[Blogmeister’s Note: CommLawBlog.com welcomes guest blogger Catherine McCullough, principal of Meadowbrook Strategic Government Relations, a D.C. lobbying firm. We are pleased that Catherine has agreed to share with our readers some insight into communications-related issues pending before Congress.]

Does your business gather data about your audience – especially online? If you are thinking of engaging in behavioral advertising – widely considered the future of the industry – you should know about two new pieces of legislation in Congress that would affect the way you gather, store, and utilize the consumer data that advertisers so desire.

Yes, the long-anticipated online consumer privacy laws are coming.

Congress has repeatedly considered new consumer privacy bills for much of the last decade. But only since the 111th Congress began have all political elements necessary for passage existed at the same time: Democratic control of both houses of Congress; a supportive White House; and a new Chairman of the Senate Commerce Committee who is not afraid to make his voice heard on consumer protection.

And thanks to a new technology on the scene, there is an additional element essential to all political dramas: a bad guy. Public, meet your new enemy: Deep Packet Inspection.

(At the risk of getting too technical: Deep Packet Inspection is the process by which Internet service providers can probe around in the contents of data packets passing through their systems.  When a file – whether it’s a web page, or an email, or a video, or whatever – is sent from Point A to Point B on the Internet, it first gets organized into “packets” which are then sent on their way to their common destination.  Those packets don’t necessarily all travel the same path through the myriad interlinked computer systems which comprise the Internet.  For purposes of getting them all to the same place, the intervening systems need to know only the intended destination and a few other factoids relating to routing.  The particular contents of the packets ordinarily do not come into play in the transmission.  Deep Packet Inspection, however, permits detailed analysis of those contents, thus affording inquiring minds access to information which would ordinarily be thought to be private.)

There is concern that this technology is too much of a temptation for those who gather and utilize consumer data. But the bills being written don’t restrict themselves to dealing only with this “extreme” type of tracking. They apply to most companies that store and use data. Here is how the legislation breaks down:

Two online privacy bills are now in different stages of development in the House. The first is being written by Rep. Rick Boucher (D-VA-9th), Chairman of the Energy and Commerce Subcommittee on Communications, Technology and the Internet, one of two House subcommittees with jurisdiction over the issue.  Boucher reportedly is working with his Republican counterpart, Cliff Stearns (R-FL-6th), on language that would: (a) allow Internet sites routinely to collect benign information from consumers unless the consumers affirmatively “opt-out” of such collection; but (b) prohibit the collection of sensitive personal information unless the consumer expressly agreed to such collection by affirmatively “opting-in”. The objective of this approach seems to be to force people to jump through hoops before releasing tracking rights to their sensitive information, because it takes more effort to opt-in than out. In theory, people will therefore make informed choices about who collects the sensitive details of their lives and how they use that information. (But how do we define sensitive, you ask? We’ll have to wait until the bill is introduced to see.)

The second bill has been introduced by Rep. Bobby Rush (D-IL-1st), Chairman of Energy and Commerce’s Subcommittee on Commerce, Trade and Consumer Protection – the other House subcommittee of jurisdiction. Rush’s bill, H.R. 2221, would require the Federal Trade Commission (FTC) to promulgate regulations to secure computerized data containing personal information.   (See the subcommittee hearing on the bill here.) It would be no surprise if the two subcommittees’ bills were to be merged into one piece of legislation regulating online privacy.

If an online privacy bill passes the House, the torch will be passed to the Senate, where Senate Commerce Committee Chairman Rockefeller has made no secret of his consumer-oriented focus. On the one hand, Senator Rockefeller acknowledges the reliance of the news industry on new technology. On the other hand, his Committee position makes him responsible for drafting a law restricting how media profit from the same advertising that supports their news-gathering operations. It is unclear how Senator Rockefeller and others of like mind will resolve this tension.

While the bills will determine the principles of privacy policy, Congress will likely rely on the executive branch to determine important detail. The FCC is already shaping the online landscape as it writes its National Broadband Plan and takes its public stand on “network neutrality.” The Federal Trade Commission is deeply involved in behavioral advertising and is beginning to share its thoughts with the FCC as well.  Whether involved in writing online privacy law or executing and enforcing online privacy regulations, all government entities involved are now deciding how they will allow much-needed innovative online-related business to flourish while keeping consumer trust.