To learn about the key issues of how consumer data is regulated in the US, to understand the sectoral regulatory approach, to learn about the various definitions of personally identifiable information, to understand how state common law protects consumer privacy, and to learn about the major role that the Federal Trade Commission (FTC) plays in regulating privacy and about the substance of its cases.
Length: Approximately 1 hour
Written by: Professors Daniel J. Solove and Paul M. Schwartz
Instructor: Professor Daniel J. Solove
This course provides an overview of the how consumer data is regulated in the US. The course begins with essential background about the US sectoral approach to privacy law. The course then discusses the various definitions of personally identifiable information, standing, and how state common law (tort and contract) protects consumer privacy. The main portion of the course involves an extensive overview of the FTC – its Section 5 jurisdiction, deception and unfairness, other sources of FTC privacy and security jurisdiction, penalties and consent decrees, and more. The course discusses key FTC cases and the important principles and lessons that can be gleaned from the many FTC enforcement actions pertaining to privacy and security.
Although this course can stand alone, it is recommended that this course be taken along with its companion course: Consumer Data and US Regulation Part II: Statutory Law.
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws. Please note that certificates for the Consumer Data and US Regulation courses will only be provided for people who successfully complete both Parts I and II.
About this Course
The US System of Privacy Law Regulation
The Sectoral Approach
Federal and State Laws
The Chief Privacy Officer
Personally Identifiable Information
Injury and Standing
Creating Marketing Lists of Names
Limitations of the Privacy Torts
Opt Out vs. Opt In
Are Privacy Policies Contracts?
Privacy Settings and Other Statements About Privacy
FTC Section 5 Enforcement
The Scope of Section 5
FTC Enforcement Powers
FTC Enforcement Process
FTC Consent Decrees
Prohibitions on Wrongful Activities
Fines and Other Monetary Penalties
Deleting Data or Refraining from Using It
Making Changes in Privacy Policies
Establishing Comprehensive Programs
Assessments by Independent Professionals
Recordkeeping and Compliance Reports
Notification of Material Changes Affecting Compliance
Retroactive Policy Changes
Deceptive Data Collection
Security Gaffes and Failure to Train
Transfer of Data in Bankruptcy
Violating the Privacy Policies of Others
Inadequate Vendor Management
FTC Beyond Section 5
Article: Daniel J. Solove & Woodrow Hartzog, The FTC and the New Common Law of Privacy, 114 Colum. L. Rev. 584 (2014)
Article: Paul M. Schwartz & Daniel J. Solove, The PII Problem: Privacy and a New Concept of Personally Identifiable Information, 86 NYU L. Rev. 1814 (2011)