What exactly is internet law?
Internet law, also called cyberlaw, refers to the laws and rules governing the use of the internet. Internet laws may not be simple and clear due to the following reasons:
- The web is still relatively new and is continuing to change and change, so legal frameworks cannot keep up.
- Internet laws typically contain and apply the principles of various legal areas – like contracts or privacy laws which pre-dates the advent of the internet and can be subject to interpretation.
US Privacy Act of 1974
While it was not in place before the advent of the internet, Although it was passed before the internet, it is the Privacy Act of 1974 is likely to be the basis of numerous laws governing data privacy and the internet within the US. This Act was passed to acknowledge the size of the quantity of personal information stored in computer databases of US government agencies. The Act was enacted to:
The rights of US citizens to gain access to information maintained by government agencies and the right to obtain the data.
Citizens have the right to rectify any information error.
The necessity agencies collect only the minimal amount of data necessary and relevant to fulfill their purpose.
Limiting access to information on a ‘need-to-know basis.
Sharing of information is restricted among Federal (and other non-federal) agencies. The sharing of information between federal and non-federal agencies is restricted – i.e., sharing is only permitted in certain circumstances.
However, the advent of the internet altered how privacy is defined and forced the need to adopt new laws regarding data security in electronic communications.
Federal Trade Commission Act
The Federal Trade Commission Act of 1914 created the US Federal Trade Commission and was intended to ban unfair competition methods and unfair practices or actions that impact commerce.
While the FTC cannot explicitly regulate the type of information required to be included within website privacy policies, they use its authority to make rules and enforce privacy laws and ensure the safety of consumers’ privacy. For instance, the FTC could be able to take action against businesses that:
- Transfer personal data in a manner that is not clearly defined in a privacy statement.
- False security and privacy claim to customers or in the privacy guidelines.
- Do not implement and maintain sensible security measures for data.
- Do not adhere to the self-regulatory rules applicable to your company’s industry.
The FTC plays an important role in internet regulation and regulation of the internet because it investigates the false claims provided by top technological and social media firms about the security of customer data they collect. In the past, for instance, the FTC has been investigating complaints made against Facebook over the way it uses customer data.
Children’s Online Privacy Protection Act
The Children’s Online Privacy Protection Act of 1998, also referred to as COPPA, is a US national law. It aims to bring parents in charge of the information they collect from their children’s online accounts. COPPA applies to those who operate commercial websites and online services (including mobile applications or Internet of Things devices) targeted at children younger than 13 years old, which collect personal data from children.
The most important requirements of COPPA are:
- Apps, websites, and other online tools targeted at children under 13 years old must be notified and parental permission before collecting data from children.
- They should be able to clearly and thoroughly define their privacy policies.
- Any information they get from children is secure and safe.
While the law’s origins were in the beginning on the web, it is more relevant in the era of digital media and programmatic advertisements. One of the key issues with COPPA is the degree to which a website is directed at children younger than 13 years old. In the US there is a Federal Trade Commission assesses sites by a variety of criteria, which include:
- The subject of discussion
- The use of animated characters
- Activities geared towards children or rewards
- Models’ age
- Children’s celebrities or stars who are appealing to children
- The site’s advertisements are directed at children
Certain sites or services filter their users based on age. Therefore they do not have to adhere to COPPA regulations. For example, numerous social networks that rely on collecting and selling user data have set 13 as the minimum age for users to register.
California Consumer Privacy Act
The California Consumer Privacy Act, or CCPA, was enacted in 2018. The purpose of the law was to protect the privacy of consumers for Californian residents by expanding consumer privacy protections on the internet. CCPA is regarded as the most comprehensive data privacy-focused internet law in the US and has no comparable at the federal level.
Much like the GDPR of the EU and GDPR, CCPA gives consumers the right to view their data and the ability to erase and choose to opt-out of processing data at any time. The difference is that CCPA is different from GDPR because GDPR gives consumers the right to correct or rectify inaccurate personal data while CCPA does not. GDPR also requires consent from the point at which consumers give their personal information. In contrast, CCPA only specifies that privacy notices are available on websites that inform users that they have the right to refuse particular data-related collection. Other aspects included in CCPA include:
- Consumers have the right to access their data via an access request for data subjects.
