Disclaimer: This blog is for general information purposes only and does not constitute legal advice and does not create or intend to create an attorney-client relationship. This blog post should never be used to replace the advice of your personal attorney.
The main goal of internet privacy laws is to regulate the use of personal data; these laws dictate how companies collect, store, and distribute customers’ data. In the United States, internet privacy laws exist at both the federal and state level, although not all states have passed such laws. Companies operating outside the U.S. must comply with international laws.One example is the General Data Protection Regulation (GDPR). If you wish to operate in the European Union, you need to comply with the GDPR.
What Does Privacy Mean in This Context?
Knowing what legislation exists to protect privacy isn’t enough. To remain compliant, you must understand what “privacy” means. When discussing online protection laws, privacy entails either:
- Personally identifiable information (PII). PII points to a specific person. A person’s name, address, or social security number serve as some examples.
- Non-personally identifiable information (non-PII). Information relating to consumer behavior. Amazon, Google, and most social media platforms use this type of data to tailor adverts.
Privacy advocates hope to expand on the definition of PII and want data such as location to be included. Various apps store location information, making it easy to track a person. And, ominously for privacy advocates, consumers rarely know this is happening.
Internet and Traditional Privacy
There are two primary types of privacy: internet privacy and traditional privacy. Internet privacy deals with consumer protection online. Traditional privacy primarily includes three aspects— space, autonomy and information.
- Space: People expect privacy in and safeguards relating to their personal space, particularly their homes, but also, albeit to a lesser extent, in their vehicles.
- Autonomy: People expect the government to respect their freedom. They should not make decisions concerning a person’s body or way of life. Of course, these decisions must remain within the boundaries of the law. The landmark case of Roe v. Wade looks at this particular rule.
- Information: This area involves privacy of personal information and identifiers and user information from a variety of sources, including the internet. There are both federal and state laws designed to protect information privacy.
Privacy has been a fundamental right and desire from the beginning, but the development of the internet created far-reaching changes and challenges. Government has needed to respond and adapt to these changes and challenges.
Internet Privacy Laws You Should Know About
There isn’t a single data privacy law in the United States at present, rather, there is a mix of federal and state laws. The most important among them include:
- Fair Credit Reporting Act (FCRA)
- Electronic Communications Privacy Act (ECPA)
- Computer Fraud and Abuse Act (CFAA)
- Children’s Online Privacy Protection Act (COPPA)
- Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam)
- Financial Services Modernization Act (GLBA)
- Fair and Accurate Credit Transactions Act (FACTA)
As mentioned above, companies operating outside the U.S. must comply with international laws, including the fairly comprehensive and stringent EU regulations.
The Dangers to Data Privacy
Cybersecurity is a complicated business since to mention just one thing the internet is always evolving. New laws try to deal with pressing or new threats, but an ongoing commitment to cybersecurity is required.
If you run a company, especially one with an online presence, you should be familiar with the laws (legislative acts) listed in the section above.
When a device connects to a network, it gets an I.P. Address. This chain of numbers is unique to the device. It helps to identify the user’s interface and their location. Companies can collect the I.P. addresses of users using their services. The chain of numbers on its own can only provide a rough location, however, when paired with other information, a consumer profile can be generated. Some jurisdictions treat I.P. addresses as personal information, but generally only if a company can learn a customer’s street address and name. Consumers who don’t want to rely on a company to protect their security can take their privacy into their own hands with a Virtual Private Network (VPN).
When you enter a website, you’ll notice a message, typically at the bottom of the screen. This message is asking for your approval for the website to use tracking cookies. It is possible to deny the request and still use the web page.
Some service providers go to great lengths to gather consumers’ information. One such method is the use of device fingerprinting. Device fingerprinting uses an algorithm to collect data and often can determine what operating system the device is using, what web browser, and the I.P. address. Counteracting or preventing device fingerprinting is challenging for most consumers.
Search engines like Google can easily track their users. Accessing the consumer’s search terms is just a small part of what they can do; they can log the I.P. address, device information, and account information. Data collection isn’t the only problem; for example, some companies store the data longer than they need to, increasing the extent of data breaches. Many search engines have terms which provide that by using the search engine, you permit it to gather your private data; accordingly, when you perform a search you automatically are providing your information. Fortunately, there are search engines designed with a focus on privacy, including:
- Tor Browser (The Onion Router)
- Search Encrypt
All of these offer an anonymous alternative to Google Search. You might need a few moments to adapt to the interface and the way it works, but if privacy protection is a concern to you, the effort will be worth it.
Cookies are not the only method by which websites track consumers. Third-party requests are another well-known measure. Often, consumers will see an advertisement that meets a recent search they have done. That search data has been gathered by a third-party, who then used it to tailor an advertisement. The request can leave the consumer’s personal information vulnerable. Many modern browsers allow users to block such requests. If yours can, you will find it in the settings. If not, check the app store for an extension that does the same. You should only install extensions that come from legitimate sources.
Smartphone technology has made photography an everyday activity for a large percentage of the population, and sharing photographs online is effortless and seemingly omnipresent. However, some people in the billions of photos being shared may not want the public to have access to them..
It’s no secret that social media platforms such as Facebook, Instagram, and Snapchat gather information. These platforms scan user activity such as “likes” and messages and then use that data for their own means, such as to tailor advertisements , among other things. Naturally, this raises some concerns: what’s to stop them from selling consumer data? Facebook has been a defendant in a case involving such sales. The case claims Facebook violated California’s privacy law by making such data sales. Social media platforms are always looking for new ways to make money and have oceans of data to sell. Privacy laws have a hard time catching up with what they are doing. When it comes to social media, there’s only one way to avoid compromising your personal information. Don’t use them.
Internet Service Providers
Many people rely on an Internet Service Provider (ISP). Without one, we would not be able to gain access to the internet. However, that means they can see everything you do on the internet. Data collection could not be easier for them. Federal laws do regulate how ISPs deal with users’ information. But do you trust your ISP to follow them? Encrypt your personal information. It’s the best way to protect it from your internet service provider.
Luckily, you don’t need any special computer skills to do so. Browsers like Tor or I2P can hide your I.P. address and web traffic information. Read the contract with your ISP carefully before signing. If you feel you won’t be secure, look at other ISP options.
Many other things on the internet pose privacy risks to consumers. Big Data, in particular, has been catching the public eye a lot lately. The term refers to rapid data collection on a massive scale. Digital communication systems give companies access to the personal information of millions, all at the click of a button. Companies use it to analyze consumer behavior, which helps to assess market trends, price optimization, and more. This ability opens the door to potential abuse. Big Data collection is just one example. Other security threats consumers should be cautious of include:
- Cross-device tracking
- Social engineering
- Using out-of-date software
- Weak passwords
Protecting your personal information against these threats is vital. Keep your apps and hardware updated. Follow advice about consumer behavior and account protection. Take measures to keep yourself safe, as you would outside in the world.
If your company has an extensive web presence, consumers need to trust you. Contact TCPA Protect for assistance with tailoring your web presence to increase consumer trust and goodwill.