Online companies must be more transparent about how they share user data and must give consumers more control over that data, says a new bill introduced by Sens. John Kerry (D) of Massachusetts and John McCain (R) of Arizona on Tuesday.
If passed, the legislation could have big implications for both the $25 billion-a-year digital advertising industry and online privacy advocates.
“Americans have a right to decide how their information is collected, used, and distributed,” said Mr. Kerry in a statement he and Mr. McCain released Tuesday.
The bill, known as the Commercial Privacy Bill of Rights Act of 2011, would require notification of users before any data is collected, and give them the chance to opt-out of data collection. To the disappointment of some privacy advocates, there would be no single opt-out list like the National Do Not Call Registry. Rather, privacy-conscious consumers would need to opt-out of each app and website individually.
“It isn’t doing much to stop the rampant collection of data,” says Rainey Reitman of the Electronic Frontier Foundation, a group that advocates for online privacy. “But this could provide some meaningful controls for users.”
While eBay, Microsoft, and several consumer advocacy groups have praised the bill, the Direct Marketing Association challenged the need for it. Linda Woolley, a DMA vice president, says her organization "is wary of any legislation that upsets the information economy without a showing of actual harm to consumers.”
But Ms. Reitman says the goal of privacy advocates – giving users control over their information – does not necessarily clash with the desire of marketing agencies to advertise more effectively.
“There’s sort of a knee-jerk response to privacy that says it’s bad for industry,” she says. “A lot of the positions in the privacy world could be beneficial to the ad agencies.”
One provision she points to in the new legislation would give users the right to access and change the data companies are storing. This feature would be good for both advertisers and consumers, says Reitman, giving companies more up-to-date information.
“If you used to live in a snowy area, and now live in Florida, you may no longer be as interested in skiing as you used to be,” says Reitman.
Likewise, consumers could keep third parties from rifling through data they want kept private, such as medical conditions.
So what about Facebook, whose privacy policies have been scrutinized in the past year? The bill explicitly states it will target companies that take information solely for the purpose of advertising, and will be more lenient towards companies that have “existing relationships with customers.” Analysts say this could signal a hands-off approach for the social networking company. A Facebook spokesman told The Wall Street Journal he was happy about that part of the bill.
“The bill does not allow for the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing,” McCain said in the joint statement with Kerry. “It is this practice that American consumers reject as an unreasonable invasion of privacy.”
On the heels of a major personal-information leak last week, the bill would also require companies to secure the data they gather online.