H.R.347 - Consumer Online Privacy and Disclosure Act107th Congress (2001-2002)
|Sponsor:||Rep. Green, Gene [D-TX-29] (Introduced 01/31/2001)|
|Committees:||House - Energy and Commerce|
|Latest Action:||House - 02/14/2001 Referred to the Subcommittee on Commerce, Trade and Consumer Protection. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Text: H.R.347 — 107th Congress (2001-2002)All Information (Except Text)
There is one version of the bill.
Text available as:
- PDF (PDF provides a complete and accurate display of this text.) Tip?
Introduced in House (01/31/2001)
[Congressional Bills 107th Congress] [From the U.S. Government Printing Office] [H.R. 347 Introduced in House (IH)] 107th CONGRESS 1st Session H. R. 347 To require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes. _______________________________________________________________________ IN THE HOUSE OF REPRESENTATIVES January 31, 2001 Mr. Green of Texas introduced the following bill; which was referred to the Committee on Energy and Commerce _______________________________________________________________________ A BILL To require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Consumer Online Privacy and Disclosure Act''. SEC. 2. REGULATION OF UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN CONNECTION WITH THE COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION. (a) Acts Prohibited.-- (1) Violations of regulations prohibited.-- (A) In general.--Except as provided in subparagraph (B), it is unlawful for an operator of a Web site or online service to collect, use, or disclose personal information in a manner that violates the regulations prescribed under subsection (b). (B) Disclosure in response to consumer request.-- Notwithstanding subparagraph (A), neither an operator of a Web site or online service nor the operator's agent shall be held liable under this Act for any disclosure made in good faith and following reasonable procedures in responding to a request under subsection (b)(1)(B) by an individual for disclosure of personal information pertaining to such individual. (2) Internet profiling prohibited.--No operator of a Web site or online service may allow any third party to attach a persistent cookie as a means of developing a personal profile of an individual unless the operator-- (A) clearly discloses such practices to the individual in the notice required under subsection (b)(1)(A)(i); and (B) provides the individual the opportunity to opt- in to allowing the third party to attach the persistent cookie. (3) Prohibition on the sale of consumer information.--If an operator of a Web site or online service becomes insolvent, no tranactional information collected by the operator from any individual may be sold in whole or part as a means to satisfy creditors, without the affirmative permission of such individual. (b) Regulations.-- (1) In general.--Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate under section 553 of title 5, United States Code, regulations that-- (A) require the operator of any Web site or online service-- (i) to provide notice on its Web site in a format that the average person can understand which notice shall be clear and conspicuous and shall provide the identity of the operator, the physical and electronic mail address of the operator, what personal information is collected by the operator, how the operator uses such information, and what information may be shared or sold with other companies; (ii) to provide a meaningful and simple online process for individuals to opt-out of the disclosure of personal information for purposes unrelated to those for which such information was obtained or described in the notice under clause (i); and (iii) to provide a description of the specific types of personal information collected by that operator that is either sold, shared, or transferred to an external company or third party. (2) When purpose limitation not required.--The regulations shall provide that the unrelated purpose limitation required under paragraph (1)(A)(ii) is not required for-- (A) transactional information where personal information is removed; (B) personal information where it is used to render or conduct a business activity related to the business of the operator (for example, the use of an e-mail address to respond to an e-mail communication); or (C) the collection, use, or dissemination of such information by the operator of such a Web site or online service necessary to the extent required under other provisions of law. (c) Enforcement.--Subject to this section and section 4, a violation of a regulation prescribed under subsection (a) shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)). (d) No Requirement To Collect or Maintain Data.--Nothing in this Act shall be interpreted to require an operator to collect or maintain any data that would not otherwise be collected or maintained. SEC. 3. ACTIONS BY STATES. (a) In General.-- (1) Civil actions.--In any case in which the attorney general of a State has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by the engagement of any person in a practice that violates any regulation of the Commission prescribed under section 2, the State may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to-- (A) enjoin that practice; (B) enforce compliance with the regulation; (C) obtain damage, restitution, or other compensation on behalf of residents of the State; or (D) obtain such other relief as the court may consider to be appropriate. (2) Notice.