Kerry, McCain to back online privacy bill

Sens. John KerryJohn Forbes KerryJohn Kerry to NYU Abu Dhabi: We can't address world problems by 'going it alone' Juan Williams: Trump's dangerous lies on Iran Pompeo: US tried, failed to achieve side deal with European allies MORE (D-Mass.) and John McCainJohn Sidney McCainFor .2 billion, taxpayers should get more than Congress’s trial balloons Overnight Defense: Pompeo lays out new Iran terms | Pentagon hints at more aggressive posture against Iran | House, Senate move on defense bill Senate GOP urges Trump administration to work closely with Congress on NAFTA MORE (R-Ariz.) will introduce legislation Tuesday that spells out how companies should handle consumers' personal information both online and offline.

The senators have scheduled a press event Tuesday at the Capitol to unveil The Commercial Privacy Bill of Rights Act of 2011, which "establishes a framework to protect the personal information of all Americans both online and offline." 

Kerry began work on commercial privacy legislation last summer as a companion to complementary efforts under way in the House. Bipartisan momentum for online privacy legislation has been building in recent months, with the Obama administration expressing support last month for the first time.

Aides were reluctant to discuss the details of the bill but, judging from earlier drafts, it will likely outline the basic protections required of all firms that handle consumer data and give the Federal Trade Commission the authority to enforce those expectations. 

While the FTC currently supports a voluntary "opt-out" provision for information-sharing services and targeted online ads from industry, the bill could make the opt-out process mandatory in most instances.

Kerry used the settlement last month of the FTC's complaint against Google for its Buzz privacy breach as an opportunity to stump for his bill, claiming its measures would prevent similar incidents in the future.

The settlement requires Google to implement a comprehensive privacy protection plan, submit to outside privacy audits every two years, and notify customers every time it changes how one of its services shares a user's data.

Kerry and an FTC official both expressed their view that all firms should follow the terms of the settlement, not just Google.