News Analysis: The "Consumer Privacy Bill of Rights" proposed by U.S. Senators John Kerry and John McCain is a sensible way to give Web users more control over how their personal information is used without imposing an impractical technical standard.
The Commercial Privacy Bill of Rights Act of 2011 is
a very important departure from the usual Congressional attempts at putting
rules on the Internet in that it avoids two big traps: First, it doesn't define
specific technical standards in the rules that it attempts to impose on
Internet enterprises and users. Second, the bill was developed with the help of
the industry to create a law that would both protect users of the Internet and
also be something that legitimate Web companies could implement relatively
easily without having a big negative impact on their operations.
written by U.S. Senators John Kerry (D-Massachusetts) and John McCain
(R-Arizona), differs from proposed "Do Not Track" legislation in
that it avoids defining a specific technical standard, such as the Do Not Track
flag offered by some browsers. Instead, it attempts to regulate a business
practice that has been shown to be badly needed.
new law, assuming this legislation eventually passes in both houses of
Congress, would make it illegal for companies to collect private information on
their Websites without explicit permission from the person from whom the
information is being collected. In addition, it would explain to users what was
being done with the information, how it would be used, who would use it and
what would be done with it in the future.
The result of
the new law, if passed, is that companies would be allowed to market to
consumers, but the consumers would retain control of their information. It is,
in general, much more flexible than the Do Not Track feature recommended by the
Federal Trade Commission, since it allows consumers to decide on a case-by-case
basis what will happen to their information on each site they visit. With the
provisions in this bill, it will effectively impose a Do Not Track capability
without the need for a specific browser feature. In addition, it will work with
browsers that don't have that feature.
and privacy groups that oppose the Kerry-McCain bill are being short-sighted.
The problem with demanding that browsers or Websites use a specific technology
is that in the world of the Internet, the technology is changing constantly.
It's entirely possible-likely even-that Do Not Track will be overcome by
changes in technology shortly after it's imposed. The DNT flag in the browser
will need to change to meet other needs, effectively either preventing browser
development or making the Do Not Track issue irrelevant.
Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.
He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.