By Sen. John McCain (R-Ariz) and Sen. John Kerry (D-Mass.) - 05/23/11 06:27 PM ET
During the past few months, more than 250 million Americans received the frightening news that their personal information, collected by many retailers where they shop, was stolen by hackers routinely.
Sixty-one million Americans who own a smartphone were told that their travels and movements are being tracked by companies who service their smartphones and shared with app providers without restriction on how the information was being used. (We don’t want to imply that Apple or Google phones steal information; they don’t, but the apps on the phones collect and use it without sufficient protections or information for consumers.) And 77 million Americans learned that personal information stored in their online gaming systems was lifted by hackers.
Almost every American is vulnerable to the loss, theft or unanticipated use of their information (theft listed alone is too strong), because in this digital age we routinely turn over personal information to online retailers, social networks and other services in growing numbers.
Americans are rightfully concerned and should be. Is the requirement that you provide such information and cede control of it simply the price of doing business in today’s digital economy? It shouldn’t be. That is why we introduced a Commercial Privacy Bill of Rights — to put Americans back in control of their personal information.
Last year, Internet users sent 107 trillion emails, Facebook hosted 600 million users, Twitter hosted 155 million tweets per day, and Americans across the country shared personal data when checking into hotels, shopping for groceries and refilling their cars. In many ways, all this information sharing is good for consumers. When companies collect data and use it with high ethical standards and the full knowledge and participation of their customers, they can generate immense economic activity, innovate and tailor the services they deliver to the clients they serve.
But today the data collectors are setting the rules. Companies can harvest our personal information and keep it for as long as they like. They can use it and sell it without asking permission. You shouldn’t have to be a computer genius to figure out how to opt out of a company’s information sharing policy. In short, these companies, from mobile phone operators to hotels to websites, can do almost whatever they want with our personal information, and we have no legal right to stop them.
That’s why we introduced the The Commercial Privacy Bill of Rights to keep our private data safe by laying down fair information practices for anyone collecting it. Our legislation will ensure that businesses collecting personal information secure that information, tell people why their data is being collected and allow people to have a say in whether they want their information used. If these companies turn around and transfer this information, any agreements they have made to secure the privacy of their consumers’ information would travel along with it. And if someone requests a company to stop using personal information, they finally have the legal power to make that demand.
We also recognize that it’s important to allow for experimentation and flexibility in the implementation of privacy practices. The Commercial Privacy Bill of Rights does that by establishing voluntary safe-harbor programs to allow companies to design their own privacy programs for complying with the law. They could implement protections however they wanted as long as they still achieved privacy protections on par with the standards set out in the law.
The business community is already responding to the concerns of consumers and regulators by recognizing that the time has come to establish these types of consumer-privacy protections. Industries are negotiating among themselves to establish uniform data collection and use practices. Three of the major Internet browser services have already created tools allowing their users to express their preferences regarding their personal information. Many companies are now making massive investments in privacy protection for their own customers — including employing chief privacy officers to ensure that they earn, retain and respect the trust of consumers.
These companies see that it doesn’t just make good business sense to protect customers’ private information. They know it’s the right thing to do, and we want to take that good work and make it common practice for everyone.
Kerry is the chairman of the Senate Commerce Committee’s subcommittee on Communications, Technology and the Internet. McCain is a former chairman of the Senate Commerce Committee.