HR 2882 IH
106th CONGRESS
1st Session
H. R. 2882
To regulate the use by interactive computer services of personally
identifiable information provided by subscribers to such services.
IN THE HOUSE OF REPRESENTATIVES
September 15, 1999
Mr. VENTO introduced the following bill; which was referred to the Committee
on Commerce
A BILL
To regulate the use by interactive computer services of personally
identifiable information provided by subscribers to such services.
Be it enacted by the Senate and House of Representatives of the United
States of America in Congress assembled,
SECTION 1. SHORT TITLE; FINDINGS.
(a) SHORT TITLE- This Act may be cited as the `Internet Consumer
Information Protection Act'.
(b) FINDINGS- The Congress finds the following:
(1) Internet technology is evolving and increasingly used as a medium
for interaction between consumers and businesses.
(2) An expanding share of transactions taking place on-line has lead to
greater consumer choice but also public concern regarding the use of
personal information and personal privacy.
(3) Use of data garnered via the Internet must be regulated, keeping in
mind the unique nature of this medium, in a way which allows consumers to
make informed choices and does not impede normal business activity.
SEC. 2. REGULATION OF USE BY AN INTERACTIVE COMPUTER SERVICE OF A
SUBSCRIBER'S PERSONALLY IDENTIFIABLE INFORMATION.
(a) PRIVACY POLICY- It is the policy of the Congress that each interactive
computer service has an affirmative and continuing obligation to respect the
privacy of its customers and to protect the security and confidentiality of
those customers' nonpublic personal information that is shared or encountered
in service and transactions with consumers.
(b) DISCLOSURE OF PERSONALLY IDENTIFIABLE INFORMATION WITHOUT CONSENT
PROHIBITED-
(1) IN GENERAL- An interactive computer service shall not disclose to a
third party any personally identifiable information provided by a subscriber
to such service unless--
(A) such service has provided to the subscriber a notice that complies
with paragraph (2);
(B) such service clearly and conspicuously discloses to the
subscriber, in writing or in electronic form, that such information may be
disclosed to such third parties;
(C) the subsciber is given the opportunity, before the time that such
information is initially disclosed, to direct that such information not be
disclosed to such third parties; and
(D) the subsciber is given an explanation of how the subsciber can
exercise that nondisclosure option.
(2) NOTICE- The notice required by paragraph (1)(A) shall include the
policy and practices of the interactive computer service with respect to
disclosing nonpublic personal information to third parties.
(3) EXCEPTION- This subsection shall not prohibit an interactive
computer service from providing personally identifiable information to a
third party for the performance of services or functions of the interactive
computer service, other than for marketing purposes.
(c) KNOWING DISCLOSURE OF FALSIFIED PERSONALLY IDENTIFIABLE INFORMATION
PROHIBITED- An interactive computer service or an employee of such service
shall not knowingly disclose to a third party any personally identifiable
information provided by a subscriber to such service that such service, or
such employee, has knowingly falsified.
(d) SUBSCRIBER ACCESS TO PERSONALLY IDENTIFIABLE INFORMATION-
(1) IN GENERAL- At a subscriber's request, an interactive computer
service shall--
(A) provide the subscriber's personally identifiable information
maintained by the service to the subscriber;
(B) permit the subscriber to verify such information maintained by the
service; and
(C) permit the subscriber to correct any error in such
information.
(2) FEE- The service shall not charge a fee to the subscriber for making
available the information under this subsection.
SEC. 3. ENFORCEMENT AND RELIEF.
(a) FEDERAL TRADE COMMISSION- The Federal Trade Commission shall have the
authority--
(1) to establish personal data guidelines that may be employed by
entities to comply with the provisions of this act; and
(2) to examine and investigate an interactive computer service to
determine whether such service has been or is engaged in any act or practice
prohibited by this Act.
(1) CEASE AND DESIST ORDER- If the Federal Trade Commission determines
an interactive computer service has been or is engaged in any act or
practice prohibited by this Act, the Commission may issue a cease and desist
order as if such service were in violation of section 5 of the Federal Trade
Commission Act.
(2) CIVIL ACTION- A subscriber aggrieved by a violation of section 2 may
in a civil action obtain appropriate relief.
SEC. 4. RIGHTS AND REMEDIES NOT EXCLUSIVE.
The rights and remedies provided by this Act are in addition to, and not
in lieu of, any and all other rights and remedies that may be available under
Federal or State law.
SEC. 5. DEFINITIONS.
(1) the term `interactive computer service' means any information
service that provides computer access to multiple users via modem to the
Internet;
(2) the term `Internet' means the international computer network of both
Federal and non-Federal interoperable packet switched data networks;
(3) the term `personally identifiable information' has the meaning given
such term in section 631 of the Communications Act of 1934 (47 U.S.C.
551);
(4) the term `third party' means, with respect to the disclosure of
personally identifiable information provided by a subscriber to an
interactive computer service, a person or other entity other than--
(B) an employee of such service;
(C) an affiliate of such service; or
(D) that subscriber to such service.
(5) the term `affiliate' means any company that controls, is controlled
by, or is under common control with another company.
END