Skip Page Banner  
E-COMMERCE AND TECH LAW
BLOG

 

Saturday, April 24, 2010

Congressman Wants Consumers to Have Personal Information Take-Down Right

by Thomas O'Toole

RSS

 Late last week, Rep. Thaddeus McCotter (R-MI) introduced a provocative piece of legislation, H.R. 5108, which he is calling the Cyber Privacy Act. The legislation, in a nutshell, would give individuals the right to demand that website operators remove any personal information their sites might contain about them. If websites refuse to remove the information, then the Federal Trade Commission has enforcement power to go after them.

There is a lot that can be said about this legislation, none of it positive, except for the fact that there is little chance it will be enacted into law. Nobody in Washington is talking about giving individuals this level of control over their personal information. The FTC is worried about consumers' lack of understanding about what is being done with their personal information and their inability to exert meaningful control over that. Businesses would like lawmakers to focus on personal information misuse and let the marketplace decide how much information collection and processing is desirable. (This is how Washington solved the Great Anti-Spyware Scare: it legislated against the really bad stuff, but gave business free rein for everything else that's not deceptive or criminal.) Nobody is talking about giving consumers a quasi take-down right.

I'll make a few observations, then leave it for the rest of the internet to pile on.

Key language in the bill is ambiguous. A website might "contain" quite a bit of personal information, but none of it visible to the web-browsing public. Perhaps McCotter meant to say "publish" or "make publicly available." His use of the word "remove" to describe the website operator's duty lends support to this reading. Reading the bill this way, one might charitably conclude that the bill is a well-intentioned attempt to fight identity theft.

The bill appears to reach a lot of personal information that should be publicly available, regardless of an individual's wishes. Websites with information about sex offenders and the Whois database of domain name registration information are two examples that come immediately to mind. I'm sure there are others.

There is a substantial amount of legitimate and socially beneficial commerce that would be impeded if individuals had a right to remove themselves from publicly available databases. And this is not even considering the not-insignificant burden of responding to opt-out requests.

There are obvious First Amendment problems with the bill.

H.R. 5108 doesn't distinguish between public information and information that an individual might have provided during the course of a commercial transaction. In the latter situation, there might have been notice and consent to the use and publication of the information. And if the information is public, an individual should not be able to suppress it.

I wish I knew what problem McCotter is attempting to solve with this legislation. McCotter is on the Financial Services Committee, so perhaps this is an identity theft measure after all. As far as I can tell, nobody has come out in support of H.R. 5108, so it is impossible to do anything other than guess about his intentions.

Finally, H.R. 5108 is a "put the toothpaste back in the tube" approach to controlling digital information that never works. Here is the text of the bill.


HR 5108 IH
111th CONGRESS
2d Session
H. R. 5108
To require certain Internet websites that contain personal information of individual's to remove such information at the request of such individuals.


IN THE HOUSE OF REPRESENTATIVES
April 22, 2010

Mr. MCCOTTER introduced the following bill; which was referred to the Committee on Energy and Commerce

A BILL
To require certain Internet websites that contain personal information of individual's to remove such information at the request of such individuals.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,


SECTION 1. SHORT TITLE.
This Act may be cited as the `Cyber Privacy Act'.


SEC. 2. REMOVAL OF PERSONAL INFORMATION REQUIRED OF CERTAIN WEBSITES.
(a) In General- Any Internet website that makes available to the public personal information of individuals shall--
(1) provide, in a clear and conspicuous location on the Internet website, a means for individuals whose personal information it contains to request the removal of such information; and
(2) promptly remove the personal information of any individual who requests its removal.
(b) Definition of Personal Information- As used in this Act, the term `personal information' means any information about an individual that includes, at minimum, the individual's name together with either a telephone number of such individual or an address of such individual.


SEC. 3. ENFORCEMENT BY THE FEDERAL TRADE COMMISSION.
(a) Unfair or Deceptive Acts or Practices- A violation of this Act shall be treated as an unfair and deceptive act or practice in violation of a regulation under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)) regarding unfair or deceptive acts or practices.
(b) Powers of Commission- The Federal Trade Commission shall enforce this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. Any person who violates such regulations shall be subject to the penalties and entitled to the privileges and immunities provided in that Act.
Subscription RequiredAll BNA publications are subscription-based and require an account. If you are a subscriber to the BNA publication and signed-in, you will automatically have access to the story. If you are not a subscriber, you will need to sign-up for a trial subscription.

You must Sign In or Register to post a comment.

Comments (0)