A privacy bill of rights is something that tech pundits have talked about for years, but now Senators John Kerry and John McCain hope to make it a reality with a bipartisan bill in the Senate called the "The Commercial Privacy Bill of Rights Act of 2011."
[See related story: Privacy Backlash Over Ad Tracking Debated]
You're welcome to read the whole bill, but here's the short version of what you need to know:
Opt-Outs a Plenty, with a Bit of Opt-In
The Kerry-McCain bill would force companies to let users opt out of data collection when used for behavioral ads or transfer to third parties. The bill calls for "robust and clear" notification that the ability to opt out is available. For sensitive information -- religion, health records or other stuff that can cause physical or financial harm if made public -- companies would need users' consent through an opt-in. Users would have access to all this information, should they want to remove or correct it.
The How and Why
If this bill becomes law, companies would have to explain why they want to collect, use and store your personal data. When a company changes its data collection practices, it would have to inform users in a timely manner.
Limits on Collection
The bill would forbid companies from collecting data that isn't necessary to deliver or improve a service, or to make a transaction. If data is transferred to a third party, that party would have to sign a contract agreeing to the terms of the bill.
No "Do Not Track"
Last year, the Federal Trade Commission called for a "Do Not Track" list that would prevent Internet companies from following users around the Web, and all browsers would be required to offer this feature. The bill from Kerry and McCain ignores the FTC's advice, leaving the issue of "Do Not Track" in the hands of individual Web browsers, all of which tackle the problem differently.
You Can't Sue
If you discover that a company was covertly gathering your personal information and sending it to who-knows-where, you wouldn't be allowed to take the case to court. The FTC and state attorneys general would be the only entities that could take action against a company for privacy violations.
Privacy Watchdogs Don't Like It
Consumer groups that take a hard line on user privacy don't think the Kerry-McCain bill goes far enough. They want "Do Not Track." They want consumers to have the right to sue. And they don't like how the Commerce Department, which primarily promotes the interests of businesses, can make exceptions for businesses that come up with alternative privacy plans. Individual states, the consumer groups note, are prohibited from making stronger laws. The consumer groups also claim that Facebook and other "social media marketers" get special treatment because they can continue to gather data without sufficient safeguards.