; and
(ii) may be limited by the Commission as necessary to afford each such user a reasonable opportunity to secure that user's appropriate portion of the amount available for distribution.
(4) REMAINDER- If the amount of any such penalty held by the Commission exceeds the sum of the amounts distributed under paragraph (2) attributable to that penalty, the excess shall be covered into the Treasury of the United States as miscellaneous receipts no later than 12 months after it was paid to the Commission.
(f) EFFECT ON OTHER LAWS-
(1) PRESERVATION OF COMMISSION AUTHORITY- Nothing contained in this subtitle shall be construed to limit the authority of the Commission under any other provision of law.
(2) RELATION TO TITLE II OF COMMUNICATIONS ACT- Nothing in title I requires an operator of a website or online service to take any action that is inconsistent with the requirements of section 222 of the Communications Act of 1934 (47 U.S.C. 222).
(3) RELATION TO TITLE VI OF COMMUNICATIONS ACT- Section 631 of the Communications Act of 1934 (47 U.S.C. 551) is amended by adding at the end the following:
`(i) To the extent that the application of any provision of this title to a cable operator as an internet service provider, online service provider, or operator of a commercial website (as those terms are defined in section 401 of the Online Personal Privacy Act) with respect to the provision of Internet service or online service, or the operation of a commercial website, conflicts with the application of any provision of that Act to such provision or operation, the Act shall be applied in lieu of the conflicting provision of this title.'.
SEC. 203. ACTIONS BY USERS.
(a) PRIVATE RIGHT OF ACTION FOR SENSITIVE PERSONALLY IDENTIFIABLE INFORMATION- If an internet service provider, online service provider, or commercial website operator collects, discloses, or uses the sensitive personally identifiable information of any person or fails to provide reasonable access to or reasonable security for such sensitive personally identifiable information in violation of any provision of title I then that person may bring an action in a district court of the United States of appropriate jurisdiction--
(1) to enjoin or restrain a violation of title I or to obtain other appropriate relief; and
(2) upon a showing of actual harm to that person caused by the violation, to recover the greater of--
(A) the actual monetary loss from the violation; or
(B) $5,000.
(b) REPEATED VIOLATIONS- If the court finds, in an action brought under subsection (a) to recover damages, that the defendant repeatedly and knowingly violated title I, the court may, in its discretion, increase the amount of the award available under subsection (a)(2)(B) to an amount not in excess of $100,000.
(c) EXCEPTION- Neither an action to enjoin or restrain a violation, nor an action to recover for loss or damage, may be brought under this section for the accidental disclosure of information if the disclosure was caused by an Act of God, unforeseeable network or systems failure, or other event beyond the control of the Internet service provider, online service provider, or operator of a commercial website.
SEC. 204. ACTIONS BY STATES. (a) IN GENERAL-
(1) CIVIL ACTIONS- In any case in which the attorney general of a State has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by the engagement of any person in a practice that violates title I, the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction--
(A) to enjoin that practice;
(B) to enforce compliance with the rule;
(C) to obtain damage, restitution, or other compensation on behalf of residents of the State; or
(D) to obtain such other relief as the court may consider to be appropriate.
(2) NOTICE-
(A) IN GENERAL- Before filing an action under paragraph (1), the attorney general of the State involved shall provide to the Commission--
(i) written notice of that action; and
(ii) a copy of the complaint for that action.
(B) EXEMPTION-
(i) IN GENERAL- Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this subsection, if the attorney general determines that it is not feasible to provide the notice described in that subparagraph before the filing of the action.
(ii) NOTIFICATION- In an action described in clause (i), the attorney general of a State shall provide notice and a copy of the complaint to the Commission at the same time as the attorney general files the action.
(b) INTERVENTION-
(1) IN GENERAL- On receiving notice under subsection (a)(2), the Commission shall have the right to intervene in the action that is the subject of the notice.
(2) EFFECT OF INTERVENTION- If the Commission intervenes in an action under subsection (a), it shall have the right--
(A) to be heard with respect to any matter that arises in that action; and
(B) to file a petition for appeal.
(c) CONSTRUCTION- For purposes of bringing any civil action under subsection (a), nothing in this subtitle shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to--
(1) conduct investigations;
(2) administer oaths or affirmations; or
(3) compel the attendance of witnesses or the production of documentary and other evidence.
(d) ACTIONS BY THE COMMISSION- In any case in which an action is instituted by or on behalf of the Commission for violation of title I, no State may, during the pendency of that action, institute an action under subsection (a) against any defendant named in the complaint in that action for violation of that rule.
(e) VENUE; SERVICE OF PROCESS-
(1) VENUE- Any action brought under subsection (a) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.
(2) SERVICE OF PROCESS- In an action brought under subsection (a), process may be served in any district in which the defendant--
(A) is an inhabitant; or
(B) may be found.
SEC. 205. WHISTLEBLOWER PROTECTION.
