Most commented sections:

• Paragraph 23 (2 comments)
• Paragraph 21 (2 comments)
• Paragraph 81 (2 comments)

HR 654 IHCommentsClose CommentsPermalink

112th CONGRESSCommentsClose CommentsPermalink

1st SessionCommentsClose CommentsPermalink

H. R. 654CommentsClose CommentsPermalink

To direct the Federal Trade Commission to prescribe regulations regarding the collection and use of information obtained by tracking the Internet activity of an individual, and for other purposes.CommentsClose CommentsPermalink

IN THE HOUSE OF REPRESENTATIVESCommentsClose CommentsPermalink

February 11, 2011CommentsClose CommentsPermalink

Ms. SPEIER (for herself, Mr. HASTINGS of Florida, and Mr. FILNER) introduced the following bill; which was referred to the Committee on Energy and CommerceCommentsClose CommentsPermalink

A BILLCommentsClose CommentsPermalink

To direct the Federal Trade Commission to prescribe regulations regarding the collection and use of information obtained by tracking the Internet activity of an individual, and for other purposes.CommentsClose CommentsPermalink

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,CommentsClose CommentsPermalink

SECTION 1. SHORT TITLE.

This Act may be cited as the ‘Do Not Track Me Online Act’.CommentsClose CommentsPermalink

SEC. 2. DEFINITIONS.

In this Act:CommentsClose CommentsPermalink





(1) COMMISSION- The term ‘Commission’ means the Federal Trade Commission.CommentsClose CommentsPermalink





(2) COVERED ENTITY- The term ‘covered entity’ means a person engaged in interstate commerce that collects or stores online data containing covered information. Such term does not include--CommentsClose CommentsPermalink





(A) the Federal Government or any instrumentality of the Federal Government, nor the government of any State or political subdivision of a State; orCommentsClose CommentsPermalink





(B) any person that can demonstrate that such person--CommentsClose CommentsPermalink





(i) stores covered information from or about fewer than 15,000 individuals;CommentsClose CommentsPermalink





(ii) collects covered information from or about fewer than 10,000 individuals during any 12-month period;CommentsClose CommentsPermalink





(iii) does not collect or store sensitive information; andCommentsClose CommentsPermalink





(iv) does not use covered information to study, monitor, or analyze the behavior of individuals as the person’s primary business.CommentsClose CommentsPermalink





(3) COVERED INFORMATION-CommentsClose CommentsPermalink





(A) IN GENERAL- The term ‘covered information’ means, with respect to an individual, any of the following that is transmitted online:CommentsClose CommentsPermalink





(i) The online activity of the individual, including--CommentsClose CommentsPermalink





(I) the web sites and content from such web sites accessed;CommentsClose CommentsPermalink





(II) the date and hour of online access;CommentsClose CommentsPermalink





(III) the computer and geolocation from which online information was accessed; andCommentsClose CommentsPermalink





(IV) the means by which online information was accessed, such as a device, browser, or application.CommentsClose CommentsPermalink





(ii) Any unique or substantially unique identifier, such as a customer number or Internet protocol address.CommentsClose CommentsPermalink





(iii) Personal information such as--CommentsClose CommentsPermalink





(I) the name;CommentsClose CommentsPermalink





(II) a postal address or other location;CommentsClose CommentsPermalink





(III) an email address or other user name;CommentsClose CommentsPermalink





(IV) a telephone or fax number;CommentsClose CommentsPermalink





(V) a government-issued identification number, such as a tax identification number, a passport number, or a driver’s license number; orCommentsClose CommentsPermalink





(VI) a financial account number, or credit card or debit card number, or any required security code, access code, or password that is necessary to permit access to an individual’s financial account.CommentsClose CommentsPermalink





(B) EXCLUSION- Such term shall not include--CommentsClose CommentsPermalink





(i) the title, business address, business email address, business telephone number, or business fax number associated with an individual’s status as an employee of an organization, or an individual’s name when collected, stored, used, or disclosed in connection with such employment status; orCommentsClose CommentsPermalink





(ii) any information collected from or about an employee by an employer, prospective employer, or former employer that directly relates to the employee-employer relationship.CommentsClose CommentsPermalink





(4) SENSITIVE INFORMATION-CommentsClose CommentsPermalink





(A) DEFINITION- The term ‘sensitive information’ means--CommentsClose CommentsPermalink





(i) any information that is associated with covered information of an individual and relates directly to that individual’s--CommentsClose CommentsPermalink





(I) medical history, physical or mental health, or the provision of health care to the individual;CommentsClose CommentsPermalink





