Internet Privacy: Overview and Legislation in the 109th Congress, 1st Session

Introduction
Internet privacy issues encompass several concerns. One is the collection of personally identifiable information (PII) by website operators from visitors to government and commercial websites, or by software that is surreptitiously installed on a user’s computer (“spyware”) and transmits the information to someone else. Another is the monitoring of electronic mail and Web usage by the government or law enforcement officials, employers, or e-mail service providers. Another issue, identity theft, is not an Internet privacy issue per se, but is often debated in the context of whether the Internet makes identity theft more prevalent. For example, Internet-based practices called “phishing” and “pharming” may contribute to identity theft.

This report provides an overview of Internet privacy-related issues and related laws passed in previous Congresses, and discusses legislative activity in the first session of the 109th Congress. Background information on Internet privacy issues is available in an archived CRS Report RL30784, Internet Privacy: An Analysis of Technology and Policy Issues, by Marcia Smith (available from author); and CRS Report RL31289, The Internet and the USA PATRIOT Act: Potential Implications for Electronic Privacy, Security, Commerce, and Government, by Marcia Smith, et al.

Internet: Commercial Website Practices
One aspect of the Internet (“online”) privacy debate focuses on whether industry self regulation or legislation is the best route to assure consumer privacy protection. In particular, consumers appear concerned about the extent to which website operators collect “personally identifiable information” (PII) and share that data with third parties without their knowledge. Although many in Congress and the Clinton Administration preferred industry self regulation, the 105th Congress passed legislation (COPPA, see below) to protect the privacy of children under 13 as they use commercial websites. Many bills have been introduced since that time regarding protection of those not covered by COPPA, but the only legislation that has passed concerns federal government, not commercial, websites.