right of privacy: access to personal information
The right of privacy has evolved to protect the ability of individuals to determine what sort of information about themselves is collected, and how that information is used. Most commercial websites utilize “cookies,” as well as forms, to collect information from visitors such as name, address, email, demographic info, social security number, IP address, and financial information. In many cases, this information is then provided to third parties for marketing purposes. Other entities, such as the federal government and financial institutions, also collect personal information. The threats of fraud and identity theft created by this flow of personal information have been an impetus for right of privacy legislation requiring disclosure of information collection practices, opt-out opportunities, as well as internal protections of collected information. However, such requirements have yet to reach all segments of the marketplace.
15 U.S.C. § 45 charges the Federal Trade Commission (FTC) with preventing “unfair methods of competition in or affecting commerce and unfair or deceptive acts or practices in or affecting commerce.” In matters of privacy, the FTC’s role is one of enforcing privacy promises made in the marketplace. Several additional laws form the foundation on which the FTC carries out this charge: the Privacy Act of 1974 (5 U.S.C. § 552a), the Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801-6809), the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.), and the Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501-6506).
The Privacy Act of 1974 (5 U.S.C. § 552a) protects personal information held by the federal government by preventing unauthorized disclosures of such information. Individuals also have the right to review such information, request corrections, and be informed of any disclosures. The Freedom of Information Act facilitates these processes.
The Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) protects personal financial information collected by consumer reporting agencies. The Act limits those who can access such infomation, and subsequent amendments have simplified the process by which consumers can obtain and correct the information collected about themselves. The FTC also actively enforces prohibitions on fraudulently obtaining personal financial information, a crime known as “pretexting.”
The Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501-6506) allows parents to control what information is collected about their child (younger than 13 years old) online. Operators of websites that either target children or knowingly collect personal information from children are required to post privacy policies, obtain parental consent before collecting information from children, allow parents to determine how such information is used, and provide the option to parents to opt-out of future collection from their child.
However, despite the rights described above, other participants in the marketplace are not bound by law to develop similar protections and disclosure practices. Rather, in the remainder of the marketplace, the FTC encourages a voluntary regime of protecting consumer privacy. In two reports to Congress (1998, 2000) though, the FTC found that most sites falling outside of the jurisdiction of the established right of privacy laws do not adequately inform consumers about collection practices, nor do the majority of sites adequately protect the privacy of visitors’ personal information. It appears that the voluntary regime is insufficient, and the prospect of further right of privacy legislation in the area of access to personal information is very real.