January 9, 2001

Legislative Activity

Date: January 9, 2001

To: AAF Members

From: Jeff Perlman
Clark Rector
Jennifer Akridge

Re: Privacy

As we prepare for the new session of Congress, one issue, which we believe will generate a substantial amount of early attention - and possible legislative action - is consumer privacy. There are two primary reasons for this belief.

First, Senator John McCain (R-AZ), chairman of the Commerce Committee, conducted hearings on the issue toward the end of the last session and promised to revisit the issue shortly after the first of the year. Representative Billy Tauzin (R-LA), the incoming chairman of the House Commerce Committee has stated that privacy will be high on his agenda as well. Second, privacy is one of the few issues where many Republicans and Democrats are in substantial agreement about the need for legislation. With control of the House and Senate so closely divided, privacy legislation may benefit from the "bipartisan spirit" and receive an early hearing.

We need your input on what role AAF should play, and what our position should be. Historically, AAF and most of the industry (including the Online Privacy Alliance (OPA), of which AAF is a founding member) has taken the position that privacy issues should be addressed through self-regulation and have resisted taking a position on specific legislation. Of course, this non-position has been, in effect. opposition to most legislation.

Some industry members have already come out in favor of legislation, some favor adopting baseline standards for privacy, others would support more comprehensive laws.

The OPA has adopted a new approach whereby it will become more engaged with lawmakers and provide comment and analysis on specific proposals, while not taking a position on individual pieces of legislation. Such a position my not be viable as a long-term strategy. Lawmakers are likely to take any negative or positive statements about a bill as an indication of support or opposition.

AAF supports four principles for online privacy policies. First, the policy should be easy to find and understand. Second, the consumer must be given a choice as to how his or her information is used. Traditionally, AAF has supported an opt-out requirement allowing a consumer not to participate, rather than opt-in, whereby a consumer must make an affirmative choice to participate. Third, companies must make a reasonable effort to insure that any information collected about consumers remains secure from misuse. Finally, consumers should have some degree of access to insure that information is accurate.

We need your input on questions such as:

  • Should the AAF be prepared to support legislation, and if so, what are the parameters for proposals we can endorse?
  • Should the AAF be involved in narrow privacy issues such as medical and financial privacy, or limit our activity to broad privacy issues?
  • Should the AAF draw a distinction between online and off-line privacy?

Attached for your information is a summary of some of the major proposals introduced in the last session of Congress. We anticipate many will be reintroduced in the upcoming session.

Please let us know your views on these questions and the degree of importance your company places on privacy issues.

HR 3321
Electronic Privacy Bill of Rights Act of 1999
A bill to prevent unfair and deceptive practices in the collection and use of personal information, and for other purposes.

The bill obligated the FTC to set rules that would have required Web service providers to disclose the types of information collected and disseminated and to provide their customers the ability to grant or deny the provider access to their personal information. The type of consumer option to be made available by the Web site for granting or withholding permission for collecting personal information, "opt-in" or "opt-out" was not stipulated.

Exemptions from the above mentioned guides were information needed to secure the Web site, to take precaution against liability, to cooperate with legal proceedings and to encourage law enforcement. Violations were punishable under the Federal Trade Commission Act.

Complete adherence to industry self-regulation guidelines would fulfill the above requirements.

November 24, 1999-Referred to the Subcommittee on Department Operations, Nutrition and Forestry.

Sponsored by Representative Edward Markey (D-MA).

HR 3560/S 809
Online Privacy Protection Act of 2000/Online Privacy Protection Act of 1999
A bill to require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes.

The Online Privacy Protection Act would have extended protection to adults like that extended to children under the COPPA legislation. The legislation would have required a service provider give the consumer notice of its privacy policy and give an individual the opportunity to "opt-out" from giving their personal information on a Web site. Requirements included a copy of the customer's collected personal information be sent to the customer by the Web site operator. The operator must provide information security services to protect their customer's confidentiality.

The bill would have preempted state laws but allowed state attorneys general to file suit on a citizen's behalf.

February 4, 2000-Referred to the Subcommittee on Telecommunications, Trade and Consumer Protection of the House Commerce Committee. Hearings in the Senate were held by the Committee on Commerce, Science and Transportation.

The 1999 version was sponsored in the Senate by Senator Conrad Burns (R-MT) and Co-sponsored by Senators Kohl (D-WI) and Ron Wyden (D-OR). Sponsored in the House by Rep. Rodney Frelinghuysen (R-NJ) and co-sponsored by Rep. William Goodling (R-PA), Rep. Major Owens (D-NY), Rep. Rush Holt (D-NJ) and Rep. Ted Strickland (D-OH).

