The Online Personal Privacy Act - It Sure Sounds Good
Senator Fritz Hollings, that protector of your privacy, introduced Senate Resolution S.2201, the Online Personal Privacy Act, on April 18. A bill with this as a title must be a good thing, right?
From Section 101 of the bill (the italics and underlining are mine)
a) IN GENERAL- An internet service provider, online service provider, or operator of a commercial website on the Internet may not collect personally identifiable information from a user, or use or disclose personally identifiable information about a user, of that service or website except in accordance with the provisions of this Act.
(b) APPLICATION TO CERTAIN THIRD-PARTY OPERATORS- The provisions of this Act applicable to internet service providers, online service providers, and commercial website operators apply to any third party, including an advertising network, that uses an internet service provider, online service provider, or commercial website operator to collect information about users of that service or website.
Basically, a website operator or third-party advertiser may not collect or disclose personally identifiable information about a user. Sounds pretty good at first glance. But you've got to read all the way to the end. Except as authorized by this act. What does that mean?
From Section 102 of the bill, there are two types of information it addresses, "Sensitive" and "Nonsensitive". These aren't defined until near the end of the bill, but they're treated differently.
Sensitive Personally Identifiable Information is defined as information about an individual's health, race or ethnicity, political party affiliation, religious beliefs, sexual orientation, Social Security number, or sensitive financial information.
Sensitive financial information is defined as income, account numbers, access codes or passwords, insurance policy information, or credit card, debt, and loan obligations.
This type of information requires an opt-in choice to be made by an individual. In other words, you could not legally share that type of information unless I specifically chose to allow you to do so.
That's not so bad, right?
But wait, there's more! Nonsensitive information can be shared also only if I choose to allow you to share it, but that is an opt-out decision. In other words, you as a web site operator can bury the opt out in really small print with the selection made to allow you to share that information. If I don't unclick that selection, you're free to share my nonsensitive information with anyone and everyone.
What is nonsensitive information, you ask? From the bill, it includes first and last name, home address, email address, telephone number, birth certificate number and two things that aren't as clearly defined. Quoting from the bill:
(vi) any other identifier for which the Commission finds there is a substantial likelihood that the identifier would permit the physical or online contacting of a specific individual; or
(vii) information that an Internet service provider, online service provider, or operator of a commercial website collects and combines with an identifier described in clauses (i) through (vi) of this subparagraph.
That's non-sensitive information? Come on, Senator Fritz, give me a break! Who do you think you're kidding? This bill would make it federal law for web sites to do things like this:
I agree to allow non-sensitive personal information collected on this web site to be shared.
Salon.com has published an article about this bill. You ought to read it, then contact your senators and ask them to not support this bill.
4:16:55 PM 
|
|
