A proposed US congressional bill to regulate the collection of personal data is being almost universally panned, with privacy advocates arguing it's inadequate and pro-business groups saying it goes too far.
The draft legislation (PDF) would for the first time impose national standards on how companies collect IP addresses, viewer history, and other potentially sensitive data from individuals. It would apply to websites and offline operations as well.
In its current form, it would apply to any business or non-profit organization that collects personal information from at least 5,000 individuals in a given year. In a nod to privacy advocates, groups would be required to get individuals' consent before storing names, email addresses, and other data. But acquiring that consent could be as simple as adding a statement to a website, a policy that's anathema to many civil-liberties boosters because it's viewed as opt-out rather than opt-in.
Some privacy advocates also worry that the half-hearted restrictions will preempt many state laws that do a much better job of controlling the collection of personal data.
Business and advertising groups, meanwhile, are fretting that the language is unduly broad and could hamper their ability to employ targeted advertising on websites.
The draft bill was released Tuesday by representatives Rick Boucher, a Democrat who is chairman of the House subcommittee on communications, technology and the internet; and Cliff Stearns, a Republican who is the panel's ranking minority member. CNET and The New York Times have more here and here. ®