Update: The Do Not Track Me Online Act died in discussions and was never enacted.
House Resolution 654 — The Do Not Track Me Online Act — introduced by California Congresswoman Jackie Speier on February 11, 2011, is the latest rallying cry in an ongoing war to establish national Internet privacy laws.
What Would The Do Not Track Me Online Act Change?
The proposed legislation, dubbed the Do Not Track Me Online Act, would make it mandatory for every company engaged in interstate commerce to disclose its data collection and data sharing procedures. (Government agencies would be exempt from this provision, as would any e-commerce site that stores information on fewer than 15,000 customers.) Additionally, the bill would give the Federal Trade Commission (FTC) eighteen months to develop a mechanism that would allow users to opt-out of data collection.
Americans Are Concerned With Online Privacy
Americans are concerned about online privacy: A Gallup/USA Today poll, taken just days before Speier introduced her bill, found that 70% of Facebook’s users and over 50% of Google’s users have concerns about whether these two services provide adequate privacy protections.
DNTM Opponents Fear Too Much Regulation
Plugins, which are implemented at the browser level, are the most efficient mechanisms for opting-out of behavioral data collection. Since this technology already exists, opponents argue, the proposed law would only amount to unnecessary regulatory burdens on the e-commerce industry.
Provisions of Do Not Track Me Online Act
Section 1 establishes the FTC as the responsible enforcement agency.
Section 2 of the proposed legislation outlines required adherents, as well the exceptions. Additionally, Section 2 defines “sensitive information” and lists the data types covered by the proposed legislation.
Any person or company engaged in interstate commerce that stores or collects online data would be required to follow the rules enumerated in the Do Not Track Me Online Act, except:
- Federal and state governments, and their agencies;
- Entities that store information about fewer than 15,000 individuals;
- Entities that collect information about fewer than 10,000 individuals in a 12 month period; and
- Entities that do not collect online information or do not use it for behavioral analysis.
Online information covered by the legislation includes:
- Personally identifiable information such as names, telephone numbers, email addresses, and government-issued identifiers (e.g. drivers license numbers);
- Unique Internet identifiers, such as customer numbers and IP addresses;
- An individual’s online activity, including websites and types of content accessed;
- Methods by which content is accessed, including device, browser, and application; and
- Financially sensitive information, such as credit card numbers, security codes and account numbers.
Information, which pertains to an individual’s employment, that is collected by an employer, is exempt from these provisions.
Section 2 also gives the FTC the right to modify the definition of “sensitive information” at any time.
Section 3 mandates that companies covered by the legislation disclose both their data collection policies, in addition to the names of companies or other entities with which they share data. However, the FTC has the power to exempt companies from this provision as it sees fit.
Section 3 also requires the FTC to establish standards for a mechanism that will allow consumers to opt out of data collection.
Section 4 cements the FTC’s role as the nation’s Internet watchdog, putting the agency in charge of formulating regulations that will carry out the proposed legislation’s provisions, monitoring risks to consumers — as well as assessing their understanding of those risks — and enforcing compliance standards.
Section 5 makes violation of the proposed law grounds for a cause of action, allowing state attorneys general, as well as the FTC, to bring charges.
Criticisms of Do Not Track Me Online Act
Technological Solutions Already Allow Customers To Opt-Out
Some businesses have already developed browser plug-ins that allow online users to block data tracking, thereby rendering the proposed legislation unnecessary.
The proposed law suggests that individuals can opt-out of having their IP address tracked, which, theoretically, makes things easier for spammers and people looking to commit online copyright crimes.
Government agencies are exempt from the Do Not Track Me Online Act, which raises the unsettling specter of Big Brother.
The FTC Is Responsible For Both Enforcement and Exemption
H.R. 654 essentially gives the FTC carte blanche for interpreting the proposed law, and rewrite it, which raises concerns about the proposed legislation’s constitutionality: Is Congress allowed to delegate authority to federal agencies in this manner?
The Future of Do Not Track Me Online Act
Despite criticism, H.R. 654 may pass. The bill has drawn key support from a number of advocacy groups, including the American Civil Liberties Union, US Public Interest Research Group, the Consumer Federation of America, World Privacy Forum, and the Center for Digital Democracy.
H.R. 654’s catchphrase “Do Not Track” evokes the wildly popular “Do Not Call” registry for telemarketers – “the most popular federal government program since the Elvis stamp,” as FTC Commissioner Julie Brill put it recently.
In times like these, when so many issues are polarizing legislators, the need for online privacy is one of those rare things upon which both Republicans and Democrats can agree.