Summary of
Internet Privacy Bills
in the 106th Congress

This page summarizes the following bills in the 106th Congress:

This page was last updated on February 13, 2000.

Background. Numerous bills have been introduced in the 106th Congress which deal with protecting the privacy of individuals. This page summarizes the major bills which deal with online privacy. Two other pages summarize bills which deal with medical records privacy and financial information privacy.

On July 13, 1999, the Federal Trade Commission released an annual report which recommended against any legislation to regulate online privacy at this time. This report could diminish the chances that an online privacy bill would pass the Congress. See, TLJ story. Moreover, the Clinton administration, and especially Secretary of Commerce William Daley, oppose government regulation of online privacy. And of course, electronic commerce companies generally oppose any new legislation.

The prospects for passing a bill improved when Sen. Ernest Hollings (D-SC), the ranking minority member of the Senate Commerce Committee announced his desire to pass a bill in a speech in the Senate on February 24, 2000.


S 809, Online Privacy Protection Act of 1999.

Sponsor. Sen. Conrad Burns (R-MT). Cosponsor. Ron Wyden (D-OR).

Summary. S 809 is a detailed 17 page bill that would limit the way web sites and online services collect and disseminate personal information about individuals without their consent. It would require web sites and online services to post notices about their information collection and use policies, and allow individuals to prevent disclosure of personal information.

The bill has been described as protecting consumers' privacy. However, the word "consumer" does not appear in the bill, and the word "privacy" is hardly used. More precisely, the bill regulates the activities of "Web sites and online services" in how they "collect, use, and disclose" "personal information" about "individuals". "Personal information" is defined to include name, address, email address, social security number, and telephone number. "Personal information" includes "information collected online from an individual".

The bill requires web sites and online services to provide notice of what personal information is collected, how it is used, and how it is shared with others. Also, individuals must be given the opportunity to opt out of having their personal information disclosed to others, for purposes unrelated to those contained in the notice.

The bill also requires web sites and online services to provide individuals both a description and copies of their personal information. Finally, the bill requires web sites and online services to protect the confidentiality of personal information.

The bill gives rule making and enforcement authority to the Federal Trade Commission under its jurisdiction over unfair and deceptive trade practices. The bill would preempt state laws, but allow state Attorney Generals to bring suits on behalf of state residents. The bill does not create any private causes of action.

See also, Sen. Burn's statement and summary of the bill.

Status. Sen. Burns introduced a discussion draft on February 12, 1999. He formally introduced the bill on April 15.

Legislative History with Links to Related Materials.


S 854, Electronic Rights for the 21st Century Act.

Sponsor. Sen. Patrick Leahy (D-VT). No cosponsors.

Summary. S 854 IS is a massive bill which covers a wide range of topics, including encryption. The bill would offer increased privacy protection for specific types of information including: information on computer networks, transactional information obtained from pen registers and trap and trace devices, conference calls, information on packet networks (such as the Internet), information collected by Internet registrars, library loan and book sale records, and information pertaining satellite tv services for private home viewing.

The bill also deals with government access to location information, authority to provide customer location information for emergency purposes, and roving wiretaps.

Status. This bill was introduced on April 21, 1999. No action has been taken.

Legislative History with Links to Related Materials.


HR 313, Consumer Internet Privacy Protection Act of 1999.

Sponsors. Rep. Bruce Vento (D-MN). Cosponsors. None.

Summary. HR 313 contains three basic provisions. First, interactive computer services cannot disclose personally identifiable information without written consent. Second, if it does disclose, it cannot falsify information. And third, individuals have the right to learn what information is kept on them.

The key clause reads: "An interactive computer service shall not disclose to a third party any personally identifiable information provided by a subscriber to such service without the subscriber's prior informed written consent." In addition, the bill provides the right to revoke a consent.

The bill would give investigative and enforcement authority to the Federal Trade Commission; the only remedy stated in the bill is a "cease and desist order." The bill would also give aggrieved individuals a private cause of action; remedies are not specified.

Status. This bill was introduced on January 6, 1999. No action has yet been taken on it.

Legislative History with Links to Related Materials.


HR 367, Social Security On-line Privacy Protection Act.

Sponsor. Rep. Bob Franks (R-NJ). Cosponsors. None.

Summary. HR 367 IH is a short and simple bill which provides that "An interactive computer service shall not, by means of a reference service or otherwise, disclose to a third party (1) an individual's Social Security account number, or (2) personally identifiable information which is identifiable to an individual by means of the individual's Social Security account number, without the individual's prior informed written consent."

The bill also provides that the "Federal Trade Commission shall have the authority to examine and investigate an interactive computer service to determine whether such service has been or is engaged in any act or practice prohibited by this Act." The FTC would have authority to seek cease and desist orders and civil penalties. The bill creates no private right of action.

Status. HR 367 was introduced on January 19, 1999. No action has been taken.

Legislative History with Links to Related Materials.


HR 369, Children's Privacy Protection and Parental Empowerment Act of 1999.

Sponsors. Rep. Bob Franks (R-NJ). Cosponsor. Charlie Norwood (R-GA).

Summary. HR 369 is a general children's privacy protection bill, with teeth. It affects far more than just Internet activity. It creates criminal liability for violations.

