Online Privacy Groups Call for Tougher House Bill

Center for Digital Democracy, Consumer Federation of American, others want mandated opt-in regime, broader definition of "sensitive info"
Author:
Publish date:

Online privacy groups, including the Center for Digital Democracy
(CDD) and Consumer Federation of America, have called on House
Subcommittee Chairman Rick Boucher (D-Va.) and ranking member Cliff
Stearns (D-Fla.) to toughen provisions in a proposed privacy bill.

Boucher
released a draft of the bill and sought comment from stakeholders on
it. The thrust of their comments was that the draft was a good start but
still needs work.

"Reps. Boucher and Stearns have launched an
important debate that must lead to real privacy safeguards for
consumers," said Jeff Chester, executive director of CDD. For their
part, the consumer advocacy groups called for "much stronger"
provisions, including expanding the definition of sensitive information
and mandating an opt-in regime for the data collection.

But they
also argue that the bill is too strong in preempting state and local
regulations on data use and
disclosure. "This is incredibly broad
and could block existing or new measures on the state level to limit the

use of certain types of information, such as Social Security
numbers, to notify consumers of data breaches, to protect health data,
and to extend other needed privacy protections to consumers," they say
in a letter to Boucher.

They also want the bill to include "fair
information practice" principles like not collecting more data than
necessary,
limiting how long it can be retained and the ability to access and
correct data.

The groups argue that the definition of sensitive
information should be expanded, for example to broaden the definition
beyond medical records to other health-related information -- say, a Web
surfer's search for information on cancer, which they argue could then
be used to make a decision about whether to employ or insure someone.

The bill as drafted would adopt a combination opt-in/opt-out system
for data collection, depending on the data being collected. It would
require Web users to opt in to collection of sensitive information
relating to
financial and medical records, sexual orientation,
"precise geographic locations, or social security numbers. It would also
mandate opt-in for sharing that information with unaffiliated third
parties, other than for an operational or transactional purpose.

CDD
and company say they understand having a carve-out from opt-in for
operational and transactional data, but say the definitions should be
narrowed and limits put on how long that data can be retained.

The
bill would allow the collection of other types of information about
individuals unless they affirmatively opt out, but it would require
companies that collect personally identifiable information to
conspicuously and clearly make that fact known.

Online privacy groups, including the Center for Digital Democracy (CDD) and Consumer Federation of America, have called on House Subcommittee Chairman Rick Boucher (D-Va.) and ranking member Cliff Stearns (D-Fla.) to toughen provisions in a proposed privacy bill.

Boucher released a draft of the bill and sought comment from stakeholders on it. The thrust of their comments was that the draft was a good start but still needs work.

"Reps. Boucher and Stearns have launched an important debate that must lead to real privacy safeguards for consumers," said Jeff Chester, executive director of CDD. For their part, the consumer advocacy groups called for "much stronger" provisions, including expanding the definition of sensitive information and mandating an opt-in regime for the data collection.

But they also argue that the bill is too strong in preempting state and local regulations on data use and
disclosure. "This is incredibly broad and could block existing or new measures on the state level to limit the
use of certain types of information, such as Social Security numbers, to notify consumers of data breaches, to protect health data, and to extend other needed privacy protections to consumers," they say in a letter to Boucher.

They also want the bill to include "fair information practice" principles like not collecting more data than
necessary, limiting how long it can be retained and the ability to access and correct data.

The groups argue that the definition of sensitive information should be expanded, for example to broaden the definition beyond medical records to other health-related information -- say, a Web surfer's search for information on cancer, which they argue could then be used to make a decision about whether to employ or insure someone.

The bill as drafted would adopt a combination opt-in/opt-out system for data collection, depending on the data being collected. It would require Web users to opt in to collection of sensitive information relating to
financial and medical records, sexual orientation, "precise geographic locations, or social security numbers. It would also mandate opt-in for sharing that information with unaffiliated third parties, other than for an operational or transactional purpose.

CDD and company say they understand having a carve-out from opt-in for operational and transactional data, but say the definitions should be narrowed and limits put on how long that data can be retained.

The bill would allow the collection of other types of information about individuals unless they affirmatively opt out, but it would require companies that collect personally identifiable information to conspicuously and clearly make that fact known.

Related