I

112TH CONGRESS 1ST SESSION

H. R. 654

To direct the Federal Trade Commission to prescribe regulations regarding the collection and use of information obtained by tracking the Internet activity of an individual, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES

A BILL
To direct the Federal Trade Commission to prescribe regulations regarding the collection and use of information obtained by tracking the Internet activity of an individual, and for other purposes. 1 Be it enacted by the Senate and House of Representa-

2 tives of the United States of America in Congress assembled, 3 4

This Act may be cited as the Do Not Track Me On-

5 line Act.
rfrederick on DSKD9S0YB1PROD with BILLS

6 7

SEC. 2. DEFINITIONS.

In this Act:

VerDate Mar 15 2010

03:32 Feb 15, 2011

Jkt 099200

PO 00000

Frm 00001

Fmt 6652

Sfmt 6201

E:\BILLS\H654.IH

H654

2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

(1) COMMISSION.The term Commission means the Federal Trade Commission. (2) COVERED
ENTITY.The

term covered en-

tity means a person engaged in interstate commerce that collects or stores online data containing covered information. Such term does not include (A) the Federal Government or any instrumentality of the Federal Government, nor the government of any State or political subdivision of a State; or (B) any person that can demonstrate that such person (i) stores covered information from or about fewer than 15,000 individuals; (ii) collects covered information from or about fewer than 10,000 individuals during any 12-month period; (iii) does not collect or store sensitive information; and (iv) does not use covered information to study, monitor, or analyze the behavior of individuals as the persons primary business. (3) COVERED
INFORMATION.

24

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

(A) IN

GENERAL.The

term covered in-

formation means, with respect to an individual, any of the following that is transmitted online: (i) The online activity of the individual, including (I) the web sites and content from such web sites accessed; (II) the date and hour of online access; (III) the computer and

geolocation from which online information was accessed; and (IV) the means by which online information was accessed, such as a device, browser, or application. (ii) Any unique or substantially

unique identifier, such as a customer number or Internet protocol address. (iii) Personal information such as (I) the name; (II) a postal address or other location; (III) an email address or other user name;

24 25

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

4 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

(IV) a telephone or fax number; (V) a government-issued identification number, such as a tax identification number, a passport number, or a drivers license number; or (VI) a financial account number, or credit card or debit card number, or any required security code, access code, or password that is necessary to permit access to an individuals financial account. (B) EXCLUSION.Such term shall not include (i) the title, business address, business email address, business telephone number, or business fax number associated with an individuals status as an employee of an organization, or an individuals name when collected, stored, used, or disclosed in connection with such employment status; or (ii) any information collected from or about an employee by an employer, prospective employer, or former employer that directly relates to the employee-employer relationship.

24 25

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

5 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

(4) SENSITIVE

INFORMATION.

(A) DEFINITION.The term sensitive information means (i) any information that is associated with covered information of an individual and relates directly to that individuals (I) medical history, physical or mental health, or the provision of health care to the individual; (II) race or ethnicity; (III) religious beliefs and affiliation; (IV) sexual orientation or sexual behavior; (V) income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account; or (VI) precise geolocation information and any information about the

24 25

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

individuals activities and relationships associated with such geolocation; or (ii) an individuals (I) unique biometric data, including a fingerprint or retina scan; or (II) Social Security number. (B) MODIFIED
MAKING.The DEFINITION BY RULE-

Commission may, by regulations

promulgated under section 553 of title 5, United States Code, modify the scope or application of the definition of sensitive information for purposes of this Act. In promulgating such regulations, the Commission shall consider (i) the purposes of the collection of the information and the context of the use of the information; (ii) how easily the information can be used to identify a specific individual; (iii) the nature and extent of authorized access to the information; (iv) an individuals reasonable expectations under the circumstances; and

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

7 1 2 3 4 5 6 (v) adverse effects that may be experienced by an individual if the information is disclosed to an unauthorized person.
SEC. 3. REGULATIONS REQUIRING DO-NOT-TRACK MECHANISM.

