TOP STORIES: PRIVACY DEBATE HEATS UP

Rep. Boucher Circulates Much Awaited Draft Privacy Bill In May 2009, House Internet Subcommittee Chairman Rick Boucher (D-VA) indicated he was drafting privacy legislation and this week he finally released a draft bill. The bill requires that online and offline entities collecting consumer information must have a clear and conspicuous privacy policy that includes:   (1) their identity; (2) a description of information collected; (3) how the information is collected; (4) the purposes for the collection and use of information; (5) how the information is stored; (6) how the information may be merged, linked or combined with other date; (7) how long the information is retained; (8) how the information is disposed of or rendered anonymous; (9) purposes for which information may be disclosed and categories of unaffiliated parties who may receive such information; (10) consumers’ choice as to use of data; (11i) how consumers may access date; (12) contact information for complaints/inquiries; (13) how consumers are notified of changes; (14)a link to the FTC’s consumer complaint form or toll free number; and (15) the policy’s effective date   As outlined in the chart below, the bill also requires opt-in consent for the collection of sensitive information or sharing personally identifiable information with third parties (subject to operational and transactional exceptions). Under the Ad Network exception, an opt-out standard is applied where there the collecting site has a symbol or seal for the ad network which the consumer can click through to review the ad network’s policies and practices and opt-out. Any sharing by the Ad Network would need to be on an opt-in basis.   CLICK TO ENLARGE   The bill has received a mixed reception. It has been criticized by both consumer groups who do not think it goes far enough and the Direct Marketing Association which claims the draft “would threaten the most basic of direct marketing practices.” Mike Zaneis, VP for Public Policy for the Interactive Advertising Bureau, thought that the ad network provisions were “very positive” but felt some aspects of the bill were “overly broad”; while the Center for Democracy and Technology and Facebook hailed the draft as an important first step.   More info: Draft bill, Executive Summary

Privacy Push on Pennsylvania Avenue The Obama administration’s intent to push for new privacy regulation was evident last week when Commerce Secretary Gary Locke launched a Privacy and Innovation Symposium by explaining that the Internet is no longer in start-up mode and that it’s important to “develop a new privacy framework that ensures consumer privacy while ensuring the nation’s prosperity.” Locke added that his Department “has made it a top priority to ensure that the Internet remains open for innovation while promoting an environment respectful of individual privacy expectations.” Similarly, in responding to complaints on Capitol Hill over the privacy practices of Facebook and Google (see below), the FTC agreed that social networking sites raise significant privacy concerns. The FTC added that they were examining how social networks collect and share data as part of a project to develop a comprehensive framework governing privacy going forward. “Our plan is to develop a framework that social networks and others will use to guide their data collection, use and sharing practices.” The FTC, which earlier circulated requests for comment on whether its rules under the Children’s Online Privacy Protection Act (COPPA) needed to be updated, has announced a June 2nd workshop on the issue, after Senate Commerce Committee Chairman Jay Rockefeller warned that Congress would act if the FTC failed to address the issue. Rockefeller stressed that “the whole world has changed” since COPPA was enacted in 1998 and needs to be updated to cover current technologies and business practices. In addition, the FTC, along with financial regulators, released a privacy policy generator for complying with the obligations of the Gramm-Leach-Bliley Act. More info: Online Form Builder; Privacy Experts Urge U.S. to Engage in Global Debate, but Get Own House in Order, Broadband Breakfast.com; Senators: Net Privacy Law For Children In Need Of Overhaul, Ars Technica; FTC Says It Is Creating Internet Privacy Framework Amid Growing Concerns, Washington Post.   Visa Requires Active Consent for Post Transaction Offers, Legislation Possible After last year’s scathing report by Senate Commerce Committee characterizing post-transaction offers by groups such as Webloyalty as “highly aggressive sales tactics to charge millions of American consumers for services the consumers do not want and do not understand they have purchased,” Visa has announced that it will no longer permit the transfer of consumer credit data for such offers. Consumers must now reenter their card information to accept the offer. Senator Commerce Committee Rockefeller was pleased by Visa’s action but still believed that “legislation is needed to ban this deceptive practice once and for all.” More info: Visa Bars Third-Party Data-Pass Tactics, National Journal; Senate Commerce Committee report