(a) IN GENERAL- No internet service provider, online service provider, or commercial website operator may discharge or otherwise discriminate against any employee with respect to compensation, terms, conditions, or privileges of employment because the employee (or any person acting pursuant to the request of the employee) provided information to any Federal or State agency or to the Attorney General of the United States or of any State regarding a violation of any provision of title I.
(b) ENFORCEMENT- Any employee or former employee who believes he has been discharged or discriminated against in violation of subsection (a) may file a civil action in the appropriate United States district court before the close of the 2-year period beginning on the date of such discharge or discrimination. The complainant shall also file a copy of the complaint initiating such action with the appropriate Federal agency.
(c) REMEDIES- If the district court determines that a violation of subsection (a) has occurred, it may order the Internet service provider, online service provider, or commercial website operator that committed the violation--
(1) to reinstate the employee to his former position;
(2) to pay compensatory damages; or
(3) to take other appropriate actions to remedy any past discrimination.
(d) LIMITATION- The protections of this section shall not apply to any employee who--
(1) deliberately causes or participates in the alleged violation; or
(2) knowingly or recklessly provides substantially false information to such an agency or the Attorney General.
(e) BURDENS OF PROOF- The legal burdens of proof that prevail under subchapter III of chapter 12 of title 5, United States Code (5 U.S.C. 1221 et seq.) shall govern adjudication of protected activities under this section.
SEC. 206. NO EFFECT ON OTHER REMEDIES.
The remedies provided by sections 203 and 204 are in addition to any other remedy available under any provision of law.
TITLE III--APPLICATION TO CONGRESS AND FEDERAL AGENCIES
SEC. 301. SENATE.
The Sergeant at Arms of the United States Senate shall develop regulations setting forth an information security and electronic privacy policy governing use of the Internet by officers and employees of the Senate that meets the requirements of title I.
SEC. 302. APPLICATION TO FEDERAL AGENCIES.
(a) IN GENERAL- Except as provided in subsection (b), this Act applies to each Federal agency that is an internet service provider or an online service provider, or that operates a website, to the extent provided by section 2674 of title 28, United States Code.
(b) EXCEPTIONS- This Act does not apply to any Federal agency to the extent that the application of this Act would compromise law enforcement activities or the administration of any investigative, security, or safety operation conducted in accordance with Federal law.
TITLE IV--MISCELLANEOUS
SEC. 401. DEFINITIONS.
In this Act:
(1) COLLECT- The term `collect' means the gathering of personally identifiable information about a user of an Internal service, online service, or commercial website by or on behalf of the provider or operator of that service or website by any means, direct or indirect, active or passive, including--
(A) an online request for such information by the provider or operator, regardless of how the information is transmitted to the provider or operator;
(B) the use of a chat room, message board, or other online service to gather the information; or
(C) tracking or use of any identifying code linked to a user of such a service or website, including the use of cookies or other tracking technology.
(2) COMMISSION- The term `Commission' means the Federal Trade Commission.
(3) COOKIE- The term `cookie' means any program, function, or device, commonly known as a `cookie', that makes a record on the user's computer (or other electronic device) of that user's access to an internet service, online service, or commercial website.
(4) DISCLOSE- The term `disclose' means the release of personally identifiable information about a user of an Internet service, online service, or commercial website by an internet service provider, online service provider, or operator of a commercial website for any purpose, except where such information is provided to a person who provides support for the internal operations of the service or website and who does not disclose or use that information for any other purpose.
(5) FEDERAL AGENCY- The term `Federal agency' means an agency, as that term is defined in section 551(1) of title 5, United States Code.
(6) INTERNAL OPERATIONS SUPPORT- The term `support for the internal operations of a service or website' means any activity necessary to maintain the technical functionality of that service or website.
(7) INTERNET- The term `Internet' means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio.
(8) INTERNET SERVICE PROVIDER; ONLINE SERVICE PROVIDER; WEBSITE- The Commission shall by rule define the terms `internet service provider', `online service provider', and `website', and shall revise or amend such rule to take into account changes in technology, practice, or procedure with respect to the collection of personal information over the Internet.
(9) ONLINE- The term `online' refers to any activity regulated by this Act or by section 2710 of title 18, United States Code, that is effected by active or passive use of an Internet connection, regardless of the medium by or through which that connection is established.
(10) OPERATOR OF A COMMERCIAL WEBSITE- The term `operator of a commercial website'--
(A) means any person who operates a website located on the Internet or an online service and who collects or maintains personal information from or about the users of or visitors to such website or online service, or on whose behalf such information is collected or maintained, where such website or online service is operated for commercial purposes, including any person offering products or services for sale through that website or online service, involving commerce--
(i) among the several States or with 1 or more foreign nations;
(ii) in any territory of the United States or in the District of Columbia, or between any such territory and--
(I) another such territory; or
(II) any State or foreign nation; or
(iii) between the District of Columbia and any State, territory, or foreign nation; but
(B) does not include any nonprofit entity that would otherwise be exempt from coverage under section 5 of the Federal Trade Commission Act (15 U.S.C. 45).
