Comprehensive Privacy Bill Introduced by Senators Kerry and McCain

Senators John Kerry (D-MA) and John McCain (R-AZ) have introduced a comprehensive privacy bill, the  “Commercial Privacy Bill of Rights Act of 2011” (S. 799), that would govern the collection, use and transfer of consumer information in both the online and offline world.

Following are the major provisions of the legislation:

  • It contains a broad definition of “covered information” which includes “personally identifiable information” (except for public records) and “unique identifier information” (such as a cookie or IP address) and any other information collected or used to identify a specific individual.
  • Companies are required to provide clear, concise and timely notice of information collection practices and to provide consumers with the ability to exercise choice as follows:  Opt-in for collection, use or transfer of “sensitive personally identifiable information” and Opt-out of collection, use or transfer of all other data.
  • The bill specifically covers online behavioral advertising (OBA): companies must offer individuals “a robust, clear, and conspicuous mechanism for opt-out consent for the use by third parties of the individual’s covered information for behavioral advertising or marketing.”  The FTC, through rapid rulemaking, would provide the details as to what would be considered “robust and conspicuous.”
  • Requires that companies provide consumers with access to all personally identifiable information about them and a mechanism to correct such information; requires companies to adopt security measures to protect all of the information collected  
  • FTC would be primary enforcer of new rules but state attorneys general could also enforce the law subject to FTC intervention
  • Preempts state laws in this area
  • Specifically provides no private right of action
  • Establishes a “safe harbor” program to be administered by FTC

There are several positive features in the Kerry/McCain bill and both Senators acknowledged the critical role that advertising plays in the online marketplace during their press conference yesterday.  However, we remain concerned that comprehensive legislation could have serious unintended consequences and lock the marketplace and technology into place.  This would be particularly troubling since the online marketplace is one of the strongest segments of our economy.   We believe that the legitimate privacy interests of consumers can be best protected through enforcement of the current sector-specific privacy laws; strong, effective industry self-regulation; and active enforcement of the existing authority of the Federal Trade Commission (FTC).

We would very much appreciate your input on the Kerry/McCain bill and whether you believe there should be baseline privacy legislation.  Please contact Dan Jaffe ( or Keith Scarborough ( in ANA’s Washington, DC office at (202) 296-1883 with your comments.