Draft US privacy Bill weak on data protection plans

A draft data protection Bill has drawn criticism from all sides

A draft US Bill that contains proposals for regulating online data protection policies and increasing web users' privacy has been criticised for not going far enough and potentially harming buinesses.

The 27-page document (PDF) that soon may be debated in Congress has been put forward by Democrat Rich Boucher and Republican Cliff Stearns.

However, while data privacy groups have long requested tighter data privacy legislation, they argue that the draft Bill does not go far enough.

The proposals have also been criticised by free market endorsers, who believe that the regulations could harm businesses.

"The draft will not make any substantive changes to the policies that most online companies already have. It's unlikely to have a major effect," said Gartner analyst Andrew Frank.

"The draft Bill reinforces the idea that consumers have to take an active role and opt out if they want to participate in online sites. Privacy protections are not installed by default."

However, Frank added that the issue is a difficult one for politicians to deal with as they have to balance user privacy with the "economic value of data ".

"The draft indicates that, when it comes to policing privacy, the public's reaction is a more powerful response than the political system response. So it's a little bit of a self-regulating system at the moment," he said.

Under the new bi-partisan proposals, companies that collect information from consumers cannot disclose that information without consent.

This consent can be given when a consumer signs a company's privacy policy if a clause in the policy outlines how their data will be used.

However, third-party advertising networks remain an exception, and will be allowed to continue to work on the opt-out consent model.

The draft legislation also states that companies can collect information about web users unless they affirmatively opt out of the collection, although they need opt-in consent to collect sensitive information, such as medical or financial records.