Text: H.R.347 — 107th Congress (2001-2002)All Information (Except Text)

There is one version of the bill.

Text available as:

  • TXT
  • PDF (PDF provides a complete and accurate display of this text.) Tip?

Shown Here:
Introduced in House (01/31/2001)

 
[Congressional Bills 107th Congress]
[From the U.S. Government Printing Office]
[H.R. 347 Introduced in House (IH)]







107th CONGRESS
  1st Session
                                H. R. 347

  To require the Federal Trade Commission to prescribe regulations to 
 protect the privacy of personal information collected from and about 
individuals on the Internet, to provide greater individual control over 
  the collection and use of that information, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            January 31, 2001

Mr. Green of Texas introduced the following bill; which was referred to 
                  the Committee on Energy and Commerce

_______________________________________________________________________

                                 A BILL


 
  To require the Federal Trade Commission to prescribe regulations to 
 protect the privacy of personal information collected from and about 
individuals on the Internet, to provide greater individual control over 
  the collection and use of that information, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Consumer Online Privacy and 
Disclosure Act''.

SEC. 2. REGULATION OF UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN 
              CONNECTION WITH THE COLLECTION, USE, AND DISCLOSURE OF 
              PERSONAL INFORMATION.

    (a) Acts Prohibited.--
            (1) Violations of regulations prohibited.--
                    (A) In general.--Except as provided in subparagraph 
                (B), it is unlawful for an operator of a Web site or 
                online service to collect, use, or disclose personal 
                information in a manner that violates the regulations 
                prescribed under subsection (b).
                    (B) Disclosure in response to consumer request.--
                Notwithstanding subparagraph (A), neither an operator 
                of a Web site or online service nor the operator's 
                agent shall be held liable under this Act for any 
                disclosure made in good faith and following reasonable 
                procedures in responding to a request under subsection 
                (b)(1)(B) by an individual for disclosure of personal 
                information pertaining to such individual.
            (2) Internet profiling prohibited.--No operator of a Web 
        site or online service may allow any third party to attach a 
        persistent cookie as a means of developing a personal profile 
        of an individual unless the operator--
                    (A) clearly discloses such practices to the 
                individual in the notice required under subsection 
                (b)(1)(A)(i); and
                    (B) provides the individual the opportunity to opt-
                in to allowing the third party to attach the persistent 
                cookie.
            (3) Prohibition on the sale of consumer information.--If an 
        operator of a Web site or online service becomes insolvent, no 
        tranactional information collected by the operator from any 
        individual may be sold in whole or part as a means to satisfy 
        creditors, without the affirmative permission of such 
        individual.
    (b) Regulations.--
            (1) In general.--Not later than 1 year after the date of 
        the enactment of this Act, the Commission shall promulgate 
        under section 553 of title 5, United States Code, regulations 
        that--
                    (A) require the operator of any Web site or online 
                service--
                            (i) to provide notice on its Web site in a 
                        format that the average person can understand 
                        which notice shall be clear and conspicuous and 
                        shall provide the identity of the operator, the 
                        physical and electronic mail address of the 
                        operator, what personal information is 
                        collected by the operator, how the operator 
                        uses such information, and what information may 
                        be shared or sold with other companies;
                            (ii) to provide a meaningful and simple 
                        online process for individuals to opt-out of 
                        the disclosure of personal information for 
                        purposes unrelated to those for which such 
                        information was obtained or described in the 
                        notice under clause (i); and
                            (iii) to provide a description of the 
                        specific types of personal information 
                        collected by that operator that is either sold, 
                        shared, or transferred to an external company 
                        or third party.
            (2) When purpose limitation not required.--The regulations 
        shall provide that the unrelated purpose limitation required 
        under paragraph (1)(A)(ii) is not required for--
                    (A) transactional information where personal 
                information is removed;
                    (B) personal information where it is used to render 
                or conduct a business activity related to the business 
                of the operator (for example, the use of an e-mail 
                address to respond to an e-mail communication); or
                    (C) the collection, use, or dissemination of such 
                information by the operator of such a Web site or 
                online service necessary to the extent required under 
                other provisions of law.
    (c) Enforcement.--Subject to this section and section 4, a 
violation of a regulation prescribed under subsection (a) shall be 
treated as a violation of a rule defining an unfair or deceptive act or 
practice prescribed under section 18(a)(1)(B) of the Federal Trade 
Commission Act (15 U.S.C. 57a(a)(1)(B)).
    (d) No Requirement To Collect or Maintain Data.--Nothing in this 
Act shall be interpreted to require an operator to collect or maintain 
any data that would not otherwise be collected or maintained.

