A new privacy bill from a California congresswoman adds fuel to the do-not-track fire. Along with the “Do Not Track Me Online Act of 2011,” introduced by Jackie Speier (pictured left), fellow Democrat Bobby Rush has reintroduced his own online privacy bill, which has gained the most traction thus far. The moves come as the Federal Trade Commission collects comments on its own report calling for a do-not-track mechanism aimed at protecting consumer data privacy.
Unlike Speier’s bill, introduced today, Rush’s bill does not include language specifically calling for a do-not-track mechanism. But both essentially call on the FTC to provide guidance and lead the establishment of an opt-out system giving consumers more control over who collects and stores their behavioral data and how it can be used.
The Speier bill calls for the FTC to establish regulations regarding collection and use of online behavioral and personal data. Like the Rush bill, it looks to the commission to determine standards for “an online opt-out mechanism” within 18 months of passage. The Speier bill does not require that the do-not-track style mechanism be browser-based, as the FTC itself has suggested.
“I do not oppose Do-Not-Track,” said Rush in a statement published today, who said his own bill calls for a “Do-Not-Track like” mechanism. Since the FTC officially announced its support for a do-not-track mechanism in December – long after Rush first introduced his bill in July 2009 – the phrase has found its way into the popular lexicon through a subsequent onslaught of mainstream news headlines. It comes as no surprise, therefore, that legislators have begun employing the term.
The Rush bill – re-introduced Thursday – goes into more detail than the Speier legislation. It differs in that it requires companies to obtain opt-in consent from consumers when sharing their data with third parties, making some exceptions. It also features a safe harbor from private legal action for companies in compliance with an industry self-regulatory program such as the one currently underway and led by the Digital Advertising Alliance.
The Speier bill does not mention private right of action or safe harbor for entities complying with self-regulation. Both bills give states the right to bring a civil action on behalf of residents against violators and wield a maximum civil penalty of $5 million. Speier’s bill has yet to be referred to committee.
As the FTC prepares to analyze comments regarding the potential impact of do-not-track, more bills are expected to be introduced. Rep. Cliff Stearns recently said he will revive the privacy bill draft he floated last year. Meanwhile, Rep. Ed Markey has announced his intention to propose a do-not-track legislation specifically to protect children’s privacy, and Senator John Kerry has indicated he will propose a bill relating to online privacy. The impending flood of privacy bills demonstrates momentum for comprehensive privacy legislation, but potentially muddies the waters of discussion leading to its passage.