(11) PERSONALLY IDENTIFIABLE INFORMATION-
(A) IN GENERAL- The term `personally identifiable information' means individually identifiable information about an individual collected online, including--
(i) a first and last name, whether given at birth or adoption, assumed, or legally changed;
(ii) a home or other physical address including street name and name of a city or town;
(iii) an e-mail address;
(iv) a telephone number;
(v) a birth certificate number;
(vi) any other identifier for which the Commission finds there is a substantial likelihood that the identifier would permit the physical or online contacting of a specific individual; or
(vii) information that an Internet service provider, online service provider, or operator of a commercial website collects and combines with an identifier described in clauses (i) through (vi) of this subparagraph.
(B) INFERENTIAL INFORMATION EXCLUDED- Information about an individual derived or inferred from data collected online but not actually collected online is not personally identifiable information.
(12) RELEASE- The term `release of personally identifiable information' means the direct or indirect, sharing, selling, renting, or other provision of personally identifiable information of a user of an internet service, online service, or commercial website to any other person other than the user.
(13) ROBUST NOTICE- The term `robust notice' means actual notice at the point of collection of the personally identifiable information describing briefly and succinctly the intent of the Internet service provider, online service provider, or operator of a commercial website to use or disclose that information for marketing or other purposes.
(14) SENSITIVE FINANCIAL INFORMATION- The term `sensitive financial information' means--
(A) the amount of income earned or losses suffered by an individual;
(B) an individual's account number or balance information for a savings, checking, money market, credit card, brokerage, or other financial services account;
(C) the access code, security password, or similar mechanism that permits access to an individual's financial services account;
(D) an individual's insurance policy information, including the existence, premium, face amount, or coverage limits of an insurance policy held by or for the benefit of an individual; or
(E) an individual's outstanding credit card, debt, or loan obligations.
(15) SENSITIVE PERSONALLY IDENTIFIABLE INFORMATION- The term `sensitive personally identifiable information' means personally identifiable information about an individual's--
(A) individually identifiable health information (as defined in section 164.501 of title 45, Code of Federal Regulations);
(B) race or ethnicity;
(C) political party affiliation;
(D) religious beliefs;
(E) sexual orientation;
(F) a Social Security number; or
(G) sensitive financial information.
SEC. 402. EFFECTIVE DATE OF TITLE I.
Title I of this Act takes effect on the day after the date on which the Commission publishes a final rule under section 403.
SEC. 403. FTC RULEMAKING.
The Commission shall--
(1) initiate a rulemaking within 90 days after the date of enactment of this Act for regulations to implement the provisions of title I; and
(2) complete that rulemaking within 270 days after initiating it.
SEC. 404. FTC REPORT.
(a) REPORT- The Commission shall submit a report to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Commerce 18 months after the effective date of title I, and annually thereafter, on--
(1) whether this Act is accomplishing the purposes for which it was enacted;
(2) whether technology that protects privacy is being utilized in the marketplace in such a manner as to facilitate administration of and compliance with title I;
(3) whether additional legislation is required to accomplish those purposes or improve the administrability or effectiveness of this Act;
(4) whether legislation is appropriate or necessary to regulate the collection, use, and distribution of personally identifiable information collected other than via the Internet;
(5) whether and how the government might assist industry in developing standard online privacy notices that substantially comply with the requirements of section 102(a);
(6) whether and how the creation of a set of self-regulatory guidelines established by independent safe harbor organizations and approved by the Commission would facilitate administration of and compliance with title I; and
(7) whether additional legislation is necessary or appropriate to regulate the collection, use, and disclosure of personally identifiable information collected online before the effective date of title I.
(b) FTC NOTICE OF INQUIRY- The Commission shall initiate a notice of inquiry within 90 days after the date of enactment of this Act to request comment on the matter described in paragraphs (1) through (7) of subsection (a).
SEC. 405. DEVELOPMENT OF AUTOMATED PRIVACY CONTROLS.
Section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3) is amended--
(1) by redesignating subsection (d) as subsection (e); and
(2) by inserting after subsection (c) the following:
`(d) DEVELOPMENT OF INTERNET PRIVACY PROGRAM- The Institute shall encourage and support the development of one or more computer programs, protocols, or other software, such as the World Wide Web Consortium's P3P program, capable of being installed on computers, or computer networks, with Internet access that would reflect the user's preferences for protecting personally-identifiable or other sensitive, privacy-related information, and automatically execute the program, once activated, without requiring user intervention.'.
END
reaction? (Score:4, Insightful)
Or do they?
Look at your average computer user. He (or she) doesn't use PGP, has insecure passwords, will gladly install spyware in exchange for a P2P client, and is all too willing to help email worms propogate. Now, don't try to tell me that this hypothetical (but all too real) user wouldn't give up his entire purchasing habits to save himself 7 clicks a month on AOL.
