Rockefeller Introduces The Do-Not-Track Online Act of 2011

Published On May 11, 2011 | By Lisa Branco | Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On Monday, May 9, Senator Jay Rockefeller (D-WV) introduced the “Do-Not-Track Online Act of 2011, which would give individuals the ability to opt-out of having their online activities tracked by “providers of online services,” including “providers of mobile applications and services.”

– Under Section 2 of the bill, the FTC would be tasked with promulgating the following two rules within a year of enactment of the act:

  • A rule establishing standards for a “Do-Not-Track” mechanism; and
  • A rule prohibiting providers of online services (including mobile applications and services) from collecting personal information from the individuals who have expressed such a preference.

– However, the bill would allow providers to collect and use personal information from individuals even if the individual has indicated they do not want to be tracked as long as:

  • The collection and use is “necessary to provide a service requested by the individual, as long as the information remains anonymous or is deleted after the provision of the service”; or
  • The individual is given “clear and conspicuous” notice about the collection and use of the information and “affirmatively consents” to such collection and use.

– Section 2 would require the FTC to consider and take into account a number of factors when promulgating the “Do-Not-Track” rules, including:

  • The appropriate scope of such standards and rules;
  • The feasibility and costs of implementing such a mechanism and complying with such rules;
  • Do-not-track mechanisms already in use;
  • How do-not-track mechanisms should be publicized and offered to individuals;
  • Whether and how information can be collected and used on an anonymous basis; and
  • The standards under which personal information can be collected and used to provide services requested by an individual even when that individual has indicated they do not want their activities tracked.

Both the FTC and state Attorneys General would have authority to bring enforcement actions under the Act. Violations of rules promulgated under the Act would be treated as unfair or deceptive acts or practices under section 18(a)(1)(B) of the FTC Act. State Attorneys General would have the ability to obtain civil penalties in the amount of $16,000 for each day an entity is in violation of the rules, up to a maximum penalty of $15,000,000.

A copy of the bill can be found here.