(II) race or ethnicity;CommentsClose CommentsPermalink





(III) religious beliefs and affiliation;CommentsClose CommentsPermalink





(IV) sexual orientation or sexual behavior;CommentsClose CommentsPermalink





(V) income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account; orCommentsClose CommentsPermalink





(VI) precise geolocation information and any information about the individual’s activities and relationships associated with such geolocation; orCommentsClose CommentsPermalink





(ii) an individual’s--CommentsClose CommentsPermalink





(I) unique biometric data, including a fingerprint or retina scan; orCommentsClose CommentsPermalink





(II) Social Security number.CommentsClose CommentsPermalink





(B) MODIFIED DEFINITION BY RULEMAKING- The Commission may, by regulations promulgated under section 553 of title 5, United States Code, modify the scope or application of the definition of ‘sensitive information’ for purposes of this Act. In promulgating such regulations, the Commission shall consider--CommentsClose CommentsPermalink





(i) the purposes of the collection of the information and the context of the use of the information;CommentsClose CommentsPermalink





(ii) how easily the information can be used to identify a specific individual;CommentsClose CommentsPermalink





(iii) the nature and extent of authorized access to the information;CommentsClose CommentsPermalink





(iv) an individual’s reasonable expectations under the circumstances; andCommentsClose CommentsPermalink





(v) adverse effects that may be experienced by an individual if the information is disclosed to an unauthorized person.CommentsClose CommentsPermalink

SEC. 3. REGULATIONS REQUIRING ‘DO-NOT-TRACK’ MECHANISM.

(a) FTC Rulemaking- Not later than 18 months after the date of enactment of this Act, the Commission shall promulgate regulations under section 553 of title 5, United States Code, that establish standards for the required use of an online opt-out mechanism to allow a consumer to effectively and easily prohibit the collection or use of any covered information and to require a covered entity to respect the choice of such consumer to opt-out of such collection or use. Regulations prescribed pursuant to this subsection shall be treated as regulations defining unfair and deceptive acts or practices affecting commerce prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).CommentsClose CommentsPermalink





(b) Requirements To Be Included in Regulations- The regulations prescribed under subsection (a)--CommentsClose CommentsPermalink





(1) shall include a requirement for a covered entity to disclose, in a manner that is easily accessible to a consumer, information on the collection of information practices of such entity, how such entity uses or discloses such information, and the names of the persons to whom such entity would disclose such information; andCommentsClose CommentsPermalink





(2) shall prohibit the collection or use of covered information by a covered entity for which a consumer has opted-out of such collection or use, unless the consumer changes their opt-out preference to allow the collection or use of such information.CommentsClose CommentsPermalink





(c) Additional Regulatory Authority- The regulations prescribed under subsection (a)--CommentsClose CommentsPermalink





(1) may include a requirement that a covered entity provide a consumer with a means to access the covered information of such consumer and the data retention and security policies of the covered entity in a format that is clear and easy to understand; andCommentsClose CommentsPermalink





(2) may include a requirement that some or all of the regulations apply with regard to the collection and use of covered information, regardless of the source.CommentsClose CommentsPermalink





(d) Exemptive Authority- The Commission may exempt from some or all of the regulations required by this section certain commonly accepted commercial practices, including the following:CommentsClose CommentsPermalink





(1) Providing, operating, or improving a product or service used, requested, or authorized by an individual, including the ongoing provision of customer service and support.CommentsClose CommentsPermalink





(2) Analyzing data related to use of the product or service for purposes of improving the products, services, or operations.CommentsClose CommentsPermalink





(3) Basic business functions such as accounting, inventory and supply chain management, quality assurance, and internal auditing.CommentsClose CommentsPermalink





(4) Protecting or defending rights or property, including intellectual property, against actual or potential security threats, fraud, theft, unauthorized transactions, or other illegal activities.CommentsClose CommentsPermalink





(5) Preventing imminent danger to the personal safety of an individual or group of individuals.CommentsClose CommentsPermalink





(6) Complying with a Federal, State, or local law, rule, or other applicable legal requirement, including disclosures pursuant to a court order, subpoena, summons, or other properly executed compulsory process.CommentsClose CommentsPermalink





(7) Any other category of operational use specified by the Commission by regulation that is consistent with the purposes of this Act.CommentsClose CommentsPermalink

SEC. 4. ADDITIONAL FTC AUTHORITY.