He would be delighted if he could be greeted with "I bet you want the new WWF video: click here to order" when he logged in. That's what this information sharing does. And the public is going to eat it up.
Meanwhile, the fraction of us who actually care about this kind of thing pay the price. The only sensible thing to do? Become what we hate the most. Format /dev/hd* and install Windows and AOL. Your browser votes don't count unless your user agent says MSIE, and your purchases don't count unless they're through AOL or MSN. We have to make a choice between Free Software and privacy. Once we've saved privacy, then maybe Linux will come back...who knows? But for now, we need to put Linux aside as we prepare for the real battle.
Re:reaction? (Score:2)
Or do they?
Reading through the privacy policy of every site I visit is not worth my time. Paying the extra taxes in order to enforce a law requiring opt-in would require much less of my time and might be worth it.
That said, I don't really care whether companies share information, as long as there are reasonable restrictions on how they advertise. Ads at the bottom of newsletters are ok, but spam is not. Banner and text ads are fine, and I can just leave your site if I find your interstitials annoying, but pop-up ads should not be legal. Bulk snail-mail is ok, but print it on recycled paper. Don't use the word "free" inappropriately -- "Get 12 CDs for the price of 1" is ok, but "Get 11 CDs free*!" is not.
By the way, the kind of targeted advertising you mention doesn't require companies to share information about specific customers. AOL can target the ads itself without giving your personal information to WWE.
Regarding spyware, I don't see that as a privacy issue, but rather a breaking-and-entering issue. It's illegal, and it would be nice if the government enforced its existing laws, but I don't think it needs to be part of the debate over whether companies should be able to share personal information.
Re:reaction? (Score:2)
I'd bet your Congresscritters too would be delighted if he could be greeted with "I bet you want the new WWF video: click here to order" when he logged in.
I'd bet that his secretary who reads all his emails appreciates that information too.
He may have to hire more secretaries when he realises just the wealth of information out there in his mailbox waiting to be read.
He's probably just too busy to sign up for these himself.
Maybe some enterprising individual can assist their representative?
(Disclaimer: I am not in the US, and am only guessing your rep likes WWF, since we don't get it here. It is your own responsibility to find out your rep's interests.)
This will affect net usage? (Score:4, Insightful)
I fail to see how this will work at statistical levels - it might encourage some people who have abstained to return to the 'net, but the vast majority, those simple casual users? The use of the word much is inappropriate here.
Put it this way: if you were to hold a random sampling of U.S. citizens on internet privacy, you would likely get a lot of semi- or un-informed views on it. The reason is simple: it's not considered important enough by society at large. If/when privacy becomes a big thing in the media and in government, only then will the population at large (who are being spoonfed by popular media, remember) feel that it is important enough to become an issue.
Until then, it remains an issue for the interested parties and the various lobby groups. The average internet user doesn't care, so there will be no upswing, no "much greater level", nice as it would be to believe that Mr. Average Midwestern Suburbian spends as much time as we do reading up on issues such as this.
Re:This will affect net usage? (Score:2)
Except for a few situations, the idea of privacy is largely left to the savvy of the consumer. In the real world it is largely your burden to learn how to navigate it. Many times you can negotiate terms of a contract, be it employments, car purchase, rental agreement, home purchase, asking for special rates (e.g., airlines tickets, car rentals); etc. Businesses are not going to endorse the idea of begin required to inform you of your right to negotiate price because you would, and they want you to pay as much as you are willing to. That's capitalism. Teh details are left to the consumer as an exercise.
By contrast, there is a law in place to protect civil rights and help prevent abuse by law enforcement. That is, when the police arrest you (or so I have heard (grin)), they read you your Miranda rights (You have the right to remain silent; have your attorney present; etc.). And people like a fence around their yard, caller ID, and no government installed spycams in their dwellings, etc.
People don't see privacy as an all-around fundamental human right. The default case is one of no privacy unless enforced either by law or individual action.
Re:This will affect net usage? (Score:2)
"I'll predict a much greater level of Internet usage with these privacy policies in place," Boucher said.
Oh boy, I just can't wait to get a lot more spam messages for herbal Viagra in my mailbox.
And they thought that increased Internet usage would automatically be a good thing...
Re:This will affect net usage? (Score:1)
Boucher went on to predict that, after these privacy policies are in place, world population would increase, the Earth would rotate about its axis roughly once a day, and we would progress towards the heat death of the universe at an ever-increasing pace.
Opt out policy (Score:4, Insightful)
Re:Opt out policy (Score:4, Interesting)
Look what happened to doubleclick...
Re:Opt out policy (Score:2)
Ok, all this going through hoops of fire to opt out is too much. I agree 100% there.
But...say I'm using a hotmail or yahoo email account. I'm definitely sick of all those x10 banners and pop[up,under] windows. And what's with all the match.com banner ads? I'm married! I dont need a date.
Since most of the free web services are advertiser supported, it'd be great if I could just see ads that actually interested me. Computers, tech stuff, whatever. Not how to lose 40 lbs.
