Issues Online


Almost every time we go online, using our computers or mobile devices, each of us produces data in some form. This data may contain only oblique information about who we are and what we are doing, but when enough of it is aggregated, facts about us which we believed were private has the potential to become known to and used by others.

Many people are surprised to learn that data about their online habits, including the web sites and services they visit, are being collected and shared by marketers in order to target advertising. While such targeted advertising may provide more relevant information to consumers on which they can base their purchasing decisions, and while online advertising supports free online content for consumers, the lack of transparency about these practices has led to consumer apprehension and government concern.

As policy makers, regulators and consumer advocates press for significant reforms , there is an urgent need for companies using online technologies to demonstrate that they respect consumers’ right to privacy and their right to control the collection of information about them. Consumers need to feel confident that what is happening online is being done for them and not to them.


  • There is no across-the-board privacy law in the United States.

Instead, the U.S. has a “sectoral” approach comprised of multiple statutes that aim to protect privacy in specific industries. Accordingly, persons or entities that collect, use, share and or/retain personal information are subject to various privacy laws at both federal and state levels, including those that apply based on the nature of the data involved, such as financial, health or children’s data.

Section 5 of the Federal Trade Commission (FTC) Act, 15 U.S.C. § 45(a), prohibits and makes unlawful “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce.” The FTC enforces against companies that make privacy promises in privacy policies, but fail to keep those promises. That is, the companies collect, use, share or retain personal information in a way that is inconsistent with the representations they made in their privacy policies. The FTC has also enforced against companies whose privacy policies do not adequately inform consumers about the company’s actual practices.

  • There is a range of various federal laws governing the privacy of specific kinds of personal information.

The federal Health Insurance Portability and Accountability Act (HIPAA) governing health data collected by covered entities, the Gramm-Leach-Bliley Act (GLBA) covering financial data, and the Children’s Online Privacy Protection Act (COPPA) covering data collected by children under 13 are examples of laws applicable to specific kinds of data.

  • In addition to law enacted at the federal level, states also have privacy and data security laws.

Most states have so-called “mini-FTC Acts” under which they have authority similar to that of the FTC to take enforcement actions in response to unfair or deceptive trade practices. This could include tracking consumers without proper notice or when a promise has been made not to track consumer behavior. A number of state attorneys general have been vigilant in enforcing against entities collecting personal information from consumers.

Forty-six states also have data security breach notification laws that require entities holding personal data to provide notices in the event of breaches of the security of that data, and those laws apply regardless of how the data may have been collected, meaning that data that is collected is subject to a security breach will trigger notification obligations. Certain states have specific data security obligations, as well.

*This material is not intended as legal advice and may not be relied on as such. It is presented here to outline the privacy laws aimed to protect consumers in the U.S.


Privacy Calendar

9:00 am The Privacy Act @40: A Celebrati... @ Georgetown Law
The Privacy Act @40: A Celebrati... @ Georgetown Law
Oct 30 @ 9:00 am – 5:30 pm
The Privacy Act @40 A Celebration and Appraisal on the 40th Anniversary of the Privacy Act and the 1974 Amendments to the Freedom of Information Act October 30, 2014 Agenda 9 – 9:15 a.m. Welcome[...]
all-day George Washington Law Review 201... @ George Washington University Law School
George Washington Law Review 201... @ George Washington University Law School
Nov 7 – Nov 8 all-day
Save the date for the GW Law Review‘s Annual Symposium, The FTC at 100: Centennial Commemorations and Proposals for Progress, which will be held on Saturday, November 8, 2014, in Washington, DC. This year’s symposium, hosted in[...]
10:15 am You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
Nov 11 @ 10:15 am
EFF Staff Attorney Hanni Fakhoury will present twice at the Oregon Criminal Defense Lawyers Association’s Annual Sunny Climate Seminar. He will give a presentation on government location tracking issues and then participate in a panel[...]
all-day PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
Nov 12 all-day
The Privacy and Civil Liberties Oversight Board will conduct a public meeting with industry representatives, academics, technologists, government personnel, and members of the advocacy community, on the topic: “Defining Privacy.”   While the Board will[...]
all-day W3C Workshop on Privacy and User... @ Berlin, Germany
W3C Workshop on Privacy and User... @ Berlin, Germany
Nov 20 – Nov 21 all-day
The Workshop on User Centric App Controls intents to further the discussion among stakeholders of the mobile web platform, including researchers, developers and service providers. This workshop serves to investigate strategies toward better privacy protection[...]
all-day IAPP Practical Privacy Series 2014
IAPP Practical Privacy Series 2014
Dec 2 – Dec 3 all-day
Government and FTC and Consumer Privacy return to Washington, DC. For more information, click here.
9:00 am Progress of the EU Data Protecti...
Progress of the EU Data Protecti...
Dec 11 @ 9:00 am
The EU Member States have agreed to conclude the negotiations on the EU Data Protection draft Regulation in 2015. The process will have arrived at a critical point by the end of this year. The[...]

View Calendar