Data Collection and Privacy

The handling of personal data online is a complex and difficult thing, necessitating the assistance of an online privacy lawyer. Not only for the individual, who may hand over personal information as part of a transaction, but to the website owner, who may not know the duties they are held to. Furthermore, given the value of consumer data as it is traded, collected and sold, there are safeguards, not only to protect unwitting disclosures, but to protect the reasonable privacy of consumers.

To quickly give an example of one of these scenarios is the recent idea that an Internet Service Provider, or ISP, may sell certain information about you to advertisers. However, the kind of information is limited by 47 U.S.C. § 222. That prevents common carriers, like ISPs, from divulging identifying information, such as your name, social security number, phone number or address. What is not protected there is information like app usage, or the websites visited. Thus, an ISP could, under current law, be able to sell some “less protected” data, like app usage and website usage, without your consent. However, this varies by the ISP and their terms of service, as some programs that collect and sell data may require an individual opt out, after being automatically enrolled. Others may simply automatically imply consent to the collection and sale of data due to use of their services.

However, this is just one example. The Federal Trade Commission (“FTC”) has other measures in place. The FTC has the power to sanction a website if it fails to adhere to its own articulated privacy policy under the FTC’s broad mandate to regulated “unfair and deceptive acts and practices.” Also, a consumer who has provided data pursuant to a website’s privacy policy may also file a complaint for breach of contract if the website fails to adhere to the guidelines of its own privacy policy.

The FTC also requires that anyone who maintains a commercial website follow its five core privacy protection principles:

  • the website must provide notice to consumers about how the website uses personal information;
  • the website must offer a choice as to how such information is used;
  • the website must provide consumers access to the information that is compiled on them;
  • the website must ensure that the information is secure;
  • the website must provide a mechanism by which users can enforce these principles.

Regarding all five of these principles, an online privacy lawyer may assist an individual through drafting online privacy policies, and guiding a website owner towards the various options, protection methods, standards of care and repercussions.

For children’s data online, there is the Children’s Online Privacy Protection Act (“COPPA”). COPPA is a federal act that requires a website to post a privacy policy statement and forbids the collection of personally identifiable information from any person under the age of 13 without parental consent.

In addition, the Gramm-Leach-Bliley Act (“GLBA”) requires financial institutions (i.e., companies which provide consumers with financial products or services such as loans, financial or investment advice, or insurance) to explain their information-sharing practices and to safeguard sensitive data. Stated otherwise, GLBA regulates the privacy practices of financial institutions and requires them to permit their consumers to opt out of the disclosure of personal information.

Furthermore, medical information is subject to protection from disclosure under the Health Insurance Portability and Accountability Act (“HIPAA”). The HIPAA privacy rule provides federal protections for personal health information held by covered entities and gives patients certain and cognizable rights with respect to that information. Also, the privacy rule is balanced in order to allow the disclosure of personal health information that is necessary for patient care and other related purposes.

Regarding California specifically, it grants certain protections to its residents as well. The California Online Privacy Protection Act (“OPPA”) requires the operators of commercial websites which collect personally identifiable information from California's residents to conspicuously post and comply with a privacy policy which meets certain requirements that can be detailed by an online privacy lawyer. OPPA is codified under Business & Professions Code §§ 22575-22579.

The State of California has passed other privacy measures, such as the “Shine the Light” law, which requires a website to inform its users of the third-parties wherein the website shares its users personally identifiable information. This law is also referred to as SB 27, and is codified under section 1798.83 of the California Civil Code.

The international community has also participated in the enactment of laws related to online privacy. For example, the European Union adopted a Data Protection Directive in 1995 which requires websites which gather personal information to attain clear consent from their customers. Also, on January 25, 2012, the European Commission proposed a comprehensive reform of the European Union’s 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Please click here to read more about the European Commission’s recent activities.

Due to the ever-increasing complexity between online privacy measures, and the increased globalization resulting from the internet, an online privacy attorney is a necessity. In order to speak with an attorney, you may contact us online or call 310-694-3034 for an initial consultation.