[Congressional Record Volume 148, Number 108 (Thursday, August 1, 2002)]
[Senate]
[Pages S7905-S7907]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. CLELAND:
  S. 2839. A bill to enhance the protection of privacy of children who 
use school or library computers employing Internet content management 
services, and for other purposes; to the Committee on commerce, 
Science, and Transportation.
  Mr. CLELAND. Mr. President, in December 2000, New York Times 
reporter, John Schwartz, wrote ``When Congress passed a new bill last 
week requiring virtually every school and library in the nation to 
install technology to protect minors from adult materials online, it 
created a business opportunity for companies that sell Internet 
filtering systems. . . . some of the filtering companies' business 
plans include tracking students' Web wanderings and selling the data to 
market research firms.'' While I support the use of filtering 
technology in schools and libraries that will be visited by our 
children, this statement alarmed me.
  A month later, the Wall Street Journal reported that the Department 
of Defense was buying information about our school children's Internet 
habits from a filtering company without the knowledge of their parents 
or the school officials. The Defense Department contracted directly 
with the filtering company. As one of our most vulnerable populations, 
I believe it is Congress's duty to act in a manner to ensure families 
knowledge of the information that is collected about our children and 
to restrict the collection of personal information on children. The 
fact that this arrangement could occur without anyone with direct 
responsibility for the children having knowledge of it is a serious 
oversight. We need a solution, and to that end, I am introducing the 
Children's Electronic Access Safety Enhancement, or CEASE Act.
  This legislation is a commonsense approach to dealing with this 
problem in order to ensure our children are protected. The first 
section of the bill requires an Internet filtering government 
contractor to disclose its treatment of collected information to the 
school or library with which it is contracting. Additionally, if 
changes to these policies are made, the filtering company must inform 
the school or library of these changes. If adequate notice is not 
provided, the entity has the option to cancel the contract. Armed with 
such information about the company's practices, the school or library 
officials can make an informed decision of whether it wishes to 
contract with a particular company.
  The Children's Online Privacy Protection Act, COPPA, which passed 
Congress and was signed into law in 1998, prohibits the collection of 
personal information about children on commercial websites. In the 
second section of my legislation, a similar COPPA prohibition would 
extend to Internet content management services at schools and 
libraries. If personal information is collected on a child, the 
provider is required to inform the school or library and the Federal 
Trade Commission and to indicate how it will treat this information so 
that it will not be disclosed or distributed. When children go to 
schools and libraries, these environments are supposed to be safe. 
Parents and guardians should not have to worry about how their 
children's personal information may be compromised, especially by a 
company that markets itself to protect children and in some cases 
facilitate learning. I believe my legislation will help put to rest 
such concerns.
  Protecting the privacy of children has been widely supported, as it 
should be. When Congress was debating COPPA in 1998, the bill received 
broad support. At a Senate Commerce Committee hearing in September 
1998, Arthur Sackler, representing the Direct Marketing Association, 
DMA stated, ``Although DMA usually supports self-regulation of 
electronic commerce, we believe it may be appropriate to consider 
targeted legislation in this area.'' Kathyrn Montgomery from the Center 
for Media Education stated, ``Children are not little adults. . . . 
Because many young children do not fully understand the concept of 
privacy, they can be quite eager and willing to offer up information 
about themselves and their families when asked. Children also tend to 
be particularly trusting of computers, and thus more open to 
interacting with them.''

  An April 2002 FTC report on the implementation of COPPA draws the 
conclusion that Web sites have generally been able to comply with 
COPPA. That is why I have every hope and expectation that the CEASE Act 
can also be implemented.