-- (A) In general.--Before filing an action under paragraph (1), the attorney general of the State involved shall provide to the Commission-- (i) written notice of that action; and (ii) a copy of the complaint for that action. (B) Exemption.-- (i) In general.--Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this subsection, if the attorney general determines that it is not feasible to provide the notice described in that subparagraph before the filing of the action. (ii) Notification.--In an action described in clause (i), the attorney general of a State shall provide notice and a copy of the complaint to the Commission at the same time as the attorney general files the action. (b) Intervention.-- (1) In general.--On receiving notice under subsection (a)(2), the Commission shall have the right to intervene in the action that is the subject of the notice. (2) Effect of intervention.--If the Commission intervenes in an action under subsection (a), it shall have the right-- (A) to be heard with respect to any matter that arises in that action; and (B) to file a petition for appeal. (3) Amicus curiae.--Upon application to the court, a person whose self-regulatory guidelines have been approved by the Commission and are relied upon as a defense by any defendant to a proceeding under this section may file amicus curiae in that proceeding. (c) Construction.--For purposes of bringing any civil action under subsection (a), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to-- (1) conduct investigations; (2) administer oaths or affirmations; or (3) compel the attendance of witnesses or the production of documentary and other evidence. (d) Venue; Service of Process.-- (1) Venue.--Any action brought under subsection (a) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code. (2) Service of process.--In an action brought under subsection (a), process may be served in any district in which the defendant-- (A) is an inhabitant; or (B) may be found. SEC. 4. ADMINISTRATION AND APPLICABILITY OF ACT. (a) In General.--Except as otherwise provided, this Act shall be enforced by the Commission under the Federal Trade Commission Act (15 U.S.C. 41 et seq.). (b) Provisions.--Compliance with the requirements imposed under this Act shall be enforced under-- (1) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of-- (A) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency; (B) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25(a) of the Federal Reserve Act (12 U.S.C. 601 et seq. and 611 et seq.), by the Board; and (C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System) and insured State branches of foreign banks, by the Board of Directors of the Federal Deposit Insurance Corporation; (2) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), by the Director of the Office of Thrift Supervision, in the case of a savings association the deposits of which are insured by the Federal Deposit Insurance Corporation; (3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the National Credit Union Administration Board with respect to any Federal credit union; (4) part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part; (5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities subject to that Act; and (6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association. (c) Exercise of Certain Powers.--For the purpose of the exercise by any agency referred to in subsection (b) of its powers under any other Act referred to in that subsection, a violation of any requirement imposed under this Act shall be deemed to be a violation of a requirement imposed under that other Act. In addition to its powers under any provision of law specifically referred to in subsection (b), each of the agencies referred to in that subsection may exercise, for the purpose of enforcing compliance with any requirement imposed under this Act, any other authority conferred on such agency by law. (d) Actions by the Commission.--The Commission shall prevent any person from violating a rule of the Commission under section 2 in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. Any entity that violates such rule shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of this Act. (e) Effect on Other Laws.--Nothing contained in this Act shall be construed to limit the authority of the Commission under any other provisions of law. SEC. 5. PRIVATE RIGHT OF ACTION. (a) Actions Authorized.--Any person or entity may, if otherwise permitted by the laws or rules of court of a State, bring in an appropriate court of that State, or may bring in an appropriate Federal court if such laws or rules do not so permit, either or both of the following actions: (1) An action based on a violation of any rule promulgated under section 2 to enjoin such violation. (2) An action to recover for actual monetary loss from such a violation in an amount equal to the greatest of-- (A) the amount of such actual monetary loss; or (B) $1,000 for each such violation, not to exceed a total of $50,000. (b) Additional Remedies.--If the court finds that the defendant willfully, knowingly, or repeatedly violated a rule promulgated under section 2, the court may, in its discretion, increase the amount of the award to an amount equal to not more than three times the amount available under subsection (a)(2). (c) Attorney Fees.