Rep. Cliff Stearns (R-FL) introduced the Consumer Privacy Protection Act this week, a bill that according to his press release would:
· Require covered entities to notify consumers that their personally identifiable information as defined in the bill may be used for a purpose unrelated to the transaction.
· Require entities to notify consumers of any material change in their privacy policy. That sounds hopeful.
· Require covered entities to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer’s information and such policy be made easily available for consumers.· Require an entity to provide consumers the opportunity to preclude the sale or disclosure of their information to any organization that is not an information-sharing partner. Why not require them to opt-in to such sale or disclosure?
· Provide for a Federal Trade Commission (FTC) approved five-year self-regulatory program and prescribes requirements for a self-regulatory consumer dispute resolution process. Basically, this would give businesses another 5 years before they would really be held accountable.
· Require the FTC to presume that an entity is in compliance with this Act if it participates in an approved self-regulatory program. Yes, let’s assume the best of businesses, even if it winds up being at the expense of consumers.
· No private right of action. FAIL.
· Full state preemption. FAIL.
Any bill that pre-empts stronger state consumer protection laws is a non-starter as far as I’m concerned. Sadly, this bill just seems like more of the same failed or inadequate proposals that we’ve seen over recent years. When are we going to see a really strong consumer privacy bill?