SEC. 3. ACTIONS BY STATES.

    (a) In General.--
            (1) Civil actions.--In any case in which the attorney 
        general of a State has reason to believe that an interest of 
        the residents of that State has been or is threatened or 
        adversely affected by the engagement of any person in a 
practice that violates any regulation of the Commission prescribed 
under section 2, the State may bring a civil action on behalf of the 
residents of the State in a district court of the United States of 
appropriate jurisdiction to--
                    (A) enjoin that practice;
                    (B) enforce compliance with the regulation;
                    (C) obtain damage, restitution, or other 
                compensation on behalf of residents of the State; or
                    (D) obtain such other relief as the court may 
                consider to be appropriate.
            (2) Notice.--
                    (A) In general.--Before filing an action under 
                paragraph (1), the attorney general of the State 
                involved shall provide to the Commission--
                            (i) written notice of that action; and
                            (ii) a copy of the complaint for that 
                        action.
                    (B) Exemption.--
                            (i) In general.--Subparagraph (A) shall not 
                        apply with respect to the filing of an action 
                        by an attorney general of a State under this 
                        subsection, if the attorney general determines 
                        that it is not feasible to provide the notice 
                        described in that subparagraph before the 
                        filing of the action.
                            (ii) Notification.--In an action described 
                        in clause (i), the attorney general of a State 
                        shall provide notice and a copy of the 
                        complaint to the Commission at the same time as 
                        the attorney general files the action.
    (b) Intervention.--
            (1) In general.--On receiving notice under subsection 
        (a)(2), the Commission shall have the right to intervene in the 
        action that is the subject of the notice.
            (2) Effect of intervention.--If the Commission intervenes 
        in an action under subsection (a), it shall have the right--
                    (A) to be heard with respect to any matter that 
                arises in that action; and
                    (B) to file a petition for appeal.
            (3) Amicus curiae.--Upon application to the court, a person 
        whose self-regulatory guidelines have been approved by the 
        Commission and are relied upon as a defense by any defendant to 
        a proceeding under this section may file amicus curiae in that 
        proceeding.
    (c) Construction.--For purposes of bringing any civil action under 
subsection (a), nothing in this Act shall be construed to prevent an 
attorney general of a State from exercising the powers conferred on the 
attorney general by the laws of that State to--
            (1) conduct investigations;
            (2) administer oaths or affirmations; or
            (3) compel the attendance of witnesses or the production of 
        documentary and other evidence.
    (d) Venue; Service of Process.--
            (1) Venue.--Any action brought under subsection (a) may be 
        brought in the district court of the United States that meets 
        applicable requirements relating to venue under section 1391 of 
        title 28, United States Code.
            (2) Service of process.--In an action brought under 
        subsection (a), process may be served in any district in which 
        the defendant--
                    (A) is an inhabitant; or
                    (B) may be found.

SEC. 4. ADMINISTRATION AND APPLICABILITY OF ACT.