(a) FTC RULEMAKING.Not later than 18 months

7 after the date of enactment of this Act, the Commission 8 shall promulgate regulations under section 553 of title 5, 9 United States Code, that establish standards for the re10 quired use of an online opt-out mechanism to allow a con11 sumer to effectively and easily prohibit the collection or 12 use of any covered information and to require a covered 13 entity to respect the choice of such consumer to opt-out 14 of such collection or use. Regulations prescribed pursuant 15 to this subsection shall be treated as regulations defining 16 unfair and deceptive acts or practices affecting commerce 17 prescribed under section 18(a)(1)(B) of the Federal Trade 18 Commission Act (15 U.S.C. 57a(a)(1)(B)). 19 20 (b) REQUIREMENTS TO BE INCLUDED
TIONS.The IN

REGULA-

regulations prescribed under subsection

21 (a) 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

(1) shall include a requirement for a covered entity to disclose, in a manner that is easily accessible to a consumer, information on the collection of information practices of such entity, how such entity

24 25

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

8 1 2 3 4 5 6 7 8 9 10 uses or discloses such information, and the names of the persons to whom such entity would disclose such information; and (2) shall prohibit the collection or use of covered information by a covered entity for which a consumer has opted-out of such collection or use, unless the consumer changes their opt-out preference to allow the collection or use of such information. (c) ADDITIONAL REGULATORY AUTHORITY.The

11 regulations prescribed under subsection (a) 12 13 14 15 16 17 18 19 20 21 22 (1) may include a requirement that a covered entity provide a consumer with a means to access the covered information of such consumer and the data retention and security policies of the covered entity in a format that is clear and easy to understand; and (2) may include a requirement that some or all of the regulations apply with regard to the collection and use of covered information, regardless of the source. (d) EXEMPTIVE AUTHORITY.The Commission may

23 exempt from some or all of the regulations required by

24 this section certain commonly accepted commercial prac25 tices, including the following:

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

9 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

(1) Providing, operating, or improving a product or service used, requested, or authorized by an individual, including the ongoing provision of customer service and support. (2) Analyzing data related to use of the product or service for purposes of improving the products, services, or operations. (3) Basic business functions such as accounting, inventory and supply chain management, quality assurance, and internal auditing. (4) Protecting or defending rights or property, including intellectual property, against actual or potential security threats, fraud, theft, unauthorized transactions, or other illegal activities. (5) Preventing imminent danger to the personal safety of an individual or group of individuals. (6) Complying with a Federal, State, or local law, rule, or other applicable legal requirement, including disclosures pursuant to a court order, subpoena, summons, or other properly executed compulsory process. (7) Any other category of operational use specified by the Commission by regulation that is consistent with the purposes of this Act.

24

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

10 1 2
SEC. 4. ADDITIONAL FTC AUTHORITY.

In implementing and enforcing the regulations pre-

3 scribed under section 3, the Commission shall 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

(1) have the authority to prescribe such regulations as may be necessary to carry out the purposes of this Act in accordance with section 553 of title 5, United States Code; (2) monitor for risks to consumers in the provision of products and services, including the development of new hardware or software designed to limit, restrict, or circumvent the ability of a consumer to control the collection and use of the covered information of such consumer, as set forth in the regulations prescribed under section 3; (3) perform random audits of covered entities, including Internet browsing for investigative purposes, to ensure compliance with the regulations issued under section 3; (4) assess consumers understanding of the risks posed by the tracking of a consumers Internet activity and the collection and use of covered information relating to a consumer; and (5) make available to the public at least 1 report of significant findings of the monitoring required by this section in each calendar year after the

24 25

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00010 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

11 1 2 3 4 date on which final regulations are issued pursuant to section 3(a).