It would criminalize the sale by list brokers of information about children under 16 without the written consent of the parent. The most significant prohibition in the bill provides that "Whoever, in or affecting interstate or foreign commerce, being a list broker, knowingly ... sells, purchases, or receives remuneration for providing personal information about a child, knowing that such information pertains to a child, without the written consent of a parent of that child."

It would also give parents the right to learn what information a list broker has disclosed, to whom it was disclosed, and what information was disclosed. It would also give parents the right to stop further disclosure. The bill would give parents a private right of action, in which the minimum damages would be $5,000.

The bill exempts law enforcement authorities, colleges, the military, and National Center for Missing and Exploited Children (NCMEC). Indeed, list brokers would have to make their databases available to the NCMEC to help them locate missing children.

Status. This bill was introduced on January 19. No action has yet been taken on it.

Legislative History with Links to Related Materials.


HR 1685, The Internet Growth and Development Act.

Sponsor. Rep. Rick Boucher (D-VA) (web site | bio). Original Cosponsor. Rep. Bob Goodlatte (R-VA) (web site | bio). Additional Cosponsors. Additional Cosponsors. Martin Meehan (D-MA), Joe Skeen (R-NM), Norman Dicks (D-WA), Ciro Rodriquez (D-TX), Mac Thornberry, Michael Capuano (D-MA), James Talent (R-MO), John Olver (D-MA), James McGovern (D-MA), Solomon Ortiz (D-TX), John Peterson (R-PA), Gary Miller (R-CA).

Summary. HR 1685 IH is a long and broad bill dealing with many Internet related topics. Title III of the bill deals with online privacy. It is short and simple. It requires commercial web sites to provide notice of its policy regarding use of personal information. It gives the FTC civil enforcement authority.

It provides that "Any person operating a commercial Internet website shall clearly and conspicuously provide notice of its collection, use, and disclosure policies with regard to personally identifiable information nation, including (1) the personally identifiable information that the website operator collects from individuals visiting the website; and (2) the uses that the website operator makes of the personally identifiable information, including whether the operator makes the information available to any third parties."

It also provides that "Any knowing violation ... shall be treated as an unfair or deceptive act or practice under section 5 of the Federal Trade Commission Act (15 U.S.C. 45)."

Status. This bill was introduced on May 5, 1999. The House Judiciary Committee held a hearing on broadband Internet access, which is another topic of the bill.

Legislative History with Links to Related Materials.


HR 2644, Personal Data Privacy Act of 1999

Sponsor. Rep. Maurice Hinchey (D-NY). Original Cosponsors. Gerald Kleczka (D-WI) and George Brown (D-CA).

Summary. HR 2644 IH is a short and simple, but strong bill. It is not limited to the Internet. However, if enacted it would have profound consequences for on-line data collectors.

It covers not only businesses that collect personal data, but also government entities (state, local and federal). It prohibits disclosure of personal data without express consent. It requires the entities that collect the data to provide access to individuals within five days. Moreover, individuals must receive a report once a year on their personal data, whether they ask for it or not. Finally, the bill creates a private right of action in federal court.

The basic prohibition in the bill provides that "no Government agency or private entity may transfer, sell, or disclose any personal data with respect to an individual to another Government agency or private entity without the express consent of such individual."

There is only one set of exemptions in the bill. These apply only to governmental entities. The bill provides that it does not "apply with respect to the transfer, sale, or disclosure of data by a Government agency for a national security purpose, law enforcement purpose, or purpose relating to the Federal or State regulation of an industry."

The bill also mandates access to records. It reads: "A Government agency or private entity, shall, upon the request of an individual with respect to whom the agency or entity maintains personal data, provide such individual with access to such personal data not later than five business days after the individual makes the request."

The bill's definition of personal data is broad. It includes basic items such as name, address, social security number, and credit card information. It also includes "Internet address." It also includes "Any information relating to the medical records of the individual" and "any school records".

The bill does not contain language requiring entities that collect data to correct incorrect data. Nor does it contain any requirements regarding procedures to safeguard data. Nor does it give the Federal Trade Commission any civil enforcement authority. Nor does it create criminal liability. In fact, it creates no new governmental powers.

Status. This bill was introduced on July 29, 1999.

Legislative History with Links to Related Materials.


HR 3321, the Electronic Privacy Bill of Rights Act of 1999.

Sponsor. Rep. Edward Markey (D-MA). Initial Cosponsor. William Luther (D-MN).

Summary. HR 3321 IH is a long, detailed and comprehensive bill. While other bills would impose some increased regulation of online information gathering, this is the 1000 pound gorilla of privacy bills. It is a techno-phobic collection of prohibited acts, regulatory procedures, and punitive remedies.

Status. This bill was introduced on November 10, 1999. It has been referred to many committees. No action has been taken.

Legislative History with Links to Related Materials.


HR 3560, Online Privacy Protection Act of 2000.

Sponsor. Rep. Rodney Frelinghuysen (R-NJ). Cosponsors. None.

Summary. HR 3560 IH

Status. This bill was introduced on January 31, 2000, and referred to the House Commerce Committee. No action has been taken.

Legislative History with Links to Related Materials.