    (a) In General.--Except as otherwise provided, this Act shall be 
enforced by the Commission under the Federal Trade Commission Act (15 
U.S.C. 41 et seq.).
    (b) Provisions.--Compliance with the requirements imposed under 
this Act shall be enforced under--
            (1) section 8 of the Federal Deposit Insurance Act (12 
        U.S.C. 1818), in the case of--
                    (A) national banks, and Federal branches and 
                Federal agencies of foreign banks, by the Office of the 
                Comptroller of the Currency;
                    (B) member banks of the Federal Reserve System 
                (other than national banks), branches and agencies of 
                foreign banks (other than Federal branches, Federal 
                agencies, and insured State branches of foreign banks), 
                commercial lending companies owned or controlled by 
                foreign banks, and organizations operating under 
                section 25 or 25(a) of the Federal Reserve Act (12 
                U.S.C. 601 et seq. and 611 et seq.), by the Board; and
                    (C) banks insured by the Federal Deposit Insurance 
                Corporation (other than members of the Federal Reserve 
                System) and insured State branches of foreign banks, by 
                the Board of Directors of the Federal Deposit Insurance 
                Corporation;
            (2) section 8 of the Federal Deposit Insurance Act (12 
        U.S.C. 1818), by the Director of the Office of Thrift 
        Supervision, in the case of a savings association the deposits 
        of which are insured by the Federal Deposit Insurance 
        Corporation;
            (3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.) 
        by the National Credit Union Administration Board with respect 
        to any Federal credit union;
            (4) part A of subtitle VII of title 49, United States Code, 
        by the Secretary of Transportation with respect to any air 
        carrier or foreign air carrier subject to that part;
            (5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et 
        seq.) (except as provided in section 406 of that Act (7 U.S.C. 
        226, 227)), by the Secretary of Agriculture with respect to any 
        activities subject to that Act; and
            (6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by 
        the Farm Credit Administration with respect to any Federal land 
        bank, Federal land bank association, Federal intermediate 
        credit bank, or production credit association.
    (c) Exercise of Certain Powers.--For the purpose of the exercise by 
any agency referred to in subsection (b) of its powers under any other 
Act referred to in that subsection, a violation of any requirement 
imposed under this Act shall be deemed to be a violation of a 
requirement imposed under that other Act. In addition to its powers 
under any provision of law specifically referred to in subsection (b), 
each of the agencies referred to in that subsection may exercise, for 
the purpose of enforcing compliance with any requirement imposed under 
this Act, any other authority conferred on such agency by law.
    (d) Actions by the Commission.--The Commission shall prevent any 
person from violating a rule of the Commission under section 2 in the 
same manner, by the same means, and with the same jurisdiction, powers, 
and duties as though all applicable terms and provisions of the Federal 
Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and 
made a part of this Act. Any entity that violates such rule shall be 
subject to the penalties and entitled to the privileges and immunities 
provided in the Federal Trade Commission Act in the same manner, by the 
same means, and with the same jurisdiction, power, and duties as though 
all applicable terms and provisions of the Federal Trade Commission Act 
were incorporated into and made a part of this Act.
    (e) Effect on Other Laws.--Nothing contained in this Act shall be 
construed to limit the authority of the Commission under any other 
provisions of law.

SEC. 5. PRIVATE RIGHT OF ACTION.

    (a) Actions Authorized.--Any person or entity may, if otherwise 
permitted by the laws or rules of court of a State, bring in an 
appropriate court of that State, or may bring in an appropriate Federal 
court if such laws or rules do not so permit, either or both of the 
following actions:
            (1) An action based on a violation of any rule promulgated 
        under section 2 to enjoin such violation.
            (2) An action to recover for actual monetary loss from such 
        a violation in an amount equal to the greatest of--
                    (A) the amount of such actual monetary loss; or
                    (B) $1,000 for each such violation, not to exceed a 
                total of $50,000.
    (b) Additional Remedies.--If the court finds that the defendant 
willfully, knowingly, or repeatedly violated a rule promulgated under 
section 2, the court may, in its discretion, increase the amount of the 
award to an amount equal to not more than three times the amount 
available under subsection (a)(2).
    (c) Attorney Fees.--In any such action, the court may, in its 
discretion, require an undertaking for the payment of the costs of such 
action, and assess reasonable costs, including reasonable attorneys' 
fees, against any party.
    (d) Protection of Trade Secrets.--At the request of any party to an 
action brought pursuant to this section or any other participant in 
such an action, the court may, in its discretion, issue protective 
orders and conduct legal proceedings in such a way as to protect the 
secrecy and security of the computer, computer network, computer data, 
computer program, and computer software involved in order to prevent 
possible recurrence of the same or a similar act by another person and 
to protect any trade secrets of any such party or participant.

SEC. 6. REVIEW.

    Not later than 2 years after the effective date of the regulations 
initially issued under section 2, the Commission shall--
            (1) review the implementation of this Act, including the 
        effect of the implementation of this Act on practices relating 
        to the collection and disclosure of information; and
            (2) prepare and submit to Congress a report on the results 
        of the review under paragraph (1).

