Sen. Jay Rockefeller (D-WV), Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, introduced the Do-Not-Track Online Act of 2011 (S. 913), the third piece of do not track legislation introduced this year. (We summarized the federal Do Not Track Me Online Act and a California do not track bill.)
The stated purpose of the Act is "to require the Federal Trade Commission to prescribe regulations regarding the collection and use of personal information obtained by tracking the online activity of an individual, and for other purposes."
The bill directs the FTC to promulgate within one year:
1. Regulations that establish standards for the implementation of a mechanism by which an individual can "simply and easily" indicate whether the individual prefers to have personal information collected by providers of online services, including by providers of mobile applications and services; and
2. Rules that prohibit such providers from collecting personal information on individuals who have expressed, via a do not track mechanism, a preference not to have such information collected.
The bill allows companies to continue to collect personal information from individuals who have utilized the do-not-track mechanism if the collection is:
1. necessary to provide a service requested by the individual and the information is anonymized or deleted as soon as that service is provided; or
2. the individual is given "clear, conspicuous and accurate" notice on the collection and use of such information and affirmatively consents to that use.
The bill does not define personal information but the FTC could do so in its rulemaking. The bill instructs the FTC to consider the following, among other things, when promulgating the required rules and regulations:
1. the appropriate scope of such rules, including the conduct to which the rules apply and the persons required to comply with the rules;
2. the technical feasibility and costs of both implementing the mechanism and of complying with the associated rules; and
3. whether and how information can be collected and used anonymously so that it cannot be reasonably linked to a person or device and therefore would not qualify as personal information.
The Act would be enforced by the FTC and state attorney generals and provides civil penalties of up to $16,000 per day of noncompliance, up to $15,000,000 for all actions against any person. There is no private right of action.
A copy of the bill is available here
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.