Kerry-McCain Web Privacy Bill a Step in the Right Direction

News Analysis: The "Consumer Privacy Bill of Rights" proposed by U.S. Senators John Kerry and John McCain is a sensible way to give Web users more control over how their personal information is used without imposing an impractical technical standard.

The Commercial Privacy Bill of Rights Act of 2011 is a very important departure from the usual Congressional attempts at putting rules on the Internet in that it avoids two big traps: First, it doesn't define specific technical standards in the rules that it attempts to impose on Internet enterprises and users. Second, the bill was developed with the help of the industry to create a law that would both protect users of the Internet and also be something that legitimate Web companies could implement relatively easily without having a big negative impact on their operations. 

This bill, written by U.S. Senators John Kerry (D-Massachusetts) and John McCain (R-Arizona), differs from proposed "Do Not Track" legislation in that it avoids defining a specific technical standard, such as the Do Not Track flag offered by some browsers. Instead, it attempts to regulate a business practice that has been shown to be badly needed. 

Basically, the new law, assuming this legislation eventually passes in both houses of Congress, would make it illegal for companies to collect private information on their Websites without explicit permission from the person from whom the information is being collected. In addition, it would explain to users what was being done with the information, how it would be used, who would use it and what would be done with it in the future. 

The result of the new law, if passed, is that companies would be allowed to market to consumers, but the consumers would retain control of their information. It is, in general, much more flexible than the Do Not Track feature recommended by the Federal Trade Commission, since it allows consumers to decide on a case-by-case basis what will happen to their information on each site they visit. With the provisions in this bill, it will effectively impose a Do Not Track capability without the need for a specific browser feature. In addition, it will work with browsers that don't have that feature. 

The consumer-advocacy and privacy groups that oppose the Kerry-McCain bill are being short-sighted. The problem with demanding that browsers or Websites use a specific technology is that in the world of the Internet, the technology is changing constantly. It's entirely possible-likely even-that Do Not Track will be overcome by changes in technology shortly after it's imposed. The DNT flag in the browser will need to change to meet other needs, effectively either preventing browser development or making the Do Not Track issue irrelevant.