New US privacy bill aims to protect sensitive data

A prominent U.S. senator on Thursday introduced a bill designed to safeguard Internet users’ privacy while still allowing online businesses to collect personal information by breaking data down into sensitive and non-sensitive categories.

Senator Fritz Hollings, a Democrat from South Carolina and chairman of the Senate Commerce, Science, and Transportation Committee, introduced the Online Personal Privacy Act (S-2201). The bill builds on an earlier version crafted by the senator in 2000 to align U.S. privacy policy with some of the norms adopted by the European Union (EU) governing online companies’ ability to collect personal information. This measure aims to create a national online privacy policy that would preempt individual state regulations.

New privacy legislation is needed to help draw more consumers online, Hollings said, since many Americans are still hesitant to take full advantage of the Internet because they fear their personal information will be exploited. “Fears about privacy have had palpable effects on the willingness of consumers to embrace the full potential of the Internet and e-commerce,” Hollings said in a statement accompanying the bill’s introduction. “Privacy fears are stifling the development and expansion of the Internet as an engine of economic growth.”

Fear of online privacy violations has led users to offer up false information about themselves, therefore “blocking the Internet and its wide range of services from reaching its full potential,” Hollings added. This new bill aims to allay privacy fears while providing online businesses with user-accepted ways to collect useful information, he said.

The new bill takes a cue from E.U. legislation that divides personal information into two categories. Sensitive data relates to a user’s financial and health information, ethnicity, political and religious affiliation, sexual orientation, and social security number. The measure states that online companies must obtain consumer’s clear consent – or have them “opt in” – before sensitive information is collected.

All other data that could be collected online – ranging from a Web site visitor’s address to preferences in purchasing books – would be considered non-sensitive information and would not require advance permission from the user to be collected.

However, an online merchant would have to provide users with an “opt out” option if they did not want this information collected, Hollings said. The bill would require that the opt-out option be accompanied by a “robust notice” displayed at the point that information is collected to inform the user of how nonsensitive data may be used by the online establishment.

In addition, online merchants would have to post “clear and conspicuous” notices detailing their policies for handling personal information, regardless of which category of data they plan to collect, Hollings said. Only information collected after the bill is enacted would be subject to its rules.

Online consumers would also be given the right to find out what information a Web site has collected about them, similar to consumers’ rights to detailed descriptions of their credit history. The bill recognizes the burden and expense this can put on online merchants, Hollings said, and would allow those companies to charge users “a reasonable fee” for copies of their data collection records.

The bill would also place a security responsibility on Internet retailers that requires them to protect the user information they’ve collected, and allows for user redress by granting consumers whose sensitive information was shared without their consent to seek damages in federal court.

The U.S. Federal Trade Commission (FTC), which already handles many privacy issues, would enforce Hollings’ bill and would issue periodic reports on the measure’s efficacy and whether additional steps to protect privacy should be taken. Both the FTC and the states’ attorneys general would be empowered to take action against violators of the bill, Hollings said.

The Senate Commerce, Science, and Transportation Committee plans to hold a hearing on Hollings’ privacy bill Thursday.