Re: More privacy is good isn't it?
The opt-in requirement is strictly for "sensitive user information", which the bill defines as thus:
(A) Financial information.
(B) Health information.
(C) Information pertaining to children under the age of 13.
(D) Social Security number.
(E) Precise geolocation information.
(F) Content of communications.
(G) Web browsing history, history of usage of a software program (including a mobile application), and the functional equivalents of either.
There's an opt-out requirement for most everything else. An exception to all this is made for "protect[ing] the rights or property of the provider", which stands out to me as one of the iffiest parts, but I'm not a lawyer, so this might be more problematic:
(2) COMMUNICATIONS ACT OF 1934.—Insofar as any provision of the Communications Act of 1934 (47 U.S.C. 151 et seq.) or any regulations promulgated under that Act apply to any person, partnership, or corporation subject to this Act with respect to privacy policies, terms of service, and practices covered by this Act, the provision or regulations shall have no force or effect, unless the regulations pertain to emergency services.
Other than that, it seems pretty straight forward.
(The article links to the last Congress's version, so here's the link to the current bill)