Doublelick? What doubleclick? (Score:2)
I can't, that was the first bogus entry I added to my Squid/DNS.
If this thing flies, we'll have to populate participant's DBs with spurious and junk data. Just like how I subscribed several pets to Reader's Digest junkmail.
Xix.
Boucher has it right (Score:4, Insightful)
This might work out for the best--getting Joe Public caring about privacy issues, even if it is a small start. I can just see the news story now:
Reporter: Mister Manager of Wal-Mart, how do you explain losing some of your business to Target?
Mister Wal-Mart: Well, they don't offer our customers the opportunity to receive special offers from our sister stores.
Reporter: So you're losing sales because you sell information about your customers?
Mister Wal-Mart: Uhhhhhh
Re:Boucher has it right (Score:1)
This actually happened to me. They sent me something saying the policy would change, and go to some page to opt out. So I did. Then a day after their final date, they sent me another saying the exact same thing, just like a funny previous post about the "submit" button not working, strangely - "Oh, we'll have it fixed within 24 hours after the deadline".
Re:Boucher has it right (Score:1)
We have no leverage to keep the terms from changing. Resistance is futile.
Re:Boucher has it right (Score:2, Interesting)
a) everybody is discouraged
b) no sane person would provide backing.
Re:Boucher has it right (Score:2)
On the other hand, your example will apply very well to the next elections. Candidates who did not care about my privacy will not get my vote.
Re:Boucher has it right (Score:2)
Re:Boucher has it right (Score:1)
Re:Boucher has it right (Score:2)
Why even bother passing the law then? It doesn't seem to change the situation any.
Because by passing the law federally it overrides any state law.
Re:Boucher has it right (Score:1)
Face it. This gives the user no on going protection. The protection is only available to the terms of the transaction. Most of those have a clause that allows the store to change the conditions of the transaction at any time. And in the case of bankruptcy the contract is considered null and void.
Re:Boucher has it right (Score:2)
If the store doesn't COLLECT the information, then it can't be declared valuable property because it doesn't exist. I think that was the entire point. Not the creation of a store that doesn't use your information for bad things, but a store that doesn't collect your information at all.
Kintanon
Re:Boucher has it right (Score:2)
The main problem of course, is that most people are downright awful at assessing future risk, especially when compared to immediate gain. So Store B might be violating privacy left and right -- but then they offer prices a penny lower, and the consumer says `hmmmm, maybe store B will forget to sell my information, and hey, a penny!' [and then subsequently loses all he owns in a blood-frenzy of con-men]
[Now I'll just step back for the chorus of `let them screw themselves! I'm elite, I'd never fall for it!']
This is brain-dead. (Score:2)
Yet another law that helps corporations at our expense, because they apparantely have more rights than we do. At least certain congressmen (Mr. Boucher, Mr. Hollings, anyone?) think that's true.
-Evan
So? (Score:1, Troll)
Or do they have to encode your personal information into MP3 form before it's okay to distribute it?
It's Democracy (Score:1)
Meet John Doe (Score:2)
Watch "Meet John Doe". I also felt like jumping off a bridge by the end.
Real Privacy Legislation (Score:4, Interesting)
Compare and contrast that travesty with UK Data Protection Act 1998 [hmso.gov.uk]. To summarise
(source: http://www.dataprotection.gov.uk/principl.htm [dataprotection.gov.uk])
Note that last point - the US at present does not have 'adequate protection' (ie protection to an equivalent level). This proposed bill takes it further away.
Something else to note - the enforcement of this will only get stricter when the new Data Protection Commissioner takes office.
Re:Real Privacy Legislation (Score:1)
Just because the legistate it dosent mean anyone pays any attention, it's a bit like speeding laws.
Speeding laws (Score:1)
where do you live? In London there are speed-cameras, red-light cameras, bus-lane cameras etc. every ten yards. Speeding and other traffic offenses are seen as a major revenue centre for local authorities and enforced accordingly!
When they get connected to face-recognition software this will have major security implications.
Of course, you can opt-out of junk mail and unsolicited phone calls (and treat any offenders as a revenue centre at £500 ($750?) a time yourself).
Re:Speeding laws (Score:2)
Re:Real Privacy Legislation (Score:2)
You'll get precious little of it from countries with real Data Protection legislation (the EU, Switzerland, New Zealand). The legislation is enforced.
Better Than Now At Least (Score:2)
That said, I still prefer the competing bill overall.
Jason
No it wouldn;t (Score:2)
No it wouldn't, because you wouldn't have any legal action against them if they break it. And I never have heard much in the way of the FTC. We would be completly reliant that the FTC bears of this, and actualy doing something.
"Consumers would have no right to sue if their privacy was violated. Enforcement would be left in the hands of the Federal Trade Commission, which usually does not impose fines on a first offense."
Doesn't Really Matter (Score:2, Insightful)
Then there are the laws that I even take the time to sign petitions for and write to my representatives, like CARP ( http://www.live365.com/carp/ if you've been living in a box ). Hordes of people objected to this law, yet it still was passed.
