Online Privacy Protection: Issues and Developments (CRS Report for Congress)
Premium Purchase PDF for $24.95 (19 pages)
add to cart or
subscribe for unlimited access
Pro Premium subscribers have free access to our full library of CRS reports.
Subscribe today, or
request a demo to learn more.
Release Date |
Jan. 11, 2001 |
Report Number |
RL30322 |
Report Type |
Report |
Authors |
Gina Marie Stevens, American Law Division |
Source Agency |
Congressional Research Service |
Summary:
It is routinely acknowledged that the success of the Internet and electronic commerce depends
upon
the resolution of issues related to the privacy of online personal information. This paper discusses
some potential threats to the privacy of online personal information, and efforts by businesses,
governments, and citizens to respond to them. The paper also provides an overview of the legal
framework for the protection of personal information.
Some advocate legal recognition of a right to "information privacy" for online transactions.
The term "information privacy" refers to an individual's claim to control the terms under which
personal information is acquired, disclosed, and used. In the United States there is no
comprehensive legal protection for personal information. The Constitution protects the privacy of
personal information in a limited number of ways, and extends only to the protection of the
individual against government intrusions. However, many of the threats to the privacy of personal
information occur in the private sector. Any limitations placed on the data processing activities of
the private sector will be found not in the Constitution but in federal or state law. There is no
comprehensive federal privacy statute that protects personal information held by both the public
sector and the private sector. A federal statute exists to protect the privacy of personal information
collected by the federal government. The private sector's collection and disclosure of personal
information has been addressed by Congress on a sector-by-sector basis. With the exception of the
Children's Online Privacy Protection Act of 1998, none of these laws specifically covers the
collection of online personal information.
The federal government currently has limited authority over the collection and dissemination
of personal data collected online. President Clinton's Information Infrastructure Task Force supports
industry standards for privacy protection. The Federal Trade Commission Act prohibits unfair and
deceptive practices in commerce, and the Commission has brought enforcement actions to address
deceptive online information practices. In June 1998, the Federal Trade Commission presented a
report to Congress titled Privacy Online which examined the information practices of
over 1400
commercial Web sites, and found that the vast majority of online businesses have yet to adopt even
the most fundamental fair information practice. The Commission issued a new report to Congress
in July 1999 on Self-Regulation and Online Privacy and found that the vast majority of
the sites
surveyed collect personal information from consumers online, and that the implementation of fair
information practices is not widespread. The FTC issued a new report in May 2000 after another
survey of web sites. Notwithstanding measurable gains since the 1999 report to Congress, a
majority of the Commission found that self-regulation alone, without some legislation, is unlikely
to provide online consumers with the level of protection they seek and deserve, and recommended
that Congress consider legislation to complement self-regulation.
This report does not track legislation pending before Congress.