- Consumers aren’t able to sell private information without an announcement on the web and provide the consumer the option to opt-out.
- Consumers have a limited cause to pursue legal action when they’re data breach victims.
- The state Attorney General is granted a greater power to sue corporations on behalf of citizens.
CCPA offers broad definitions of personal information as ‘information that identifies, is related to or describes, and can be associated with, or may reasonably be connected, either directly or in indirect ways, to the particular household or consumer.’ It is similar to GDPR’s broad view of personal information.
General Data Protection Regulation
The European Union’s General Data Protection Regulation – GDPR was put into the market in 2018. It is a legal framework that sets guidelines for collecting and processing personal data from those living within the European Union. GDPR applies regardless of where websites are located, meaning that it must be followed by all websites that attract European users. GDPR is regarded as one of the toughest security of data laws around the globe.
GDPR stipulates that users of websites must be informed of the information a website collects and that users must give explicit consent to data collection. This is why many websites will display pop-ups requesting users to consent to cookies, which are small files that store personal data, such as site preferences and settings – which are being gathered.
The key features of GDPR are:
- Consumers have the right to be informed about how their information is used and collected.
- Customers can inquire on websites to reveal the information they have taken regarding them (without paying any fees).
- If there is a mistake in the consumer’s data, the consumer can request the correction.
- Consumers may request that their personal information be removed from the records.
- Consumers can opt-out of data processing, such as for market purposes.
- Sites must inform users if their personal information is compromised or compromised.
The European Commission explains GDPR in detail on its website. There were some interesting fines handed out to major firms for breaches of GDPR, such as Google being handed an amount of $57 million for the fact that important data was hidden when users installed the latest Android phones, which means that the users weren’t aware of what privacy policies they were signing up to, as well as British Airways being fined $28 million when 500,000 reservation records were stolen in an attack.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability and Accountability Act of 1996 – HIPAA is a US federal law focusing on the health insurance industry’s regulation, including privacy and security provisions. The law prohibits health providers, companies, and employees from sharing health information without consent.
When people discuss HIPAA, most of them refer to HIPAA’s Privacy Rule provision, which was introduced in 2003. The rule was enacted since the US Congress acknowledged that the rise of internet technology created a situation where health privacy breaches were more likely to happen. The HIPAA Privacy Rule allows consumers to control their disclosures of health information, which means they can inform their healthcare providers about what they should disclose.
The Gramm-Leach-Bliley Act (GLBA) – also known as the Financial Services Modernization Act of 1999, is a financial and banking law that includes security and privacy aspects for data. Its safeguarding of personal information is based on previous laws governing financial information for consumers like the Fair Credit Reporting Act (FCRA).
In essence, GLBA protects non-public personal information, defined as any “information collected about an individual’s identity to provide a financial product or service except when the information is freely available. The expression “publicly available” means the property records of a mortgage or other publicly available information.
The GLBA prohibits pretexting. Pretexting is the Act of gaining illegal access to private information. The term is typically connected with social engineering hacks, such as when someone poses as a police security agent to get details. Phishing scams that involve setting up fake websites to trick users into divulging personal information are a different form of pretexting. The GLBA mandates that financial institutions implement measures to prevent fraud through pretexting in their security programs.
Internet privacy laws Finalization
Different countries around the world have their privacy and security laws. For instance, Brazil has the Lei Geral de Protecao de Dados (LGPD), and Canada is home to the Consumer Privacy Protection Act (CPPA). Both have a similar application to the EU’s GDPR and California’s CCPA.
In the US, no single federal law regulates data privacy. Internet regulations are a complicated collection of medium-specific and sector-specific laws, which include laws and regulations that deal with the privacy of health information, telecommunications, financial institutions, credit information, and marketing.