The government is not listening. You might be able to get someone to listen to you during an election year, if you're lucky. Maybe you could claim to have to pick up can along the highway to pay your CARP royalty fees and Gore could talk about you. But otherwise, it's a sad waste of time.
Then there's the hypocracy of the people that call for these petitions. Example: Right here in Milwaukee, we had a controversy about with our City Pension Plan and a million dollar lump sum payout. The elected offical that signed the bill was forced to resign amidst a recall campaign. Sound like the population taking on their civic duty, right? Well, in the emergency election to fill his position, only 1 in 5 of the people that signed the recall petition actual voted. 4 of 5 just wanted to kick the government were ever they could get a shot in.
In the end, you might catch one bill, you might get someone important to object to it, you might even get enough people on your side to oppose the law, but unless you can give a senator a better hand job than the lobbist, they'll get their way eventually.
Who would vote against a Privacy Bill? (Score:1)
I could sponsor legislation to grind up kittens and baby seals to pave our highways, and as long as I named the bill something like the "Privacy Bill", every legislator would vote in favor. No one wants to go on record as being against a "Privacy Bill".
This is one of the flaws in our short-attention-span news coverage. No one investigates in depth. Everyone assumes the name of the bill represents the contents. (PATRIOT Act anyone?) And so we get politicos voting on the name of the bill, rather than the content.
Re:Who would vote against a Privacy Bill? (Score:2)
No right to sue (Score:5, Insightful)
This is the part of the bill that I find particularly noxious and annoying. I can (with regret) swallow the rest of the bill, as long as the company gives me the explicit choice, whenever they collect the information, about whether I want to prevent them from selling the information to other people.
But this... When a company breaks the law, and they violate my privacy, I have a right to sue their asses off! I have a right (a moral right, not a legal one, IANAL) to publicly punish them and make damn sure they never do this again and get appropriate compensation for violating my privacy. This bill specifically would take away this right from me.
"Oh, I'm sorry, we didn't realize we were violating your privacy! All those magazine companies now know your income level? Whoops, our bad! But we're just going to do it again, because we have no incentive to obey the law!"
Laws don't mean anything without teeth. Remove the teeth, might as well not even have the law.
Boucher received a phone call... (Score:1)
--
Re:Boucher received a phone call... (Score:2)
Even if it was a joke, even if it was a reference to something famous, never, ever even imply anything about assassination of a policitcal representative. This is doubly true in today's climate.
I hope you don't get in shit for a stupid joke on Slashdot, but at least one guy got harassed by the feds over a post on kuro5hin, that discussed methods of terrorism in an acedemic way.
Besides, Boucher is a fairly cool guy. Just remember who he represents, high tech internet companies. This is why he is against the DMCA, and this is also why he is in favor of this bill. I think he is misguided on this one, but I think that's his ultimate motivation.
Re:Boucher received a phone call... (Score:2)
Anyway, my comment isn't even close to approaching Jim Bell [jya.com] levels, or that dude on Howard Stern who wouldn't back down in seriousness and got a visit from the NSA.
Besides, I don't think many people could argue that things are bad enough yet to warrant fixing corruption with murder. Voting still works... sortof.
(I think I've prolly set off more echelon red flags in this post than the previous :)
--
Speak up, stop complaining here... (Score:2)
Would this qualify as an oxymoron? Exactly how does releasing my private information qualify as privacy? Have these people ever opened a dictionary? Mr. & Mrs. Public would be up in arms if then knew they leaders were voting to allow their credit card companies access to their medical records. If you are sick isn't there a good chance you may miss a payment? Further, if you have a genetic pre-disposition to a disease, regardless of whether you have it, your employer should know, shouldn't they?
A group of business leaders from high-tech firms said the bill struck the right balance between consumers and businesses
A "group of business leaders". Would this be the same group being paid to collate and distribute this data? Or perhaps, the people that want the data? In either case, at least they are honest enough to admit the public is either in the dark or against it. [Okay, that is my spin... ]
I'll predict a much greater level of Internet usage with these privacy policies in place," Boucher said.
Amazing is that as a republican, who should be for more local government and smaller federal government, we have instead the rider that states this will override more restrictive local laws. Even more amusing (frightening?) is his biography which lists him as "a leading architect of federal policy for the Internet." I am really pressed to put some type of sarcasm here, but nothing I could say would be more foolish than his statement.
I know I make this pitch every time one of these things get started, but contact your representatives.
House of Representatives [house.gov]
Senators [senate.gov]
And please remember: Be concise, polite, and on paper (fax may even be better as it is not double processed through the mail). In addition, CC the letter to your local newspaper's letter to the editor and you may as well try their email address. (But remember the study done last year, most representatives do not read emails)
Re:Speak up, stop complaining here... (Score:1)
Re:Speak up, stop complaining here... (Score:2)
"Amazing is that as a republican, who should be for more local government and smaller federal government, we have instead the rider that states this will override more restrictive local laws..."