Opposed were Senators John McCain (R-AZ) and John Kerry (D-MA) as well as the Commerce Department and the Online Privacy Alliance (OPA).

HR 4049
Privacy Commission Act
A bill to establish the Commission for the Comprehensive Study of Privacy Protection.

This bill establishes the Commission for the Comprehensive Study of Privacy. The Commission's purpose is to study and to report to Congress and the President about individual privacy protection and issues related to allowing use of private information for business pursuits. The Commission is required to have four hearings in each of the geographical regions. Appropriations are authorized.

October 2, 2000- Failed to pass on the House Consent Calendar by the needed 2/3 vote but did garner a majority vote. Companion legislation was introduced in the Senate.

The bill enjoyed bipartisan House support. Sponsored by Representative Asa Hutchinson (R-AR). Co-sponsored by: Representatives Thomas Barrett (D-WI), Brian Bilbray (R-CA), Tom Campbell (D-CA), Randy "Duke" Cunningham (R-CA), Tom Davis (R-VA), Calvin Dooley (D-CA), Phil English (R-PA), Mark Green (R-TX), Johnny Isakson (GA), Jerry Kleczka (D-WI), Frank Lucas (R-OK), John Murtha (D-PA), Deborah Pryce (R-OH), Bob Riley (R-AL), Marge Roukema (R-NJ), John Shimkus (R-IL), John Thune (R-SD), Judy Biggert (R-IL), Kevin Brady (R-TX), Tom Coburn (R-OK), Jim Davis (D-FL), Jay Dickey (R-AR), John Duncan (R-TN), Kay Granger (R-TX), JimGreenwood (R-PA), Sue Kelly (R-NY), Jim Kolbe (R-AZ), Jerry Moran (D-VA), Joseph Pitts (R-PA), Thomas Reynolds (R-NY), Lynn Rivers (D-MI), Paul Ryan (R-WI), John Sununu (R-NH), Jim Turner (D-TX), Anthony Weiner (D-NY).

The Clinton Administration and Representative John Dingell (D-MI) opposed the bill.

The Healthcare Leadership Council (HLC) has expressed support for the bill.

HR 4059
Online Privacy and Disclosure Act of 2000
A bill to establish a system for businesses engaged in electronic commerce to adopt, and certify their compliance with, internationally recognized principles concerning the collection, use and dissemination of personal information, and for other purposes.

Allowed service Web sites that adhere to specific FCC privacy regulations to display an official seal of compliance. The seal was to certify that the participant collects personal information for interstate commerce and has obtained the information legally and with the knowledge of the subject. The seal was to ensure that data is accurate and current, disclosed to the subject and used only for the stated purpose and not distributed to others without the subject's express consent. Finally, the seal would have guaranteed the subject has access to their information and to the identity of the data controller.

The FCC was authorized to set the rules for adoption of the seal. The seal standards were to be enforced by the FCC.

March 30, 2000-Referred to the Subcommittee on Telecommunications, Trade and Consumer Protection.

Sponsored by Representative Tom Campbell (R-CA, 15).

HR 5300
Wireless Telephone Spam Protection Act
A bill to amend section 227 of the Communications Act of 1934 to prohibit the use of the text, graphic, or image messaging systems of wireless telephone systems to transmit unsolicited commercial messages.

An Amendment to the 1934 Communications Act that would make it unlawful for any unsolicited advertisements to be sent through a covered mobile telephone messaging system.

October 20, 2000- Referred to the Subcommittee on Telecommunications, Trade and Consumer Protection.

Sponsored by Representative Rush Holt (D-NJ).

S 2554
"Amy Boyer's Law"
A bill to amend Title XI of the Social Security Act to prohibit the display of an individual's social security number for commercial purposes without the consent of the individual.

This bill amended the Social Security Act to prohibit or limit the display and/or use of a person's social security number without their expressed consent. The amendment prohibited acquiring a social security number with illegal intent and required that the individual is notified for what purposes their number will be used and to whom that number will be made available.

Nothing in the amendment restricted using social security numbers as required by federal law for federal documents, for retrieving information without displaying the number, for law enforcement and background checks or for any legal purpose when attained from a public record through a governmental agency.

