HR 2882 IH

To regulate the use by interactive computer services of personally identifiable information provided by subscribers to such services.

September 15, 1999

Mr. VENTO introduced the following bill; which was referred to the Committee on Commerce

To regulate the use by interactive computer services of personally identifiable information provided by subscribers to such services.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE; FINDINGS.

(a) SHORT TITLE- This Act may be cited as the `Internet Consumer Information Protection Act'.

(b) FINDINGS- The Congress finds the following:

(1) Internet technology is evolving and increasingly used as a medium for interaction between consumers and businesses.

(2) An expanding share of transactions taking place on-line has lead to greater consumer choice but also public concern regarding the use of personal information and personal privacy.

(3) Use of data garnered via the Internet must be regulated, keeping in mind the unique nature of this medium, in a way which allows consumers to make informed choices and does not impede normal business activity.

SEC. 2. REGULATION OF USE BY AN INTERACTIVE COMPUTER SERVICE OF A SUBSCRIBER'S PERSONALLY IDENTIFIABLE INFORMATION.

(a) PRIVACY POLICY- It is the policy of the Congress that each interactive computer service has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information that is shared or encountered in service and transactions with consumers.

(b) DISCLOSURE OF PERSONALLY IDENTIFIABLE INFORMATION WITHOUT CONSENT PROHIBITED-

(1) IN GENERAL- An interactive computer service shall not disclose to a third party any personally identifiable information provided by a subscriber to such service unless--

(A) such service has provided to the subscriber a notice that complies with paragraph (2);

(B) such service clearly and conspicuously discloses to the subscriber, in writing or in electronic form, that such information may be disclosed to such third parties;

(C) the subsciber is given the opportunity, before the time that such information is initially disclosed, to direct that such information not be disclosed to such third parties; and

(D) the subsciber is given an explanation of how the subsciber can exercise that nondisclosure option.

(2) NOTICE- The notice required by paragraph (1)(A) shall include the policy and practices of the interactive computer service with respect to disclosing nonpublic personal information to third parties.

(3) EXCEPTION- This subsection shall not prohibit an interactive computer service from providing personally identifiable information to a third party for the performance of services or functions of the interactive computer service, other than for marketing purposes.

(c) KNOWING DISCLOSURE OF FALSIFIED PERSONALLY IDENTIFIABLE INFORMATION PROHIBITED- An interactive computer service or an employee of such service shall not knowingly disclose to a third party any personally identifiable information provided by a subscriber to such service that such service, or such employee, has knowingly falsified.

(d) SUBSCRIBER ACCESS TO PERSONALLY IDENTIFIABLE INFORMATION-

(1) IN GENERAL- At a subscriber's request, an interactive computer service shall--

(A) provide the subscriber's personally identifiable information maintained by the service to the subscriber;

(B) permit the subscriber to verify such information maintained by the service; and

(C) permit the subscriber to correct any error in such information.

(2) FEE- The service shall not charge a fee to the subscriber for making available the information under this subsection.

SEC. 3. ENFORCEMENT AND RELIEF.

(a) FEDERAL TRADE COMMISSION- The Federal Trade Commission shall have the authority--

(1) to establish personal data guidelines that may be employed by entities to comply with the provisions of this act; and

(2) to examine and investigate an interactive computer service to determine whether such service has been or is engaged in any act or practice prohibited by this Act.

(b) RELIEF-

(1) CEASE AND DESIST ORDER- If the Federal Trade Commission determines an interactive computer service has been or is engaged in any act or practice prohibited by this Act, the Commission may issue a cease and desist order as if such service were in violation of section 5 of the Federal Trade Commission Act.

(2) CIVIL ACTION- A subscriber aggrieved by a violation of section 2 may in a civil action obtain appropriate relief.

SEC. 4. RIGHTS AND REMEDIES NOT EXCLUSIVE.

The rights and remedies provided by this Act are in addition to, and not in lieu of, any and all other rights and remedies that may be available under Federal or State law.

SEC. 5. DEFINITIONS.

As used in this Act--

(1) the term `interactive computer service' means any information service that provides computer access to multiple users via modem to the Internet;

(2) the term `Internet' means the international computer network of both Federal and non-Federal interoperable packet switched data networks;

(3) the term `personally identifiable information' has the meaning given such term in section 631 of the Communications Act of 1934 (47 U.S.C. 551);

(4) the term `third party' means, with respect to the disclosure of personally identifiable information provided by a subscriber to an interactive computer service, a person or other entity other than--

(A) such service;

(B) an employee of such service;

(C) an affiliate of such service; or

(D) that subscriber to such service.

(5) the term `affiliate' means any company that controls, is controlled by, or is under common control with another company.

END