July 20, 2018

Maintaining Privacy in the Digital Age

by Lesley Armour, Kooperman Mentel Ferguson Yaross

The conversation about privacy and the internet has gone viral. As a consumer, this issue may be on your mind with the recent news of Facebook and Cambridge Analytica. As a business owner, you may be receiving more questions than normal about your business’s data practices and you may be wondering what, if anything, you should be doing.

Current privacy regulation concerns the online collection and use of data and seeks to address how businesses communicate their own methods to their consumers. This is typically communicated through a privacy policy, and all businesses that operate a website should have one. The privacy policy must be transparent about what information the company collects and how it is used. And, if the website sells products or services, the privacy policy should be unambiguously consented to any time purchases are made. Companies that fail to clearly communicate their collection and use can be subjected to unfair and deceptive trade practices claims before the Federal Trade Commission. In cases where violations have been found, some companies have received six figure fines.

The privacy policy should also address how a business complies with applicable privacy regulations. Because websites operate without borders, they subject businesses to regulation in a variety of jurisdictions. As a result, businesses must be vigilant in understanding their consumer demographics. This can easily be accomplished by reviewing website analytics and is important to ensuring compliance with various regulations. For example:

  • The Children’s Online Privacy Protection Act is a federal regulation that regulates what information companies can collect online from children under the age of 13, and establishes parameters for parental consent.
  • The California Consumer Privacy Act, passed on June 28 and taking effect on Jan. 1, 2020, gives expansive control to California residents over their personal data that is shared online. This Act is one of many pieces of legislation passed in California over the past 15 years to address privacy rights and concerns raised by increased internet usage, such as the updates to the California Business and Professional Code, made in 2003, that set forth requirements for privacy policy disclosures and accessibility of privacy policies.
  • The General Data Protection Regulation took effect in the European Union in May. The GDPR extends protections to all European Union residents. It limits the instances in which personal data can be collected, distinguishes between data controllers and processors and enumerates the rights of the data subjects, among other things. Because this law took effect recently, there is uncertainty in how the GDPR will be policed and enforced. Nevertheless, it is important to know that the penalties for non-compliance are high.

The above is not a comprehensive list of all the laws that have been enacted to protect consumer privacy. Several states have legislation pending to address these issues and extend similar protections to residents. Because privacy regulations exist at the federal, state and international level, all businesses operating a website should consult with an attorney to ensure their businesses are in compliance and are adequately protected against any consumer privacy claims