In implementing and enforcing the regulations prescribed under section 3, the Commission shall--CommentsClose CommentsPermalink





(1) have the authority to prescribe such regulations as may be necessary to carry out the purposes of this Act in accordance with section 553 of title 5, United States Code;CommentsClose CommentsPermalink





(2) monitor for risks to consumers in the provision of products and services, including the development of new hardware or software designed to limit, restrict, or circumvent the ability of a consumer to control the collection and use of the covered information of such consumer, as set forth in the regulations prescribed under section 3;CommentsClose CommentsPermalink





(3) perform random audits of covered entities, including Internet browsing for investigative purposes, to ensure compliance with the regulations issued under section 3;CommentsClose CommentsPermalink





(4) assess consumers’ understanding of the risks posed by the tracking of a consumer’s Internet activity and the collection and use of covered information relating to a consumer; andCommentsClose CommentsPermalink





(5) make available to the public at least 1 report of significant findings of the monitoring required by this section in each calendar year after the date on which final regulations are issued pursuant to section 3(a).CommentsClose CommentsPermalink

SEC. 5. ENFORCEMENT BY STATE ATTORNEYS GENERAL.

(a) Civil Action- In any case in which the Attorney General of a State, or an official or agency of a State, has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by any person who violates the regulations prescribed under section 3, the attorney general, official, or agency of the State, as parens patriae, may bring a civil action on behalf of the residents of the State in an appropriate district court of the United States--CommentsClose CommentsPermalink





(1) to enjoin further violation of the regulations prescribed under section 3 by the defendant;CommentsClose CommentsPermalink





(2) to compel compliance with the regulations prescribed under section 3; orCommentsClose CommentsPermalink





(3) to obtain civil penalties for violations of the regulations prescribed under section 3 in the amount determined under subsection (b).CommentsClose CommentsPermalink





(b) Civil Penalties-CommentsClose CommentsPermalink





(1) CALCULATION- For purposes of calculating the civil penalties that may be obtained under subsection (a)(3), the amount determined under this paragraph is the amount calculated by multiplying the number of days that a covered entity is not in compliance with the regulations prescribed under section 3 by an amount not to exceed $11,000.CommentsClose CommentsPermalink





(2) ADJUSTMENT FOR INFLATION- Beginning on the date that the Consumer Price Index for All Urban Consumers is first published by the Bureau of Labor Statistics that is after 1 year after the date of enactment of this Act, and each year thereafter, the amount specified in paragraph (1) shall be increased by the percentage increase in the Consumer Price Index published on that date from the Consumer Price Index published the previous year.CommentsClose CommentsPermalink





(3) MAXIMUM TOTAL LIABILITY- Notwithstanding the number of actions which may be brought against a person under this section the maximum civil penalty for which any person may be liable under this section shall not exceed $5,000,000 for any related series of violations of the regulations prescribed under section 3.CommentsClose CommentsPermalink





(c) Intervention by the FTC-CommentsClose CommentsPermalink





(1) NOTICE AND INTERVENTION- The State shall provide prior written notice of any action under subsection (a) to the Commission and provide the Commission with a copy of its complaint, except in any case in which such prior notice is not feasible, in which case the State shall serve such notice immediately upon instituting such action. The Commission shall have the right--CommentsClose CommentsPermalink





(A) to intervene in the action;CommentsClose CommentsPermalink





(B) upon so intervening, to be heard on all matters arising therein; andCommentsClose CommentsPermalink





(C) to file petitions of appeal.CommentsClose CommentsPermalink





(2) LIMITATION ON STATE ACTION WHILE FEDERAL ACTION IS PENDING- If the Commission has instituted a civil action for violation of the regulations prescribed under section 3, no attorney general of a State, or official, or agency of a State, may bring an action under this section during the pendency of that action against any defendant named in the complaint of the Commission for any violation of the regulations issued under this Act alleged in the complaint.CommentsClose CommentsPermalink

SEC. 6. EFFECT ON OTHER LAWS.

(a) Other Authority of Federal Trade Commission- Nothing in this Act shall be construed to limit or affect in any way the Commission’s authority to bring enforcement actions or take any other measure under the Federal Trade Commission Act (15 U.S.C. 41 et seq.) or any other provision of law.CommentsClose CommentsPermalink





(b) State Law- The regulations prescribed under section 3 shall not annul, alter, affect, or exempt any person subject to the provisions of such regulations from complying with the law of any State except to the extent that such law is inconsistent with any provision of such regulations, and then only to the extent of the inconsistency. For purposes of this subsection, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of the regulations prescribed under section 3 if the protection such statute, regulation, order, or interpretation affords any person is greater than the protection provided under the regulations prescribed under section 3.CommentsClose CommentsPermalink