SEC. 7. STUDY.

    The Comptroller General of the United States shall conduct a study 
of the implementation of this Act during the first 2 years after the 
date of its enactment and shall report the results of such study to 
Congress.

SEC. 8. EFFECTIVE DATE.

    Sections 2(a), 4, and 5 of this Act shall take effect on the later 
of--
            (1) the date that is 18 months after the date of enactment 
        of this Act; or
            (2) the date on which the Commission rules on the first 
        application filed for safe harbor treatment under section 2 if 
        the Commission does not rule on the first such application 
        within one year after the date of enactment of this Act, but in 
        no case later than the date that is 30 months after the date of 
        enactment of this Act.

SEC. 9. DEFINITIONS.

    In this Act:
            (1) Individual.--The term ``individual'' means a natural 
        person of age 13 and above.
            (2) Commission.--The term ``Commission'' means the Federal 
        Trade Commission.
            (3) Disclosure.--The term ``disclosure'' means, with 
        respect to personal information the release of personal 
        information collected in identifiable form by an operator for 
        any purpose, except where such information is provided to a 
        person other than the operator who provides support for the 
        internal operations of the Web site and does not disclose or 
        use that information for any other purpose.
            (4) Federal agency.--The term ``Federal agency'' means an 
        agency, as that term is defined in section 551(1) of title 5, 
        United States Code.
            (5) Internet.--The term ``Internet'' means collectively the 
        myriad of computer and telecommunications facilities, including 
        equipment and operating software, which comprise the 
        interconnected world-wide network of networks that employ the 
        Transmission Control Protocol/Internet Protocol, or any 
        predecessor or successor protocols to such protocol, to 
        communicate information of all kinds by wire or radio.
            (6) Operator.--The term ``operator''--
                    (A) means any person who operates a Web site 
                located on the Internet or an online service and who 
                collects or maintains personal information from or 
                about the users of or visitors to such Web site or 
online service, or on whose behalf such information is collected or 
maintained, where such Web site or online service is operated for 
commercial purposes, including any person offering products or services 
for sale through that Web site or online service, involving commerce--
                            (i) among the several States or with 1 or 
                        more foreign nations;
                            (ii) in any territory of the United States 
                        or in the District of Columbia, or between any 
                        such territory and--
                                    (I) another such territory; or
                                    (II) any State or foreign nation; 
                                or
                            (iii) between the District of Columbia and 
                        any State, territory, or foreign nation; but
                    (B) does not include any nonprofit entity that 
                would otherwise be exempt from coverage under section 5 
                of the Federal Trade Commission Act (15 U.S.C. 45).
            (7) Personal information.--The term ``personal 
        information'' means information collected online from an 
        individual that identifies that individual, including--
                    (A) first and last name;
                    (B) home and other physical address;
                    (C) e-mail address;
                    (D) social security number;
                    (E) telephone number;
                    (F) any other identifier that the Commission 
                determines identifies an individual; or
                    (G) information that is maintained with, or can be 
                searched or retrieved by means of, data described in 
                subparagraphs (A) through (F).
            (8) Pre-existing relationship.--The term ``pre-existing 
        relationship'' means, when used with respect to an individual 
        and operator of a Web site, that either of the following 
        communications exist:
                    (A) Within a 5-year period there has been a 
                business transaction between the individual and the 
                operator (including a transaction involving the 
                provision, free of charge, of information requested by 
                the recipient of goods or services).
                    (B) The individual was at the time of a business 
                transaction or thereafter, provided a clear and 
                conspicuous notice of an operators data collection 
                practices and has not exercised their opportunity to 
                terminate the pending transaction.
            (9) Transactional information.--The term ``transactional 
        information'' means information generated in connection with 
        the process of requesting, accessing, or otherwise using the 
        Internet.
            (10) Persistent cookies.--The term ``persistent cookies'' 
        means small files copied for varying lengths of time to an 
        individual's computer and serving as a means to track and 
        report on an individual's Internet activity.
            (11) Third party.--The term ``third party'' means, with 
        respect to the disclosure by an operator of a Web site or 
        online service of personal information relating to such 
        individual, a person or other entity other than--
                    (A) such operator;
                    (B) an employee of such operator; or
                    (C) the individual.
                                 <all>