Issues Online


Almost every time we go online, using our computers or mobile devices, each of us produces data in some form. This data may contain only oblique information about who we are and what we are doing, but when enough of it is aggregated, facts about us which we believed were private has the potential to become known to and used by others.

Many people are surprised to learn that data about their online habits, including the web sites and services they visit, are being collected and shared by marketers in order to target advertising. While such targeted advertising may provide more relevant information to consumers on which they can base their purchasing decisions, and while online advertising supports free online content for consumers, the lack of transparency about these practices has led to consumer apprehension and government concern.

As policy makers, regulators and consumer advocates press for significant reforms , there is an urgent need for companies using online technologies to demonstrate that they respect consumers’ right to privacy and their right to control the collection of information about them. Consumers need to feel confident that what is happening online is being done for them and not to them.


  • There is no across-the-board privacy law in the United States.

Instead, the U.S. has a “sectoral” approach comprised of multiple statutes that aim to protect privacy in specific industries. Accordingly, persons or entities that collect, use, share and or/retain personal information are subject to various privacy laws at both federal and state levels, including those that apply based on the nature of the data involved, such as financial, health or children’s data.

Section 5 of the Federal Trade Commission (FTC) Act, 15 U.S.C. § 45(a), prohibits and makes unlawful “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce.” The FTC enforces against companies that make privacy promises in privacy policies, but fail to keep those promises. That is, the companies collect, use, share or retain personal information in a way that is inconsistent with the representations they made in their privacy policies. The FTC has also enforced against companies whose privacy policies do not adequately inform consumers about the company’s actual practices.

  • There is a range of various federal laws governing the privacy of specific kinds of personal information.

The federal Health Insurance Portability and Accountability Act (HIPAA) governing health data collected by covered entities, the Gramm-Leach-Bliley Act (GLBA) covering financial data, and the Children’s Online Privacy Protection Act (COPPA) covering data collected by children under 13 are examples of laws applicable to specific kinds of data.

  • In addition to law enacted at the federal level, states also have privacy and data security laws.

Most states have so-called “mini-FTC Acts” under which they have authority similar to that of the FTC to take enforcement actions in response to unfair or deceptive trade practices. This could include tracking consumers without proper notice or when a promise has been made not to track consumer behavior. A number of state attorneys general have been vigilant in enforcing against entities collecting personal information from consumers.

Forty-six states also have data security breach notification laws that require entities holding personal data to provide notices in the event of breaches of the security of that data, and those laws apply regardless of how the data may have been collected, meaning that data that is collected is subject to a security breach will trigger notification obligations. Certain states have specific data security obligations, as well.

*This material is not intended as legal advice and may not be relied on as such. It is presented here to outline the privacy laws aimed to protect consumers in the U.S.


Privacy Calendar

6:30 pm Behind the Headlines: NSA Surveillance and Ongoing Revelations @ The Washington Post
Behind the Headlines: NSA Survei… @ The Washington Post
Apr 23 @ 6:30 pm – 8:30 pm
Nearly a year after former government contractor Edward Snowden revealed the extent of the NSA’s surveillance system, revelations about the global programs continue to emerge. [...]
all-day 6th Biannual International Surveillance & Society Conference
6th Biannual International Surve…
Apr 24 – Apr 25 all-day
The 6th Biannual International Surveillance & Society conference hosted by the University of Barcelona and supported by the Surveillance Studies Network is currently calling for [...]
12:00 pm Data Privacy in Education: Ensuring Student Security while Encouraging Innovation in K-12 Education @ Rayburn House Office Building, Room B-354
Data Privacy in Education: Ensur… @ Rayburn House Office Building, Room B-354
Apr 24 @ 12:00 pm – 1:00 pm
The Congressional E-Learning Caucus in cooperation with Into and the National Coalition for Technology in Education and Training presents a luncheon to discuss “Data Privacy [...]
all-day IAPP Europe Data Protection Intensive 2014
IAPP Europe Data Protection Inte…
Apr 29 – May 1 all-day
The IAPP Europe Data Protection Intensive features timely programming centred on the top issues impacting the European data protection community, with a focus on addressing [...]
5:30 pm InSecurity: Race, Surveillance and Privacy in the Digital Age @ New America Foundation
InSecurity: Race, Surveillance a… @ New America Foundation
Apr 30 @ 5:30 pm – 7:30 pm
Now more than ever, digital tools sit at a precarious tipping point, and many question whether they will be used to address pre-existing disparities, [...]
all-day IAPP Canada Privacy Symposium 2014
IAPP Canada Privacy Symposium 2014
May 7 – May 9 all-day
The IAPP Canada Privacy Symposium is the leading conference for education, debate and discussion of issues that matter most to Canadian privacy and data protection [...]
all-day Privacy Law Scholars Conference (7th Annual) @ The George Washington School of Law
Privacy Law Scholars Conference … @ The George Washington School of Law
Jun 5 – Jun 6 all-day
  UC Berkeley School of Law and The George Washington University Law School will be holding the seventh annual Privacy Law Scholars Conference (PLSC) on [...]
all-day Computers, Freedom, and Privacy 2014 Conference @ Airlie Center
Computers, Freedom, and Privacy … @ Airlie Center
Jun 8 – Jun 10 all-day
Mark your calendars! The 2014 Computers, Freedom, and Privacy Conference will be held June 8-10 at the Airlie Center in Warrenton, Virginia. The Airlie Center [...]

View Calendar