Skip to main content

Privacy 'bill of rights' would regulate opt-in, opt-out

John D. Sutter
U.S. Sens. John Kerry, left, and John McCain introduced a measure that would create a "privacy bill of rights."
U.S. Sens. John Kerry, left, and John McCain introduced a measure that would create a "privacy bill of rights."
  • U.S. senators introduce bipartisan legislation that would create a "privacy bill of rights"
  • Consumer groups say the bill doesn't do enough to protect people from marketers
  • Microsoft and other tech companies support the legislation
  • Marketing groups say the bill, proposed by John McCain and John Kerry, is unfairly harsh

(CNN) -- The federal government wants to get into the opt-in, opt-out business.

U.S. Sens. John McCain, R-Arizona, and John Kerry, D-Massachusetts, on Tuesday introduced a bill that would create a "Commercial Privacy Bill of Rights." Sounds lofty, but the crux of this legislation is the simple idea that consumers should be able to control who has their personal information and what they're doing with it.

In short, they should be able to "opt in" to services they don't find threatening and "opt out" of those that could compromise their data.

"Americans have a right to decide how their information is collected, used, and distributed and businesses deserve the certainty that comes with clear guidelines," Kerry says in a joint statement.

"Our bill makes fair information practices the rules of the road, gives Americans the assurance that their personal information is secure, and allows our information driven economy to continue to thrive in today's global market."

The bill would require companies, including websites like Facebook, Google and the like, to inform internet users in clear language about the data they're collecting and their motivations.

In certain cases, companies would be required to create an "opt-in" for data collection, meaning internet users would have to click something to allow the data collection to start. Currently, many companies collect or distribute data about users without explicit consent.

The bipartisan bill, with a few exemptions, would require companies to use the opt-in setup when they're dealing with the "collection, use, or transfer of sensitive personally identifiable information."

In less-sensitive instances, the bill requires "a robust, clear, and conspicuous mechanism for opt-out consent for the use by third parties of the individuals' covered information for behavioral advertising or marketing."

It's unclear how companies would accomplish this, exactly, since the bill doesn't prescribe any particular technological solution, but its authors say the current era of corporate self-policing has jeopardized consumer data.

Opinions about the legislation are all over the place.

Some big tech companies -- including Microsoft, Intel, HP and eBay -- support the bill.

The Direct Marketing Association released a statement in opposition, saying it is "wary of any legislation that upsets the information economy without a showing of actual harm to consumers."

Conversely, the Center for Digital Democracy, a online consumer protection group, says the bill "needs to be significantly strengthened if it is to effectively protect consumer privacy rights in today's digital marketplace."

Among other things, those groups want the government to support an online "do not track" list, similar to one used to prevent telemarketing. Another concern, they say, is that the bill would prohibit states from enacting stronger consumer protections.


Most popular Tech stories right now