McCain-Kerry Bill Doesn't Mean the End of Do-Not-Track

Lora Bentley
Slide Show

Top 10 Privacy Issues for 2011

Social media and location-based technologies top the list of concerns.

Days after Sens. John McCain (R-Ariz.) and John Kerry (D-Mass.) introduced the Commercial Privacy Bill of Rights Act of 2011, I had a chance to speak with Reed Smith privacy and data security attorney Amy Mushahwar to get the details on what the bill includes, what it does not include and what it will mean for state privacy legislation.


According to a client alert, among other things, the proposed legislation would require covered entities to provide their customers with "clear, concise and timely notice" of the entity's privacy policies and practices regarding the collection, use and distribution of personally identifiable information, as well as the reasons behind those practices. They must also allow customers a choice regarding how or even if their data is collected, used, stored or distributed according to the stated practices.


The bill also contemplates including unique identifiers like IP addresses within the definition of protected information, Mushahwar told me. Though the concept is not new-it has appeared before in FTC staff guidance, she said-the McCain-Kerry bill is the first piece of legislation that, if passed, would classify IP addresses as protected.


Mushahwar pointed out that the bill does not include specific authorization for a do-not-track mechanism, but that doesn't mean do-not track is dead in the water. She explained:

It's a sexy topic, and it's something that is tangible for consumers given the success of do-not-call. On top of that, a Democratic legislator in California just introduced a do-not-track law for the state.

And because websites are 24/7 endeavors that operate on a global scale, state privacy laws like the proposal in California can become mandates that are like national laws simply because everyone has to make their websites comply with those laws. Mushahwar said:

Most website operators do not have the ability to screen out California (or any other state's residents for that matter), so compliance with privacy laws in all 50 states, to the extent feasible, is the standard.

Of course, if the McCain-Kerry bill passes, it could look quite different than the proposals that are currently before Congress. But these are the things companies that would be subject to the new law need to be contemplating in the meantime.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.