The amendment allowed individuals aggrieved by the law's violation to recover damages through civil actions in district courts. It set a three-year limit for taking action after the violation is discovered.

December 15, 2000-Law removed from the Commerce-Justice-State Appropriations Bill.

Amy Boyer's law is supported by Republicans. Opposed by President Clinton, the ACLU and the US Public Interest Research Group (USPIRG).

S 2606
Telecommunications and Electronic Commerce Privacy Act
A bill to protect the privacy of American consumers.

The Telecommunications and Electronic Commerce Privacy Act required Web sites to post notices that personal information may be collected and provide "opt-in" mechanisms in order to collect and disclose personal information. This bill required the service provider identify themselves and any third parties that might have access to user information, how the information will be used and for what purpose. Further, Web sites would have been required to provide users the option of altering or deleting their personal information available to others from the site and give users prompt notice of any security breaches.

The Act preempted state laws except for state tort and common laws or any laws prohibiting fraud. The Act extends beyond the Internet to include video rental, book and music sales.

FTC rulemaking wass required to implement the Act's provisions.

October 3, 2000- Hearing held by Committee on Commerce, Science and Transportation.

Sponsored by Senator Ernest Hollings (D-SC). Co-sponsored by Senators John Breaux (D-LA), Robert Byrd (D-WV), Richard Durbin (D-IL), Russell Feingold (D-WI), Robert Kerrey (D-NB), Richard Bryan (D-NV), Max Cleland (D-GA), John Edwards (D-NC), Daniel Inouye (D-HI) and John Rockefeller IV (D-WV).

S 2928
Consumer Internet Privacy Enhancement Act
A bill to protect the privacy of consumers who use the Internet.

The Consumer Internet Privacy Enhancement Act required Web sites to provide clear and easily understood information on their information-collecting practices and methods of disclosure. This included the identity of the service provider and any third parties with access to the user's personal information. The Act further required a list be made available of the types of information that the Web site collects and how that information might be used.

The Act required an obvious "opt-out" mechanism be available on all Web sites. Sites without "opt-out" mechanisms would be prohibited from collecting personal information from users except as required by law.Web sites would be required to state whether personal information is required for use of the site and state the consequences of not releasing personal information by the user.

A Safe Harbor provision does not hold sites adhering to self-regulation procedures as provided by seal programs or online industry representatives in violation of the Act.

July 26, 2000-Referred to Committee on Commerce, Science and Transportation.

This legislation is the likely starting point for legislative privacy efforts in 2001.

Senators John McCain (R-AZ), Barbara Boxer (D-CA), J. Robert Kerrey (D-NB) and Spencer Abraham (R-MI) sponsored the Act.

The Better Business Bureau and the industry in general, support self regulation over government regulation of ecommerce.

S 854
Electronic Rights for the 21st Century
A bill to protect the privacy and constitutional rights of Americans, to establish standards and procedures regarding law enforcement access to location information, decryption assistance for encrypted communications and stored electronic information and other private information, to affirm the rights of Americans to use and sell encryption products as a tool for protecting their online privacy, and for other purposes.

The Electronic Rights bill allows disclosure of personal information only to a federal entity as required by law. The bill also requires mobile service providers to release personal information to federal authorities with court orders that the equipment has or is about to be used to commit a felony. Consumers may allow disclosure of their personal information to federal authorities without such conditions.

The bill allows the courts to authorize the use of traps and tracking devices on computers and mobile communication outlets only in cases that are likely to produce evidence for an ongoing criminal investigation and such devices are to be designed in a way that reduces the amount of personal information collected that does not apply to the investigation.

Limited circumstances are stipulated for online service providers to disclose subscriber's personal information. The bill also requires the Attorney General to report annually to Congress the number of incidents concerning government requests for personal user information from online providers.

The bill prohibits the disclosure of a user's location to any source except a federal or emergency entity without the express consent of the user.

Encryption technology is authorized for use, sale and export in the U.S. and all countries except the seven "terrorist" nations.

The bill amends the 1934 Telecommunications Act to include book, music and video outlets and prohibits them from releasing personal information except to those with the consumer's express consent to receive such information. Satellite television providers are also required to notify consumers of the types of personal information that may be collected from system use and how that information will be used and disseminated. The bill requires satellite subscribers have full access to their information that has been collected.

April 21, 1999-Read twice and referred to the Committee on Judiciary.

Sponsored by Senator Patrick Leahy (D-VT) and co-sponsored by Senator John Breaux (D-LA).