Privacy policies are required by law in several U.S. states as well as in the European Union and other jurisdictions (see §§22575-22579 of the Business & Professions Code for California’s privacy policy requirement). Together with website terms of service, they form a contract between a website operator and its end users. End users cannot typically negotiate terms of the privacy policy and terms of service with the site operator, making the contract one of adhesion. This puts a burden on the site operator to (1) make the documents conspicuous to end users when they use a site, and (2) provide substantive terms that are reasonable, or at least not unconscionable, so that a court would likely uphold challenged provisions.
Substantive Requirements for Privacy Policies
At the same time, statutes and regulatory agencies have specific requirements for the contents of privacy policies. The U.S. Federal Trade Commission has jurisdiction over many federal-level privacy matters, the Health Insurance Portability and Accountability Act and Gramm-Leach Bliley Act regulate companies in the health care and financial services arenas, and several U.S. states also have substantive requirements for the contents of privacy policies. The National Conference of State Legislatures has a very helpful index of state laws regarding Internet privacy. California’s statute requires sites that collect personally identifiable information from consumers to maintain a policy that explains, among other things, what information the site collects, how that information is used and/or shared, and how the site operator may revise the policy. Site operators who fail to meet this requirement are subject damages of up to $2,500 per violation. The California attorney general’s office has made clear its view that this requirement applies equally to web-based and mobile services by sending warning letters to up to 100 companies in October 2012. The AG’s office subsequently filed a complaint in December 2012 against Delta Airlines for failing to include a privacy policy in its mobile app.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
