Sen. Ernest Hollings (D.-S.C.) introduced legislation Thursday aimed at beefing up online privacy for consumers that would require online businesses to get user permission to disclose certain information. The bill calls for users to “opt-in” before allowing sites to share with third parties sensitive information such as political or religious beliefs, credit card information or sexual orientation.
Less sensitive information, such as buying preferences, could be shared with third parties unless the user specifically asked (opt-out) the site not to disclose the information. The legislation gives consumers the right to sue an online business for up to $5,000 per count if sensitive data was misused.
Hollings said the bill would supercede any state privacy measures, even if the state law was stricter.
In a prepared statement, Hollings said the bill would spur Internet commerce by giving consumers the confidence to shop online without fears their credit card information would be shared with unwanted parties.
Harris N. Miller, president of the Information Technology Association of America (ITAA), said the bill would accomplish exactly the opposite, undermining undermine the ability of online consumers to enforce their own privacy preferences with technological tools. He also said the legislation would set a separate and unequal standard for online businesses, and give hackers and cyber crooks a “rich target of opportunity” through “risky requirements” for access to sensitive personal information.
“Without question one of the most important challenges facing the Internet industry is assuring consumers that their privacy expectations are met. That is a challenge best left to technology and competitive market forces,” said Miller. “The Hollings bill is a static solution to a problem that is constantly changing. Such an approach might work if good guys and bad guys all agreed to play by the same privacy and security rules and the technology itself never changed. None of these things will ever happen. Instead, this bill would force online businesses to operate with rules different from their brick and mortar counterparts and, in the process, creates the best kind of target to shoot at: one that stands still.”
Miller said the new legislation does not improve privacy or empower consumers, and it fails to be technology neutral, thereby creating barriers to innovation.
“ITAA is especially concerned that the bill may inadvertently give consumers fewer choices and, as technology changes, less privacy. While completely contrary to the intent of their sponsors, these regulatory approaches could undermine the consumer interest by clinging to technologically obsolete formulas, rather than incorporating the beneficial attributes of Internet communications,” Miller said.