FYI - Rep. Boucher is a Democrat.
What a bloody joke! (Score:2)
"Sponsors said the bill would establish basic privacy protections for consumers while minimizing the impact on business."
OK, this seems reasonable at face value. Now let's see what protections consumers will in fact get from this bill.
More than a year in the making, the privacy bill unveiled in the House differs from a competing bill making its way through the Senate that would require businesses to get consumers' explicit permission before sharing sensitive information such as income level, religious affiliation or political interests.
Not that I think the Senate bill goes quite far enough for my liking, this opt-out policy essentially states that businesses will be free to do whatever they please with my information, especially if it turns out that businesses can reset their customers' privacy preferences (cough...Yahoo...cough) at any time. So I think the word negligible best describes our privacy rights under this bill.
Let's assume that this bill does give us Americans a few crumbs of privacy. Here's what will happen to businesses that violate these rights:
Consumers would have no right to sue if their privacy was violated. Enforcement would be left in the hands of the Federal Trade Commission, which usually does not impose fines on a first offense.
Companies submitting to a self-regulatory privacy regime such as TRUSTe or BBBonline would enjoy protection from FTC actions.
We all know how valiantly TRUSTe fights for consumers' privacy rights and how fiercely they punish businesses that violate their privacy policies, right. Give me an effing break! Not only do we end up with very few privacy protections, but the maximum punishment for violating the few rights (at least the first time around) that we have is a rebuke from a government bureau or an industry organization? Sounds like a great bill to me.
It seems like the Senate bill is going to be the best case scenario for privacy advocates in this country, and the more likely scenario is a compromise between the House bill and Senate bill. In other words, we Americans will be lucky if the few basic protections we have regarding the privacy of bank and medical records we have still exist when the President signs whatever comes out from Congress. If only there was a "Control-Alt-Delete" option on ballots that indicated a desire for all 535 members of Congress and the President to be removed at the same time instead of having a voice over at most 4 of these officials' futures...
One last thought: if this bill were to pass, maybe we could boomerang it back onto Big Business. The Supreme Court has decided that corporations are people, right? Corporations purchase services from people (e.g. developing software, fixing cars, making purchasing decisions), and often give those employees access to proprietary data in the process. Could the courts conclude that businesses have no right to privacy as well, claiming that the employees can reset the company's "privacy policy" (NDA) at any time, like businesses do to customers? Then, maybe, just maybe, things might not be so bad after all...
It had to have no teeth (Score:1)
Just move payment / data store to another country even a seeland. All you do is allow somone to clooect things on your us website then when it comes to payments say payments are handled by our truested corp xyz
xyz then collects all the infomation out of the duristiction of us and pays no us tax it can then sell the details to anyone it likes.
Privacy bills have to allow corps enough freedom to do what the hell they like or they will just leave your country
"Balance" (Score:1)
The right thing to for your people isn't always the best thing for your people.
In this case, the right thing to do, obviously, is to protect privacy and require opt-in, not opt-out.
Opt-out begs for spam, while opt-in will simply result in illegal spam. Illegal means it cannot fund a big business. The reason this is bad, is because a fair part of the *tech* economy revolves around advertising distribution.
Notice the tech economy troubles? Well, the government needs to step in to keep the wonderful tech developments we all take for granted comming. The best thing for the people, clearly, is to keep the mainstream free software and services alive, and thus keep the tech economy going strong.
The annoying deleting of spam pays for things of which we enjoy the use.
This anti-privacy bill is a feeble attempt, methinks, because the tech industry is affected little by spam. Now setting the heartless calculating and decision-making econ people have to do aside, I bloody well hate opt-out. I think if any government measure is taken, it should not be another false inflation of the tech economy.
Re:"Balance" (Score:2)
Why?
And the reaction? (Score:2)
<VOICE type=luke-skywalker>
NOOOOOOOOOOOOOOOOOOOOOOOOOO
</VOICE>
I hereby declare (Score:2)
It is the responsibility of any person wishing to use such information to read the online publication Slashdot, and all it's user postings, to avoid being lible by not knowing that I have made this proclamation.
Consider yourself warned.
Where do I sign....? (Score:2, Interesting)
Does this mean that every company that asks for information from you in any way would have to provide a mechanism for you to explicitly tell them they can't share your information? Does this mean a business can share my information as soon as they get it because I, the little consumer, have to go out on my own and specifically contact someone at the company who gives a rat's ass and tell them they can't share it?
This bill certainly implies there should be a clear way to do this, but we all know that anything a law might imply does hold water, it just becomes another loop hole. I don't think a microscopic check box at the bottom of some long form is going to cut it.
Opt-out -v- Opt-in in the UK (Score:2)
Here, most data is opt-out, but sensitive data (health, politics, sexual behaviour, financial information) is opt-out. And that's enforced by law.
However, if you want to share it with a third party (even an unrelated arm of the same group of companies), it's all opt-in.
