Two privacy bills are already up for consideration. And at yesterday’s Senate Commerce hearing on Consumer Online Privacy, we heard Senator Kerry announce that he will be working on new legislation to regulate online privacy.
While we wait to see what Kerry will offer, NetChoice has concerns over the bills we do know about: Rep. Rush’s “Best Practices Act” and the Boucher/Stearns Discussion Draft. We’ve created a side-by-side comparison of each and have four main concerns:
- Both proposals would regulate small websites that don’t even collect PII. Boucher-Stearns would regulate a tiny online startup that is adding just 100 users a week, even where its users provide only a made-up user name and password. As defined, “covered information” would overly restrict the flow of useful information and harm the development of ad-supported content and services.
- Safe harbor? Hardly! A company could be torpedoed with lawsuits from enterprising trial lawyers just for sending marketing emails that were later found to be outside of the safe harbor, up to $1,000 per violation and uncapped punitive damages.
- Marketing and advertising have legitimate operational purposes. Additional consent should not be required when a business uses covered information to do follow-up marketing to customers with whom it has already established a business relationship. Congress has recognized this consumer expectation in past legislation, which is why it built important exceptions in the CAN-SPAM Act for “relationship messages” to contact customers in an existing business relationship.
- The FTC should enforce laws against unfair or deceptive practices, not micromanage self-regulatory efforts. As the overseer of the safe harbor program, the FTC will have broad powers to dictate the details of self-regulatory programs, effectively transforming the FTC into the port authority of the Internet.
We’re also worried about the Rush bill mandate requiring access to information. It broadly applies to covered or sensitive information about individuals “that may be used for purposes that could result in an adverse decision about an individual….”
More analysis to come.