United States Privacy Laws – Part II

We have briefly discussed some of the state and federal privacy laws that are applicable to consumers and commercial organizations. It is important to understand how personal information is being obtained and distributed by businesses. Personal information is also being obtained and distributed by bad actors – i.e., criminals who gain access to customer information through clandestine methods and sell the information for profit. This information can be extracted by using cookies which is a software program that records the customer’s activities when visiting the website. Yet, a computer can be configured to not automatically accept cookies. Tracking software is being used to follow and monitor the customer’s online activities. The Federal Trade Commission, which has the authority to bring legal action for unfair or deceptive trade practices affecting commerce, has prosecuted companies for their failure to properly disclose this information.

What are the federal privacy laws?

The Federal Constitution has implicitly granted privacy rights. The Fourth Amendment prohibits unreasonable searches and seizures. There has been a series of legal cases that have dealt with this provision in order to determine the definition of unreasonable searches and seizures. However, some courts have held website monitoring programs that may reveal Internet Protocol or electronic mail addresses do not implicate the Fourth Amendment. The federal privacy laws that have been promulgate by the federal government include: (1) Driver’s Privacy Protection Act; (2) Electronic Communications Privacy Act; (3) Family Educational Rights and Privacy Act; (4) Fair Credit Reporting Act; (5) Fair Debt Collection Practices Act; (6) Federal Privacy Act; (7) Financial Services Modernization Act a/k/a “Gramm-Leach Bliley Act;” and (8) Video Privacy Protection Act which grants consumers the right to opt-out from disclosure of their personal information and file a legal action if their rights are violated. Also, the Federal Identity Theft and Assumption Deterrence Act prohibits the production and possession of false or unauthorized documents or the usage of another person’s identity.

The United States Privacy Act of 1974 has enumerated the following rights: (1) the right to access and copy any information held by government agencies; (2) the right to correct errors in that information; (3) the government agencies should collect and store minimal information; (4) the right to restrict access to information on a need to know basis; and (5) the right to restrict information sharing between federal and non-federal agencies.

The Federal Trade Commission has taken the initiative to promote privacy in all industries. It has outlined the principles and guidelines to reach this objective. It has prosecuted commercial organizations for not adhering to their privacy policies. It ensures that websites properly update their privacy policies on a regular basis to keep up with technology and comply with their own terms and conditions.

What are the state privacy laws?

The California Constitution grants an inalienable right to pursue and obtain privacy. As such, privacy rights are part of fundamental principles granted to the citizens. Therefore, the rules (e.g., Penal Code 1546, et seq.) require the government to obtain a search warrant prior to accessing data on an electronic communication device. California has passed several rules to protect online privacy. For example, it has passed the following laws: (1) Anti-Phishing Act that prohibits phishing attacks; (2) Anti-computer spyware laws under Business and Professions Code 22947; (3) Anti-cyberbullying laws that prohibit cyberbullying or sexual harassment, hate violence, harassment, or intimidation under Education Code 32261; (4) Anti-cyber exploitation laws that prohibit revenge porn under Penal Code 502, 647, 647.8, 786, and Civil Code 1708.85.

The California Consumer Privacy Act (“CCPA”) grants consumers the right to access, delete, and opt-out of data processing at any time. However, unlike the GDPR, it does not grant the right to correct errors in personal information. It also requires a privacy notice be posted on websites in order to inform the consumers about their opt-out rights.

It’s important to know your legal rights and responsibilities when it comes to privacy laws. Please contact our law firm to speak with an internet privacy attorney at your earliest convenience.