The problem: On many web sites, visitors are asked to provide personal information; but there is no certainty where such information goes or who gets it. There are few assurances that information you give won't wind up on a public database for the world to use. Although it is possible to refuse to give out any personal information at all, some web sites will not permit you to view some pages or access some services without giving identifying information--and the surfer is thus faced with the difficult choice of whether to pass up the information or services he seeks, or place his personal information at the mercy of an unknown webmaster.
The proposal: "Any Web publisher that collects personal information from its visitors should have to post a policy stating what data is gathered, how it is used, and whether it will be shared with another party."
keeps this site and its author alive.
It would not do to create laws which limit which information can be requested--our relationships with each other on the web have different needs. We've all been asked questions about which we wondered on the relevance: why do they need to know that? But sometimes the information is relevant in ways we will never know, such as defining customer demographics and providing better long-term customer service. No, the Internet is about the transfer of information, and we must tread carefully when we suggest that certain information should not be transferred.
Nor would it be appropriate to limit what collected information can be published. Some of us place information about ourselves in plain view on web pages; others are too paranoid even to have a web page, lest someone should discover in what country we live by tracing our ISP. The question of what you would permit to have published about yourself is one which can be answered only by you, and legislation which forbade the publication of any types of information would be viewed as too restrictive by some, and too permissive by others.
And because of the variety of our natures and our relationships, it would be inappropriate to limit what can be done with the information collected. When you fill out a form with boxes that identify your interests, of course the purpose is to enable the company to target advertising which will be of value to you; if they ask if they can send you "information about products within your interests", they mean can we sell your information as part of a mailing list. But some of us don't mind that at all; some of us would like to be moved onto the mailing lists of companies who are going to compete for our business by offering us discounts and deals on the products we use most--and others don't even post to news groups, because we don't want anyone to have our e-mail address without our permission. I have one relative who rebuked me for including his name as a carbon recipient on an e-mail sent to several people unknown to him. My address is posted in several places on this web site, and I frequently send it to complete strangers when I compliment their pages.
No, the C-Net proposal is sensible: those who request information should tell us how they will use it. This seems so logical, it may be that we don't need the legislation. There are plenty of points of "netiquette" which over time we all learn. If we all made it our policy not to provide information to any site requesting it which does not reciprocate with a statement of intended use, web page designers would learn to include such a statement on their request forms. The only legislation which is required would be to create a civil action for invasion of privacy if the information is used in any way not consistent with such a statement--in other words, you should be allowed to sue for damages if you submit information to a site, and it is used in a way you didn't authorize.
As an aside, although I suspect that C-Net wouldn't consider your opinion on these laws to be "personal information" (and that's a rather subjective judgment call itself), I notice that they didn't choose to mention what, if anything, they intend to do with the survey information after it's collected.
So, although I'm not sure we need legislation quite as comprehensive as suggested, I voted for it, since the part about requiring the statement is harmless enough, and the important part--creating liability for violation of the terms of such a statement--would flow intrinsically from the creation of that requirement.