--In any such action, the court may, in its discretion, require an undertaking for the payment of the costs of such action, and assess reasonable costs, including reasonable attorneys' fees, against any party. (d) Protection of Trade Secrets.--At the request of any party to an action brought pursuant to this section or any other participant in such an action, the court may, in its discretion, issue protective orders and conduct legal proceedings in such a way as to protect the secrecy and security of the computer, computer network, computer data, computer program, and computer software involved in order to prevent possible recurrence of the same or a similar act by another person and to protect any trade secrets of any such party or participant. SEC. 6. REVIEW. Not later than 2 years after the effective date of the regulations initially issued under section 2, the Commission shall-- (1) review the implementation of this Act, including the effect of the implementation of this Act on practices relating to the collection and disclosure of information; and (2) prepare and submit to Congress a report on the results of the review under paragraph (1). SEC. 7. STUDY. The Comptroller General of the United States shall conduct a study of the implementation of this Act during the first 2 years after the date of its enactment and shall report the results of such study to Congress. SEC. 8. EFFECTIVE DATE. Sections 2(a), 4, and 5 of this Act shall take effect on the later of-- (1) the date that is 18 months after the date of enactment of this Act; or (2) the date on which the Commission rules on the first application filed for safe harbor treatment under section 2 if the Commission does not rule on the first such application within one year after the date of enactment of this Act, but in no case later than the date that is 30 months after the date of enactment of this Act. SEC. 9. DEFINITIONS. In this Act: (1) Individual.--The term ``individual'' means a natural person of age 13 and above. (2) Commission.--The term ``Commission'' means the Federal Trade Commission. (3) Disclosure.--The term ``disclosure'' means, with respect to personal information the release of personal information collected in identifiable form by an operator for any purpose, except where such information is provided to a person other than the operator who provides support for the internal operations of the Web site and does not disclose or use that information for any other purpose. (4) Federal agency.--The term ``Federal agency'' means an agency, as that term is defined in section 551(1) of title 5, United States Code. (5) Internet.--The term ``Internet'' means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio. (6) Operator.--The term ``operator''-- (A) means any person who operates a Web site located on the Internet or an online service and who collects or maintains personal information from or about the users of or visitors to such Web site or online service, or on whose behalf such information is collected or maintained, where such Web site or online service is operated for commercial purposes, including any person offering products or services for sale through that Web site or online service, involving commerce-- (i) among the several States or with 1 or more foreign nations; (ii) in any territory of the United States or in the District of Columbia, or between any such territory and-- (I) another such territory; or (II) any State or foreign nation; or (iii) between the District of Columbia and any State, territory, or foreign nation; but (B) does not include any nonprofit entity that would otherwise be exempt from coverage under section 5 of the Federal Trade Commission Act (15 U.S.C. 45). (7) Personal information.--The term ``personal information'' means information collected online from an individual that identifies that individual, including-- (A) first and last name; (B) home and other physical address; (C) e-mail address; (D) social security number; (E) telephone number; (F) any other identifier that the Commission determines identifies an individual; or (G) information that is maintained with, or can be searched or retrieved by means of, data described in subparagraphs (A) through (F). (8) Pre-existing relationship.--The term ``pre-existing relationship'' means, when used with respect to an individual and operator of a Web site, that either of the following communications exist: (A) Within a 5-year period there has been a business transaction between the individual and the operator (including a transaction involving the provision, free of charge, of information requested by the recipient of goods or services). (B) The individual was at the time of a business transaction or thereafter, provided a clear and conspicuous notice of an operators data collection practices and has not exercised their opportunity to terminate the pending transaction. (9) Transactional information.--The term ``transactional information'' means information generated in connection with the process of requesting, accessing, or otherwise using the Internet. (10) Persistent cookies.--The term ``persistent cookies'' means small files copied for varying lengths of time to an individual's computer and serving as a means to track and report on an individual's Internet activity. (11) Third party.--The term ``third party'' means, with respect to the disclosure by an operator of a Web site or online service of personal information relating to such individual, a person or other entity other than-- (A) such operator; (B) an employee of such operator; or (C) the individual. <all>