Oh, and if you want to use any data, you have to be registered. The Data Protection Commissioner who runs the register has the power to stop you using your database on suspicion of mis-using data. Which costs a lot if you're British Gas [house.co.uk], who had just this happen to them a couple of years back.
It's a powerful dissuader...
Do no harm...to who? (Score:1)
The free flow of my information is what has been keeping this economy going? What economy is he living in?
"The underlying principle that anchors this bill is, 'do no harm,' " he said.
Do no harm to who? Your representing me and any time my privacy is violated I incur harm.
If you people really cared about privacy... (Score:2, Interesting)
Of course, just the thought eliminating income taxes (versus a consumpion/sales tax only) makes the people at the ACLU or the Center for Democracy and Technology jump out of their skin. So I want to ask people (especially those who lean to the left), "If you care so much about privacy, don't yo uthink we should eliminate income taxes?"
Copyright (Score:1)
Opt-in (Score:2)
Standard operating procedure: (Score:2)
I Want a Law (Score:3, Insightful)
My law, new style, could be called "No False Advertising in Congress". Old style, it could be called, "Misleading People for a Better America" or "Beef Jerky" or something.
Blah.
-Puk
The REALLY sad thing is... (Score:2)
Billy Tauzin Strikes Again! (Score:2)
The same Billy Tauzin that's in BellSouth's back pocket and is currently sponsoring a bill to increase the Baby Bells' monopoly powers? YES INDEED!
I swear this November just can't come soon enough... maybe I should start writing letters to the local papers now...
my thoughts (Score:2)
It would be interesting to know which tech businesses are behind this. That way I can keep a closer eye on my dealings with them.
As others have said, I don't see how this is a privacy bill. Its best described as an anti-piracy or piracy removal effort.
And I definitely don't understand why this would make more people use the internet. Unless I misread the intent, this would make people more wary of giving out information for fear that they would accidentally be releasing a company to use their sensitive info in any way they choose.
And taking away a person's right to sue? I thought that was in the constitution. : )
From the article... (Score:2)
The bill would cover transactions both on the Internet and in the "offline" world, and would override state laws that place more restrictions on commercial use of personal information. Sponsors said the bill would establish basic privacy protections for consumers while minimizing the impact on business.
...
"Consumers would have no right to sue if their privacy was violated. Enforcement would be left in the hands of the Federal Trade Commission, which usually does not impose fines on a first offense.
Companies submitting to a self-regulatory privacy regime such as TRUSTe or BBBonline would enjoy protection from FTC actions."
This is absolutely obscene. It overrides more restrictive state laws (so much for Republicans respecting states' rights), removes consumers' right to sue when they are wronged, and protects companies who enroll in TrustE's BS service to escape FTC punishment when they violate the rules. Sounds like those campaign bribes, er, contributions are paying off big.
Privacy damn well better be default. (Score:2)
The reason for this is really very simple.
I don't want to fucking spend my time and money on having to respond every gawd damn company tellin them NO!
I'm a long term US citizen, IS that enough to get respect?!!!
Re:This is clearly Bush's fault (Score:2, Insightful)
Now, remember: there are three prongs to government: the administration (Bush, your friend) is not the same as Congress, the lads who legislate. Bush's input to this is a simple yes or no. It's up to your representatives to decide what gets through to Bush. So it can't really be his fault.
Also, remember - he's there because you voted for him. (you plural, not necessarily you singular). You want him out? then let democracy do its job, or change the system.
The congressmen in question are still at the suggestive stage, not quite ready to decide what level of privacy to offer, so if you've chosen the right representative last time you voted (you DID vote, didn't you?), then your chosen representative will make the right choice for you. If not, you made the wrong choice. Or you are surrounded by people who made the wrong choice. Or gerrymandering has been in operation in your area (see last week's economist article on gerrymandering in the US [economist.com]). Or your representative is corrupt and takes money from lobbyists to give their way, in which case we're back to square one: choose the right representative.
All in all, Bush cannot be fully responsible for whether or not businesses can share your information. That's down to the ethics of the businesses, and the legislation of the representatives that the American people have said they want to run the country. You want privacy? then use democracy.
Re:This is clearly Bush's fault (Score:1)
You know, I thought it was pretty obvious I was being facetious.
Thanks for the civics lesson though. Oh... there I go being facetious again. Sorry.
Votes (Score:1)
Re:This is clearly Bush's fault (Score:1)
DAMN! I got modded down much quicker than I anticipated. I guess it's true - disagree with the vocal minority on slashdot and get modded down.
Re:CmdrTaco - US Flag Desecrator & Anti-Delewa (Score:1)
How about Delawenians? Or Delawarites?
(for more options, see the original _Taxi_ episode)
Hey flamebait! (Score:1, Offtopic)
Subscription what?
wars not make one great
Re:In the UK (Score:1)
Re:Taxation Without Representation (Score:2)
Re:Taxation Without Representation (Score:2)