[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2882 Introduced in House (IH)]







106th CONGRESS
  1st Session
                                H. R. 2882

  To regulate the use by interactive computer services of personally 
   identifiable information provided by subscribers to such services.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           September 15, 1999

  Mr. Vento introduced the following bill; which was referred to the 
                         Committee on Commerce

_______________________________________________________________________

                                 A BILL


 
  To regulate the use by interactive computer services of personally 
   identifiable information provided by subscribers to such services.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE; FINDINGS.

    (a) Short Title.--This Act may be cited as the ``Internet Consumer 
Information Protection Act''.
    (b) Findings.--The Congress finds the following:
            (1) Internet technology is evolving and increasingly used 
        as a medium for interaction between consumers and businesses.
            (2) An expanding share of transactions taking place on-line 
        has lead to greater consumer choice but also public concern 
        regarding the use of personal information and personal privacy.
            (3) Use of data garnered via the Internet must be 
        regulated, keeping in mind the unique nature of this medium, in 
        a way which allows consumers to make informed choices and does 
        not impede normal business activity.

SEC. 2. REGULATION OF USE BY AN INTERACTIVE COMPUTER SERVICE OF A 
              SUBSCRIBER'S PERSONALLY IDENTIFIABLE INFORMATION.

    (a) Privacy Policy.--It is the policy of the Congress that each 
interactive computer service has an affirmative and continuing 
obligation to respect the privacy of its customers and to protect the 
security and confidentiality of those customers' nonpublic personal 
information that is shared or encountered in service and transactions 
with consumers.
    (b) Disclosure of Personally Identifiable Information Without 
Consent Prohibited.--
            (1) In general.--An interactive computer service shall not 
        disclose to a third party any personally identifiable 
        information provided by a subscriber to such service unless--
                    (A) such service has provided to the subscriber a 
                notice that complies with paragraph (2);
                    (B) such service clearly and conspicuously 
                discloses to the subscriber, in writing or in 
                electronic form, that such information may be disclosed 
                to such third parties;
                    (C) the subsciber is given the opportunity, before 
                the time that such information is initially disclosed, 
                to direct that such information not be disclosed to 
                such third parties; and
                    (D) the subsciber is given an explanation of how 
                the subsciber can exercise that nondisclosure option.
            (2) Notice.--The notice required by paragraph (1)(A) shall 
        include the policy and practices of the interactive computer 
        service with respect to disclosing nonpublic personal 
        information to third parties.
            (3) Exception.--This subsection shall not prohibit an 
        interactive computer service from providing personally 
        identifiable information to a third party for the performance 
        of services or functions of the interactive computer service, 
        other than for marketing purposes.
    (c) Knowing Disclosure of Falsified Personally Identifiable 
Information Prohibited.--An interactive computer service or an employee 
of such service shall not knowingly disclose to a third party any 
personally identifiable information provided by a subscriber to such 
service that such service, or such employee, has knowingly falsified.
    (d) Subscriber Access to Personally Identifiable Information.--
            (1) In general.--At a subscriber's request, an interactive 
        computer service shall--
                    (A) provide the subscriber's personally 
                identifiable information maintained by the service to 
                the subscriber;
                    (B) permit the subscriber to verify such 
                information maintained by the service; and
                    (C) permit the subscriber to correct any error in 
                such information.
            (2) Fee.--The service shall not charge a fee to the 
        subscriber for making available the information under this 
        subsection.

SEC. 3. ENFORCEMENT AND RELIEF.

    (a) Federal Trade Commission.--The Federal Trade Commission shall 
have the authority--
            (1) to establish personal data guidelines that may be 
        employed by entities to comply with the provisions of this act; 
        and
            (2) to examine and investigate an interactive computer 
        service to determine whether such service has been or is 
        engaged in any act or practice prohibited by this Act.
    (b) Relief.--
            (1) Cease and desist order.--If the Federal Trade 
        Commission determines an interactive computer service has been 
        or is engaged in any act or practice prohibited by this Act, 
        the Commission may issue a cease and desist order as if such 
        service were in violation of section 5 of the Federal Trade 
        Commission Act.
            (2) Civil action.--A subscriber aggrieved by a violation of 
        section 2 may in a civil action obtain appropriate relief.

SEC. 4. RIGHTS AND REMEDIES NOT EXCLUSIVE.

    The rights and remedies provided by this Act are in addition to, 
and not in lieu of, any and all other rights and remedies that may be 
available under Federal or State law.

SEC. 5. DEFINITIONS.

    As used in this Act--
            (1) the term ``interactive computer service'' means any 
        information service that provides computer access to multiple 
        users via modem to the Internet;
            (2) the term ``Internet'' means the international computer 
        network of both Federal and non-Federal interoperable packet 
        switched data networks;
            (3) the term ``personally identifiable information'' has 
        the meaning given such term in section 631 of the 
        Communications Act of 1934 (47 U.S.C. 551);
            (4) the term ``third party'' means, with respect to the 
        disclosure of personally identifiable information provided by a 
        subscriber to an interactive computer service, a person or 
        other entity other than--
                    (A) such service;
                    (B) an employee of such service;
                    (C) an affiliate of such service; or
                    (D) that subscriber to such service.
            (5) the term ``affiliate'' means any company that controls, 
        is controlled by, or is under common control with another 
        company.
                                 <all>