[[Page S7906]]

  Given the fact that we have evidence of some Internet content 
management companies already sharing information with outside entities, 
the CEASE Act is timely. If an Internet content management company 
believes it is a good business plan to share information, even in 
aggregate, with outside parties, these companies should not be adverse 
to disclosing this practice with a potential client. And, I believe 
that a number of communities may not wish to allow these practices at 
all because they believe that, as Alex Molnar, a professor at the 
University of Wisconsin at Milwaukee, stated, ``Providing demographic 
information about students to special interests, even in aggregate 
form, is a potential violation of the privacy of children and their 
families.'' Communities with such beliefs should be able to act upon 
them in the best interest of their children, and my legislation 
requires the disclosure that will help make this a reality.
  There is no arguing that the Internet is, and will continue to be, an 
important part of the learning process. Personally, I support wiring 
the schools and libraries in this Nation as rapidly as possible because 
I understand the educational and job opportunities the Internet can 
bring. However, especially for our children, we need to ensure there 
are safeguards. Providing more information and empowering local 
officials to make decisions based on this information are good 
policies. As the Nation's children prepare to return to school--schools 
that are more wired now than ever before--I urge my colleagues to 
support the CEASE bill to protect our children.
  There being no objection, the bill was ordered to be printed in the 
Record, as follows:

                                S. 2839

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Children's Electronic Access 
     Safety Enhancement (CEASE) Act''.

     SEC. 2. DISCLOSURE BY INTERNET CONTENT MANAGEMENT SERVICES OF 
                   COLLECTION, USE, AND DISCLOSURE OF INFORMATION 
                   UNDER CONTRACTS FOR SCHOOLS AND LIBRARIES.

       (a) Initial Disclosure of Policies.--
       (1) In general.--A provider of Internet content management 
     services shall, before entering into a contract or other 
     agreement to provide such services to or for an elementary or 
     secondary school or library, notify the local educational 
     agency or other authority with responsibility for the school, 
     or library, as the case may be, of the policies of the 
     provider regarding the collection, use, and disclosure of 
     information from or about children whose Internet use will be 
     covered by such services.
       (2) Elements of notice.--Notice on policies regarding the 
     collection, use, disclosure of information under paragraph 
     (1) shall include information on the following:
       (A) Whether any information will be collected from or about 
     children whose Internet use will be covered by the services 
     in question.
       (B) Whether any information so collected will be stored or 
     otherwise retained by the provider of Internet content 
     management services, and, if so, under what terms and 
     conditions, including a description of how the information 
     will be secured.
       (C) Whether any information so collected will be sold, 
     distributed, or otherwise transferred, and, if so, under what 
     terms and conditions.
       (3) Form of notice.--Any notice under this subsection shall 
     be clear, conspicuous, and designed to be readily 
     understandable by its intended audience.
       (b) Modification of Policies.--
       (1) In general.--A provider of Internet content management 
     services shall, before implementing any material modification 
     of the policies described in subsection (a)(1) under a 
     contract or other agreement with respect to an elementary or 
     secondary school or library, notify the local educational 
     agency or other authority with responsibility for the school, 
     or library, as the case may be, of the proposed modification 
     of the policies.
       (2) Timeliness.--Notice under paragraph (1) shall be 
     provided in sufficient time in advance of the modification 
     covered by the notice to permit the local educational agency 
     or other authority concerned, or library concerned, as the 
     case may be, to evaluate the effects of the modification.
       (c) Regulations.--The Commission shall prescribe 
     regulations for purposes of the administration of this 
     section. The regulations shall include provisions regarding 
     the elements of notice required under subsection (a)(2) and 
     the timeliness of notice under subsection (b)(2).
       (d) Administration.--
       (1) In general.--This section shall be enforced by the 
     Commission under the Federal Trade Commission Act (15 U.S.C. 
     41 et seq.).
       (2) Effect on other laws.--Nothing in this section shall be 
     construed to limit the authority of the Commission under any 
     other provision of law.
       (e) Noncompliance.--
       (1) In general.--The violation of any provision of this 
     section, including the regulations prescribed by the 
     Commission under subsection (c), shall be treated as a 
     violation of a rule defining an unfair or deceptive act or 
     practice prescribed under section 18(a)(1)(B) of the Federal 
     Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
       (2) Termination of contract or agreement.--
       (A) Authority to terminate.--Notwithstanding any provision 
     of a contract or agreement to the contrary, if a provider of 
     Internet content management services for a school or library 
     fails to comply with a policy in a notice under subsection 
     (a), or fails to submit notice of a modification of a policy 
     under subsection (b) in a timely manner, the local 
     educational agency or other authority concerned, or library 
     concerned, may terminate the contract or other agreement with 
     the provider to provide Internet content management services 
     to the school or library, as the case may be.
       (B) Resolution of disputes.--Any dispute under subparagraph 
     (A) regarding the failure of a provider of Internet content 
     management services as described in that subparagraph shall 
     be resolved by the Commission.
       (C) Relationship to other relief.--The authority under this 
     paragraph with respect to noncompliance of a provider of 
     Internet content management services is in addition to the 
     power of the Commission to treat the noncompliance as a 
     violation under paragraph (1).
       (f) Notice to Parents.--A school or library shall provide 
     reasonable notice of the policies of an Internet content 
     management service provider used by that school or library to 
     parents of students, or patrons of the library, as the case 
     may be.

