Internet Privacy Law

Internet marketing is the modern age miracle for marketing strategists. Getting your word out to the masses quickly and automatically, and at next to no-cost retrieve customer’s data, is a boon for many companies.

internet-privacy-laws-1024x424 Internet Privacy Law

However, being the guardian of all of this personal data means additional legal responsibility due to the threat of invasion of privacy.

Federal Implications

If a business directly (or indirectly via an agent) violates its own internet privacy policy, it is seen as carrying out deceptive or unfair trade practices and can be prosecuted by the Federal Trade Commission (FTC) under Section 5 of the FTC Act. Some businesses do not publish an internet privacy policy to prevent prosecution by the FTC, but where did that leave the consumer?

State Internet Privacy Protection

As this loophole allowed deceptive marketers to use customers information as they wished, most states introduced laws to protect the consumer and close the loophole for that state’s residents. The website’s privacy policy must disclose its intention of use of consumers personal data and give consumers a choice to provide this information or not. Consumers can choose the ‘Do Not Track’ option to keep their data secure. The State of California did this with SB 27 and AB 68.

California S.B. 27, “Shine the Light” Law

The Shine the Light Law allows customers to ask a business for exactly what information has been collected from them and whom they have shared it with. Businesses must comply with the request by listing the categories of information gathered, and the names and addresses of any direct marketers the information has been given to within 30 days of the request. The law is codified in Section 1798.83 of the California Civil Code.

This law applies to any business that has a relationship with a customer and has disclosed a customer’s personal data to a third party who will use the data for direct marketing purposes.


  • Any business whose privacy policy publicly states that they will only disclose any personal information to third-parties for direct marketing purposes if the customer is given explicit opt-in or opt-out capabilities by the third party.
  • Non-profit organizations
  • Businesses with less than 20 full time or part-time
  • Political fundraisers.
  • Financial businesses that are already compliant with the California Financial Information Privacy Act.

S.B. 27 states explicitly that if a customer must accept a provision waiving his or her rights to the use of their private information, such a waiver is void and against public policy.

A business must provide its customers with either a toll-free phone number, fax number, e-mail address or mailing address that can be used by its customers to request the following:

  • Categoriesof information collected from the customer (e.g., name and address, e-mail, date of birth, race, religion, occupation, phone number, education, ), AND
  • Third Party Namesand addresses of each direct marketer the business has supplied the personal information to during the previous year, AND
  • The Type of Products or Servicesthe third-party markets, AND
  • Train all employees(or their supervisors) to respond to a customer’s request relating to the use of the customer’s personal data, OR
  • Add a linktitled “Your Privacy Rights” to the home page of the business’s website that takes the customer directly to the business’s general privacy policy. The first page following the link must describe the customer’s rights under S.B. 27 and provide the customer with information on how to request information from the business. The link must be in larger type than the surrounding text, or in contrasting type, font or color.

AB 68, Online Privacy Protection Act (CalOPPA)

This is a broad law codified in Section 22575 of the California Business and Professions Code, which requires websites or online services to post privacy policies on their sites and to comply with them. These websites must also disclose if they are tracking online visits.

AB 68 applies to any operator or owner of a commercial website or online service that collects a California resident’s personally identifiable data during use of their website. This law does not apply to entities which store personal data for third-parties like Internet Service Providers (ISP).

All online businesses or online services must post a privacy policy on its website. At a minimum, the privacy policy must

  • Provide detailsof how a consumer can review and amend any of his or her personal information to the extent the business maintains a process for doing so
  • Describe the categoriesof personal data collected and categories of third parties and their agents with whom the online business may share such information;
  • Describe the processby which the operator of the website or online service will notify consumers of material changes to its privacy policy; and
  • Identifythe effective date of the privacy policy.

Internet Laws

With technology changing so quickly, some laws become outdated very quickly. However, they are already in place, and some parts of those laws are still relevant.

The Electronic Communications Privacy Act of 1986 (ECPA)

In the beginning of the internet and intranet, email and internet phone calls brought about privacy issues. ECPA protects those emails and phone calls, meaning they cannot be read or intercepted without a warrant.

The downside of this law is that this only applies to public servers. ECPA does not protect an employer-owned, or privately owned, server. Also, any emails which remain more than 180 days on a server are abandoned and are subject to being opened by an unintended recipient with a subpoena.

The US Patriot Act

After the September 11 terrorist attack, the government made it legal for the FBI and such entities to read all communications they deem as a terrorist act. It did not take long for this law to become irrelevant and abused. However, in 2015 the Patriot Act was amended with the Freedom Act to further protect citizens online behavior and communications.

The Recent Internet Privacy Rollback

The Recent Internet Privacy Act was intended to revoke a law stating Internet Service Provider’s (ISPs) must disclose their intention of use with a consumer’s personal data. Internet Service Providers would also have to disclose if third-parties received this data, have a plan in place in case of a security breach and provide the same price for all internet security tiers.

As with all laws, details are subject to change. If you would like the most up-to-date information, Flying Cow Design can help with lawyer referrals.

fb50c5bf790872a8ecad33a6bd15d358?s=100&d=mm&r=g Internet Privacy Law

CEO, Flying Cow Design
Attended University of Auckland
Lives in San Francisco Bay Area

October 15th, 2016

Need help with Internet Marketing?

Write to us with your project details and we will get back to you shortly.

Related Articles
Just a few years ago, it was called the new kid on the block. Esoteric
If you need any free stock photos check out the sites below. Terms of Use
When you say 'Search Engine', you automatically think of 'Google', MSN Search', 'Yahoo Search', etc.
It can be confusing trying to sort out all of the Web and Internet Jargon,
Email marketing is considered by many as one of the new age marketing techniques. Most
“The Internet is becoming the town square for the global village of tomorrow.” ~ Bill
“The Internet is becoming the town square for the global village of tomorrow.” ~ Bill
Google has over 200 parameters that go into deciding where a page should rank for
Search engines try to serve the most relevant result that would meet the needs of
Blogs are like informal platforms for people to share information and communicate. Many times, search