Representative Jackie Speier has introduced H.R. 654, the ‘‘Do Not Track Me Online Act.’’ The bill would direct the Federal Trade Commission (FTC) to develop regulations that require covered entities to be more transparent about data collection and use and to develop and respect consumer’s choices to opt-out of the collection and storage of certain types of information.
The bill would cover a person engaged in interstate commerce that collects or stores online data containing covered information, but would exclude federal and state government sites or agencies and any individual who can demonstrate that they: (1) store covered information for 15,000 or fewer individuals, (2) collect covered information from 10,000 or fewer individuals during any 1-year period, (3) do not collect or store sensitive information, and (4) do not used covered information to study, monitor, or analyze the behavior of individuals as the person’s primary business.
“Covered information” is defined in the bill as
(i) The online activity of the individual, including—
(I) the web sites and content from such web sites accessed;
(II) the date and hour of online access;
(III) the computer and geolocation from which online information was accessed; and
(IV) the means by which online information was accessed, such as a device, browser, or application.(ii) Any unique or substantially unique identifier, such as a customer number or Internet protocol address.
(iii) Personal information such as—(I) the name;
(II) a postal address or other location;
(III) an email address or other user name;
(IV) a telephone or fax number;
(V) a government-issued identification number, such as a tax identification number, a passport number, or a driver’s license number; or
(VI) a financial account number, or credit card or debit card number, or any required security code, access code, or password that is necessary to permit access to an individual’s financial account.
“Sensitive information” is defined as
(i) any information that is associated with covered information of an individual and relates directly to that individual’s—(I) medical history, physical or mental health, or the provision of health care to the individual;
(II) race or ethnicity;
(III) religious beliefs and affiliation;
(IV) sexual orientation or sexual behavior;
(V) income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account; or
(VI) precise geolocation information and any information about the individual’s activities and relationships associated with such geolocation; or(ii) an individual’s—
(I) unique biometric data, including a fingerprint or retina scan; or
(II) Social Security number
The bill would not create any private cause of action so that a consumer could sue for violation of the law should it be enacted and regulations promulgated. It also relies on opt-out of tracking as opposed to opt-in for being tracked.
I look forward to reading others’ analyses of this bill. My own first impression is that it’s an admirable attempt to regulate a problem that has failed to be sufficiently and adequately addressed by industry attempts at self-regulation.