     SEC. 3. COLLECTION OF PERSONAL INFORMATION ABOUT CERTAIN 
                   OLDER CHILDREN BY PROVIDERS OF INTERNET CONTENT 
                   MANAGEMENT SERVICES TO SCHOOLS AND LIBRARIES.

       (a) Prohibition.--A provider of Internet content management 
     services to or for an elementary or secondary school or 
     library may not collect through such services personal 
     information from or about a child who is a student at that 
     school or a user of that library.
       (b) Responsibilities Upon Collection.--
       (1) In general.--If a provider of Internet content 
     management services to or for an elementary or secondary 
     school or library collects through such services personal 
     information from or about a child who is a student at that 
     school or a user of that library, the provider shall--
       (A) provide prompt notice of such collection--
       (i) to either--

       (I) the local educational agency or other authority with 
     responsibility for the school and appropriate officials of 
     the State in which the school is located; or
       (II) the library; and

       (ii) to the Federal Trade Commission; and
       (B) take appropriate actions to treat the personal 
     information--
       (i) in a manner consistent with the provisions of the 
     Children's Online Privacy Protection Act of 1998 (15 U.S.C. 
     6501 et seq.) if the personal information was collected from 
     a child as defined in section 1302(1) of that Act; or
       (ii) in a similar manner, under regulations prescribed by 
     the Commission, if the personal information was collected 
     from a child over the age of 12.
       (2) Elements of notice.--Notice of the collection of 
     personal information by a provider of Internet content 
     management services under paragraph (1)(A) shall include the 
     following:
       (A) A description of the personal information so collected.
       (B) A description of the actions taken by the provider with 
     respect to such personal information under paragraph (1)(B).
       (c) Response to Notice.--A local educational agency or 
     other authority, or library, receiving notice under 
     subsection (b) with respect to a covered child shall take 
     appropriate actions to notify a parent or guardian of the 
     child of receipt of such notice.

     SEC. 4. APPLICATION OF COPPA.

       Section 1302 of the Children's Online Privacy Protection 
     Act of 1998 (15 U.S.C. 6501) is amended by adding at the end 
     the following:
       ``(13) Provider of internet content management services 
     treated as operator.--The term `operator' includes a provider 
     of Internet content management services (as defined in 
     section 5(4) of the Children's Electronic Access Safety 
     Enhancement Act) who collects or maintains personal 
     information from or about the users of those services, or on 
     whose behalf such information is collected or maintained, if 
     those services are provided for commercial purposes involving 
     commerce described in paragraph (2)(A)(i), (ii), or (iii).''.

     SEC. 5. DEFINITIONS.

       In this Act:
       (1) Commission.--The term ``Commission'' means the Federal 
     Trade Commission.
       (2) Child.--Except as provided in section 3(b)(1)(B), the 
     term ``child'' means an individual who is less than 19 years 
     of age.
       (3) Personal information.--The term ``personal 
     information'' has the meaning given that term in section 
     1301(8) of the Children's Online Privacy Protection Act of 
     1998 (15 U.S.C. 6501(8)).
       (4) Provider of internet content management services.--The 
     term ``provider of

[[Page S7907]]

     Internet content management services'' includes a provider of 
     Internet content management software if such software 
     operates, in whole or in part, by or through an Internet 
     connection or otherwise provides information on users of such 
     software to the provider by the Internet or other means.
                                 ______