(a) CIVIL ACTION.In any case in which the Attor-

5 ney General of a State, or an official or agency of a State, 6 has reason to believe that an interest of the residents of 7 that State has been or is threatened or adversely affected 8 by any person who violates the regulations prescribed 9 under section 3, the attorney general, official, or agency 10 of the State, as parens patriae, may bring a civil action 11 on behalf of the residents of the State in an appropriate 12 district court of the United States 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

(1) to enjoin further violation of the regulations prescribed under section 3 by the defendant; (2) to compel compliance with the regulations prescribed under section 3; or (3) to obtain civil penalties for violations of the regulations prescribed under section 3 in the amount determined under subsection (b). (b) CIVIL PENALTIES. (1) CALCULATION.For purposes of calculating the civil penalties that may be obtained under subsection (a)(3), the amount determined under this paragraph is the amount calculated by multiplying the number of days that a covered entity is not in

24 25

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00011 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

12 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
rfrederick on DSKD9S0YB1PROD with BILLS

compliance with the regulations prescribed under section 3 by an amount not to exceed $11,000. (2) ADJUSTMENT
FOR INFLATION.Beginning

on the date that the Consumer Price Index for All Urban Consumers is first published by the Bureau of Labor Statistics that is after 1 year after the date of enactment of this Act, and each year thereafter, the amount specified in paragraph (1) shall be increased by the percentage increase in the Consumer Price Index published on that date from the Consumer Price Index published the previous year. (3) MAXIMUM
TOTAL LIABILITY.Notwith-

standing the number of actions which may be brought against a person under this section the maximum civil penalty for which any person may be liable under this section shall not exceed $5,000,000 for any related series of violations of the regulations prescribed under section 3. (c) INTERVENTION BY THE FTC. (1) NOTICE
AND INTERVENTION.The

State

shall provide prior written notice of any action under subsection (a) to the Commission and provide the Commission with a copy of its complaint, except in any case in which such prior notice is not feasible, in which case the State shall serve such notice im-

24 25

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00012 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

13 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 mediately upon instituting such action. The Commission shall have the right (A) to intervene in the action; (B) upon so intervening, to be heard on all matters arising therein; and (C) to file petitions of appeal. (2) LIMITATION
ON STATE ACTION WHILE FED-

ERAL ACTION IS PENDING.If

the Commission has

instituted a civil action for violation of the regulations prescribed under section 3, no attorney general of a State, or official, or agency of a State, may bring an action under this section during the pendency of that action against any defendant named in the complaint of the Commission for any violation of the regulations issued under this Act alleged in the complaint.
SEC. 6. EFFECT ON OTHER LAWS.

(a) OTHER AUTHORITY

OF

FEDERAL TRADE COM-

in this Act shall be construed to limit

20 or affect in any way the Commissions authority to bring 21 enforcement actions or take any other measure under the 22 Federal Trade Commission Act (15 U.S.C. 41 et seq.) or 23 any other provision of law.
rfrederick on DSKD9S0YB1PROD with BILLS

24

(b) STATE LAW.The regulations prescribed under

25 section 3 shall not annul, alter, affect, or exempt any per-

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00013 Fmt 6652 Sfmt 6201 E:\BILLS\H654.IH H654

14 1 son subject to the provisions of such regulations from com2 plying with the law of any State except to the extent that 3 such law is inconsistent with any provision of such regula4 tions, and then only to the extent of the inconsistency. 5 For purposes of this subsection, a State statute, regula6 tion, order, or interpretation is not inconsistent with the 7 provisions of the regulations prescribed under section 3 8 if the protection such statute, regulation, order, or inter9 pretation affords any person is greater than the protection 10 provided under the regulations prescribed under section 11 3.

rfrederick on DSKD9S0YB1PROD with BILLS

HR 654 IH
VerDate Mar 15 2010 03:32 Feb 15, 2011 Jkt 099200 PO 00000 Frm 00014 Fmt 6652 Sfmt 6301 E:\BILLS\H654.IH H654