Issues Online


Almost every time we go online, using our computers or mobile devices, each of us produces data in some form. This data may contain only oblique information about who we are and what we are doing, but when enough of it is aggregated, facts about us which we believed were private has the potential to become known to and used by others.

Many people are surprised to learn that data about their online habits, including the web sites and services they visit, are being collected and shared by marketers in order to target advertising. While such targeted advertising may provide more relevant information to consumers on which they can base their purchasing decisions, and while online advertising supports free online content for consumers, the lack of transparency about these practices has led to consumer apprehension and government concern.

As policy makers, regulators and consumer advocates press for significant reforms , there is an urgent need for companies using online technologies to demonstrate that they respect consumers’ right to privacy and their right to control the collection of information about them. Consumers need to feel confident that what is happening online is being done for them and not to them.


  • There is no across-the-board privacy law in the United States.

Instead, the U.S. has a “sectoral” approach comprised of multiple statutes that aim to protect privacy in specific industries. Accordingly, persons or entities that collect, use, share and or/retain personal information are subject to various privacy laws at both federal and state levels, including those that apply based on the nature of the data involved, such as financial, health or children’s data.

Section 5 of the Federal Trade Commission (FTC) Act, 15 U.S.C. § 45(a), prohibits and makes unlawful “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce.” The FTC enforces against companies that make privacy promises in privacy policies, but fail to keep those promises. That is, the companies collect, use, share or retain personal information in a way that is inconsistent with the representations they made in their privacy policies. The FTC has also enforced against companies whose privacy policies do not adequately inform consumers about the company’s actual practices.

  • There is a range of various federal laws governing the privacy of specific kinds of personal information.

The federal Health Insurance Portability and Accountability Act (HIPAA) governing health data collected by covered entities, the Gramm-Leach-Bliley Act (GLBA) covering financial data, and the Children’s Online Privacy Protection Act (COPPA) covering data collected by children under 13 are examples of laws applicable to specific kinds of data.

  • In addition to law enacted at the federal level, states also have privacy and data security laws.

Most states have so-called “mini-FTC Acts” under which they have authority similar to that of the FTC to take enforcement actions in response to unfair or deceptive trade practices. This could include tracking consumers without proper notice or when a promise has been made not to track consumer behavior. A number of state attorneys general have been vigilant in enforcing against entities collecting personal information from consumers.

Forty-six states also have data security breach notification laws that require entities holding personal data to provide notices in the event of breaches of the security of that data, and those laws apply regardless of how the data may have been collected, meaning that data that is collected is subject to a security breach will trigger notification obligations. Certain states have specific data security obligations, as well.

*This material is not intended as legal advice and may not be relied on as such. It is presented here to outline the privacy laws aimed to protect consumers in the U.S.


Privacy Calendar

9:30 am The Federal Trade commission and Its Section 5 Authority: Prosecutor, Judge, and Jury @ Rayburn House Office Building, Room 2154
The Federal Trade commission and… @ Rayburn House Office Building, Room 2154
Jul 24 @ 9:30 am – 11:00 am
The House Oversight and Government Reform Committee will be holding a hearing on the Federal Trade Commission and its Section 5 authority.
all-day Big Data: A Tool for Inclusion or Exclusion? @ Constitution Center
Big Data: A Tool for Inclusion o… @ Constitution Center
Sep 15 all-day
The Federal Trade Commission will host a public workshop entitled “Big Data: A Tool for Inclusion or Exclusion?” in Washington on September 15, 2014, to [...]
all-day IAPP Privacy Academy and CSA Congress 2014 @ San Jose Convention Center
IAPP Privacy Academy and CSA Con… @ San Jose Convention Center
Sep 17 – Sep 19 all-day
This fall, the International Association of Privacy Professionals (IAPP) and Cloud Security Alliance (CSA) are bringing together the IAPP Privacy Academy and the CSA Congress [...]
6:00 pm Consumer Action’s 43rd Annual Awards Reception @ Google
Consumer Action’s 43rd Annual Aw… @ Google
Oct 21 @ 6:00 pm – 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of [...]
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]

View Calendar