CongressLine – Online Privacy Legislation

Carol M. Morrissey has been a Legislative Specialist in Washington, D.C. for 15 years. She is a lawyer and legislative expert, and has authored a Congressional update column for since 1996.

Visit CongressLine Links for regular updates on legislative issues in the News.

Visit the LLRX Resource Center on Federal & State Legislation. It p rovides links to State & Federal resources on legislation and legislative issues as well as to: non-government political information sources; government reports; fee-based online legislative services; and quick access to previous CongressLine Columns.

Privacy is a hot button issue for the 107th Congress – it’s the subject du jour of online seminars and conferences, as well as the basis of wild speculation. About a dozen online privacy bills have been introduced so far this Congress, with no ensuing significant action on any of the measures. The public is demanding to know: When will Congress move on the subject of privacy?

Every House and Senate committee and subcommittee with jurisdiction over the issue of online privacy has duly placed it on the agenda. Sen. Burns (R-MO, Chairman of the Communications subcommittee of the Senate Commerce committee) included privacy among his Tech 7 released on Feb. 7, 2001. The Senate Judiciary Committee likewise released its E-Commerce and Intellectual Property Agenda and Internet Privacy Protection is the second item. Rep. Tauzin (R-AL) Chairman of the House Committee on Energy and Commerce has placed privacy prominently in his issues line-up. The Energy and Commerce subcommittee on Commerce, Trade and Consumer Protection, chaired by Rep. Stearns (R-FL), plans to hold several hearings on privacy, beginning with a hearing in March on Privacy in the Commercial World. These are all signs of “movement” when an issue as high profile and sensitive as online privacy is involved. (For the text of the “Tech 7”, please go to: The Senate Judiciary agenda can be accessed at:

Leahy Amendment

The first significant test for online privacy may actually occur on the Senate floor during the debate on S. 420, the bankruptcy bill. Sen. Leahy (D-VT) has stated that he will introduce an amendment, the Privacy Policy Enforcement in Bankruptcy Act, to require businesses in bankruptcy to allow customers to opt-out of the sale of their personal information to third parties. The amendment follows some of the recommendations from a study released in January of 2001 by the U.S. Treasury, U.S. Department of Justice and the Office of Management and Budget entitled, Study of Financial Privacy and Bankruptcy. (The U.S. Treasury press release on the study can be found at: and the text of the study including appendices is at – scroll down to Jan. 2001.)

Protection of Social Security Numbers

The unauthorized disclosure of Social Security numbers in the online environment is a major concern among privacy advocates. This session, Rep. Frelinghuysen (R-NJ) introduced a series of privacy based legislation. H.R. 91, the Social Security Online privacy Protection Act, requires web-site operators to obtain consent prior to disclosing Social Security numbers or other personally identifiable information to third parties. (The text of H.R. 91.) Sen. Shelby (R-AL) introduced the Social Security Privacy Act of 2001, S. 324, which prohibits financial institutions from selling or purchasing Social Security information. S. 324 would amend the Gramm-Leach-Bliley Act (P.L.106-102) to include Social Security numbers in the definition of “nonpublic personal information.” (The text of the press release on S.324 can be found at: and the text of S. 324.)

Sen. Sarbanes (D-MD) has also introduced legislation which targets financial institutions. S. 30, the Financial Information Privacy Protection Act of 2001 requires financial institutions to obtain consent prior to sharing personal customer information with affiliates. This bill was introduced in the 106th Congress as S. 187. (The text of S. 30.)


To address the issue of information collection practices and consumer notice, Reps. Eshoo (D-CA) and Cannon (R-UT) have introduced the Consumer Internet Privacy Enhancement Act, H.R. 237. The bill requires web site operators to fully disclose their information collection practices concerning personally identifiable information. H.R. 237 looks beyond the basics and provides a safe harbor for web-sites in compliance with the self-regulation polices adopted by the Federal Trade Commission (FTC). (The press release for H.R. 237 can be accessed at: The text of H.R. 237.)

Rep. Green (R-TX) has introduced his own notice bill, aimed more at the tracking of consumer information by “web cookies.” H.R. 347, the Consumer Online Privacy and Disclosure Act requires that a consumer “opt-in” before a tracking device can be attached to their personal information. The press release for H.R. 347 is at: (click on news & views, press release dated 2/2/01) and the bill text can be found at here.)

Rep. Frelinghuysen (R-NJ) has also introduced privacy legislation involving notice. H.R. 89, the Online Privacy Protection Act of 2001, authorizes the FTC to promulgate guidelines to protect the privacy of adults and children over 12 and requires web-sites to provide users with notice concerning the collection and dissemination of personal information. (The text of H.R. 89.)

Information Tracking

Another area targeted by legislators is the computer software that can track the movements or habits of Internet users or “spyware.” Sen. Edwards (D-NC) has reintroduced the Spyware Control and Privacy Protection Act (it was introduced in the 106th Congress as S. 3180). S. 197 would require the software providers of spyware to provide “clear and conspicuous written notice” to a consumer who purchases or downloads their product of its tracking abilities. (For the text of the press release on S. 197, please go to: and the bill text is here.)

In the same vein, Rep. Holt (D-NJ) has introduced the Electronic Privacy Protection Act of 2001. H.R. 112 requires the FTC to promulgate regulations banning the production, distribution, sale and installation of tracking programs which do not provide notice to the consumer. (Please see the text of H.R. 112 here.)


Reps. Wilson (R-NM) and Green (R-TX) have both introduced legislation on unsolicited electronic mail, otherwise known as “spam.” H.R. 95, the Unsolicited Commercial Electronic Mail Act of 2001 provides that all unsolicited electronic mail must have a valid e-mail address in the identifier field and makes it unlawful for unsolicited mail to be sent to a consumer who has chosen to “opt-out” of further communications from that source. (The text of H.R. 95 is here.) H.R. 718, introduced by Rep. Wilson and cosponsored by Rep. Green, is similar to H.R. 3113 which passed the House in the 106th Congress, but died in the Senate. The Unsolicited Commercial Electronic Mail Act of 2001, would apply criminal penalties for unsolicited mail with fraudulent routing information. H.R. 718 would also require a valid return address in the identifier field and the option for the consumer to “opt-out” of further mail. (The text of H.R. 718 is here.)

Rep. Holt (D-NJ) has introduced the Wireless Telephone Spam Protection Act, which would prohibit the transmission of unsolicited commercial messages on wireless systems. H.R. 113 gives consumers the choice of “opting-in” to receive advertisements over their wireless devices, which often have small screens and slow rates of transmission. (The text of H.R. 113 is at:

Privacy Commission

Reps. Hutchinson (R-AK) and Moran (D-VA) have introduced, H.R. 583, the Privacy Commission Act, to create a bipartisan Privacy Protection Commission. The commission would be comprised of 17 members gleaned from both the House and the Senate and two members appointed by the President. The commission would eventually publish a study with recommendations on privacy-related legislation and regulation. (The text of H.R. 583.)

Although many are optimistic that there will be a privacy bill on the President’s desk by the end of the year, I believe that it is still too early to predict. Congress is taking this one slowly, as it wisely should.

Posted in: CongressLine, Cyberlaw Legislation, Privacy