An Explanation of Privacy Laws, Without the Jargon
Online privacy has been in the media spotlight for some time. With all that information out there, it’s hard to tell what’s reliable. That’s why Famigo will be publishing a short series of privacy-related blogs that are written specifically with you and your family in mind.
This first post will provide you with a general overview of online privacy laws and issues along with some helpful resources if you’d like to learn more.
As we see it, there are two problems that anyone trying to understand privacy issues must confront.
- There is a lot of confusion about what information privacy laws actually protect, and
- Privacy laws are changing rapidly as new technologies are introduced. This creates a lot of uncertainty.
Plus, you have to read all these laws to understand them and that takes a rather long time. (And none of them are page-turners.)
Online privacy laws can be broken down into two groups. The first (and generally older) group of laws was designed to protect children from certain kinds of content available on the internet. The second (and generally newer) group of laws was designed to safeguard personal user information that is shared over the internet.
As you read the following information please understand that it is meant simply as a general overview of the privacy law landscape. The actual law is quite complex and always changing.
The First Wave of Privacy Laws:
ELECTRONIC COMMUNICATIONS PRIVACY ACT or ECPA (1986-Present)
As fax machines and emails were increasing in popularity, Congress passed this law primarily to protect consumers from unauthorized wiretaps and to safeguard electronic communications from being read and disclosed by unauthorized recipients.
This law still protects certain communications but is of little use in protecting an array of information that is communicated through means that didn’t exist 26 years ago when the law was enacted – like text messages and personalized homepages on internet browsers.
THE CHILD ONLINE PROTECTION ACT or COPA (1998-2009)
This bill was passed in 1998 but was never enforced because it spent 11 years tied up in litigation over the constitutionality of certain provisions. The bill restricted children’s access to adult content, but was ultimately struck down for violating the 1st and 5th amendments. Specifically, there were concerns about certain provisions infringing on constitutionally protected speech.
CHILDREN’S INTERNET PROTECTION ACT or CIPA (2000-Present)
While COPA was languishing in the courts, congress passed CIPA. This law required libraries and K-12 schools to employ internet filters and other measures to protect children from adult content. This law only applies to institutions that receive certain grants or federal credits (called E-Rate discounts) in order to defray the cost of providing universal internet access. If you’d like to know whether your child’s school is required to comply with CIPA we recommend contacting an IT administrator directly.
The New Wave of Privacy Laws
THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT or COPPA (1998-Present)
The primary goal of COPPA is to put parents in control of what information is collected from their children (defined as being under 13 years old).
Since its adoption, this law has been all over the news. Several high profile enforcement efforts in the early 2000’s revealed that many companies were complying with the letter but not the spirit of the law. The most common examples of infraction concerned sites that had a minimum age of 13 to be a member. Many sites allowed users to select their own birthday and any tech-savy kid could set up a profile in no time – and lie about their age. Several companies were fined for not verifying the age of the user.
The Federal Trade Commission (FTC) is the agency charged with enforcing COPPA. In September 2011, in an effort to close several loopholes, the FTC issued the first proposed revisions since the bill became law. The comment period closed in December of the same year and the final changes haven’t yet been announced.
THE FRAMEWORK FOR PROTECTING PRIVACY AND PROMOTING INNOVATION IN THE GLOBAL DIGITAL ECONOMY (2012)
According to the executive summary, ‘Individual Control’ is the hallmark of this new internet privacy framework. It’s important to remember though that this framework IS NOT THE LAW. It’s a proposal for a schema of voluntary compliance by companies that collect and utilize their customers’ personal information. You can read the whole text of the document here.
This proposed framework has been built around a “Consumer Privacy Bill of Rights,” the main provisions of which are listed below.
- Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
- Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
- Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- Security: Consumers have a right to secure and responsible handling of personal data.
- Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
- Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.”
Famigo has always been compliant with COPPA and we will continue to embrace the central tenets of the Consumer Privacy Bill of Rights. We don’t do so because it’s the law. We do so because protecting personal information that belongs to your family – especially your children – is the right thing to do.
Matthew McDonnell is currently pursuing his J.D. at the University of Texas Law School, having already earned his MBA at the College of Charleston. With a varied past as an elementary teacher, a sailing instructor, and a long time student, Matthew is now Famigo’s trusted privacy expert (and a genuinely excellent dude).