Online and digital privacy is a fundamental legal consideration for businesses, website operators, and software developers. Since e-commerce sales aren’t regionally limited, brands and sellers must adhere to state, federal, and even international online privacy laws.
Consumer data is a valuable commodity, but can be highly regulated. In many instances, authorities require companies to implement consumer protection measures. Failure to comply can result in massive, business-crushing fines.
Below, we’ll review some online privacy law basics. If you have questions for an online privacy lawyer, get in touch.
5 PRIVACY PROTECTION PRINCIPALS FOR COMMERCIAL WEBSITES
The Federal Trade Commission requires all commercial websites to:
- Clearly notify users about data collection and use parameters.
- Allow users to opt-out of information-sharing programs.
- Let consumers access data compiled about them.
- Implement reasonable and effective anti-hacking safeguards.
- Conspicuously publish the company’s contact information on the site.
YOU CAN BE FINED FOR BEING HACKED
Yes, the FTC can punish businesses that don’t implement reasonable security safeguards.
Whether or not the FTC will fine a business for being hacked also involves how the site’s security is marketed. Take the Ashley Madison debacle. In 2015, a hack on the Ashley Madison website resulted in 36 million leaked accounts. In response to this massive security breach, the FTC leveled a fine of over 17 million dollars. The website’s biggest mistake was advertising superior security services and promising permanent deletion, and then failing to deliver on either promise.
CAN ISPs AND WEBSITES SELL USER DATA?
Yes, Internet Service Providers can buy and sell user information, but the situation isn’t as dire as some may think. Due to 47 U.S.C. § 222, digital services and ISPs are forbidden from divulging personally identifiable information (social security numbers, phone numbers, names, addresses, etc.) without express permission. App usage stats and other behavioral actions, however, can be tracked and traded.
FOLLOW YOUR PRIVACY POLICY
Some businesses land in legal trouble for shirking their own privacy policies. Using free contracts and agreement templates increases this likelihood tenfold.
Authorities do not look kindly on parties who promise one thing and do another. It’s considered “unfair and deceptive” marketing and flies in the face of federal trade regulations. So, make sure you know precisely what’s in your terms, privacy policies, and EULAs — and make sure you’re complying with what’s stated in your contracts
Note: Private citizens can sue businesses for evading website privacy policies, and these types of cases can balloon into costly, public relations nightmares. Avoid the hassle by enlisting a terms of service and privacy policy lawyer early on.
FEDERAL ONLINE PRIVACY LAWS
Despite many attempts, federal lawmakers have yet to pass a “universal” online privacy law. However, several national statutes do address digital privacy matters for specific groups and information classes. California also has several online privacy rules, to which most stateside companies must adhere.
- Children’s Online Privacy Protection Act (“COPPA”)
- Gramm-Leach-Bliley Act (“GLBA”)
- Health Insurance Portability and Accountability Act (“HIPPA”)
- California Online Privacy Protection Act (“OPPA”) and other state statutes that address privacy concerns.
In addition to state and federal statutes, many commercial websites and platforms must follow international online privacy measures, like the European Union’s Data Protection Directive, the General Data Protection Regulation, and the United Kingdom’s so-called “Cookie Law.”
CONTACT AN ONLINE PRIVACY LAWYER
An online privacy attorney can review your current policies, agreements, and business procedures to make sure you aren’t leaving yourself open to a compliance action.
To speak with an attorney today, contact us for a consultation.