THIS SEARCH     THIS DOCUMENT     GO TO
Next Hit        Forward           New Bills Search
Prev Hit        Back              HomePage
Hit List        Best Sections     Help
                Contents Display

GPO's PDF Display

Congressional Record References

Bill Summary & Status

Printer Friendly Display - 8,450 bytes.[Help]

Billno should always have and extension i.e. h1.ih

Online Privacy and Disclosure Act of 2000 (Introduced in House)

HR 4059 IH

106th CONGRESS

2d Session

H. R. 4059

To establish a system for businesses engaged in electronic commerce to adopt, and certify their compliance with, internationally recognized principles concerning the collection, use, and dissemination of personal information, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES

March 22, 2000

Mr. CAMPBELL (for himself, Mr. UDALL of New Mexico, Mr. GILLMOR, Mr. HALL of Texas, and Mr. HUTCHINSON) introduced the following bill; which was referred to the Committee on Commerce

A BILL

To establish a system for businesses engaged in electronic commerce to adopt, and certify their compliance with, internationally recognized principles concerning the collection, use, and dissemination of personal information, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the `Online Privacy and Disclosure Act of 2000'.

SEC. 2. DEFINITIONS.

    For purposes of this Act, the following definitions apply:

      (1) DATA CONTROLLER- The term `data controller' means a person who, by any means of interstate commerce, collects personal data, regardless of whether or not such data are collected, stored, processed, or disseminated by that person or by an agent on its behalf.

      (2) PERSONAL DATA- The term `personal data' means any information relating to an identified or identifiable individual (data subject).

      (3) DATA SUBJECT- The term `data subject' means an individual to whom personal data pertain.

      (4) COMMISSION- The term `Commission' means the Federal Trade Commission.

      (5) PERSON- The term `person' has the meaning provided such term in section 1 of title 1, United States Code.

SEC. 3. PURPOSES.

    The purposes of this Act are--

      (1) to identify and establish principles concerning fair and nondeceptive business practices for the collection, use, and dissemination of personal data;

      (2) to permit businesses that have adopted and implemented such principles to certify the implementation by publicly displaying a uniform seal; and

      (3) to require the Commission to prohibit and prevent unfair and deceptive acts and practices in the use of that uniform seal.

SEC. 4. PRINCIPLES FOR FAIR PERSONAL INFORMATION PRACTICES.

    Data controllers who abide by the following rules shall be permitted to display an official seal certifying such compliance under such regulations as the Commission shall prescribe:

      (1) COLLECTION LIMITATION PRINCIPLE- The collection of any personal data through means of interstate commerce should be obtained by lawful and fair means and with the knowledge of the data subject.

      (2) DATA QUALITY PRINCIPLE- Personal data should be accurate, complete, and current.

      (3) PURPOSE SPECIFICATION PRINCIPLE- The purposes for which personal data are collected should be specified and disclosed to the data subject not later than the time of data collection, and any subsequent use should be limited to the fulfillment of those disclosed purposes, or such other purposes as are not incompatible with those disclosed purposes and as are also disclosed to the data subject on each occasion of a change of purpose.

      (4) USE LIMITATION PRINCIPLE- Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified and disclosed in accordance with paragraph (3), except--

        (A) with the consent of the data subject; or

        (B) by the authority of law.

      (5) OPENNESS PRINCIPLE- A data subject should have readily available means of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual place of business of the data controller.

      (6) INDIVIDUAL PARTICIPATION PRINCIPLE- An individual should have the right--

        (A) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to the individual;

        (B) to have communicated to the individual, data relating to the individual--

          (i) within a reasonable time;

          (ii) at a charge, if any, that is not excessive;

          (iii) in a reasonable manner; and

          (iv) in a form that is readily intelligible to the individual;

        (C) to be given reasons if a request made under subparagraphs (A) and (B) is denied, and to be able to challenge such denial; and

        (D) to challenge data relating to the individual and, if the challenge is successful to have the data erased, rectified, completed, or amended.

      (7) ACCOUNTABILITY PRINCIPLE- A data controller should be accountable for complying with measures which give effect to the principles stated in paragraphs (1) through (6) of this section.

SEC. 5. PREVENTION OF UNFAIR AND DECEPTIVE PRACTICES IN ADOPTION AND IMPLEMENTATION OF PRINCIPLES.

    (a) REGULATIONS REQUIRED-

      (1) IN GENERAL- The Commission shall prescribe rules for the adoption of a seal that may be publicly displayed by a data controller that--

        (A) complies with the principles set forth in section 4; and

        (B) desires to certify that compliance publicly.

      (2) DECEPTIVE USE OF SEAL PROHIBITED- Such rules shall prohibit as a deceptive act or practice any display of such seal, or any imitation of such seal, by a data controller that is not in compliance with such principles.

    (b) RULEMAKING- The Commission shall prescribe the rules under subsection (a) within 270 days after the date of enactment of this Act. Such rules shall be prescribed in accordance with section 553 of title 5, United States Code.

    (c) ENFORCEMENT- Any violation of any rule prescribed under subsection (a) shall be treated as a violation of a rule respecting unfair or deceptive acts or practices under section 5 of the Federal Trade Commission Act (15 U.S.C. 45). Notwithstanding section 5(a)(2) of such Act (15 U.S.C. 45(a)(2)), communications common carriers shall be subject to the jurisdiction of the Commission for purposes of this Act.

SEC. 6. ADMINISTRATION AND APPLICABILITY OF ACT.

    (a) IN GENERAL- Except as otherwise provided in section 7, this Act shall be enforced by the Commission under the Federal Trade Commission Act (15 U.S.C. 41 et seq.). Consequently, no activity which is outside the jurisdiction of that Act shall be affected by this Act, except for purposes of this Act.

    (b) ACTIONS BY THE COMMISSION- The Commission shall prevent any person from violating a rule of the Commission under section 5 in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. Any person who violates such rule shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act in the same manner, by the same means, and with the same jurisdiction, power, and duties as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of this Act.

SEC. 7. STATE ENFORCEMENT.

    Nothing in this Act shall preempt any State from adopting or enforcing State laws dealing with the same or similar subject matter as the subject matter of this Act.


THIS SEARCH     THIS DOCUMENT     GO TO
Next Hit        Forward           New Bills Search
Prev Hit        Back              HomePage
Hit List        Best Sections     Help
                Contents Display