Data Protection in the United States: U.S. National Report

  • Shawn Marie BoyneEmail author
Part of the Ius Comparatum - Global Studies in Comparative Law book series (GSCL, volume 38)


The United States did not elaborate any uniform federal legislation to ensure the privacy and protection of personal data. Instead, data protection in the United States is constructed out of a combination of sector-specific federal and state laws, and administrative and industrial regulations. Although in some areas American privacy protection framework may be deemed as less robust in comparison with the European one, in the other areas it provides even greater protection than in Europe.

Individual legislative acts evolved over years from a number of specific instruments addressing issues of the private use of the electronic means of communication and data storage, with a special attention to the collection and use of information collected from children under the age of 13. Relatively fewer privacy rights are secured in case of employees in the workplace. Most notably, federal laws provide for lawful exceptions from prohibited monitoring and interception of the employees’ communication, but they are stricter on monitoring and sharing the content posted on social media.

The laws on national security and defense purposes foresee a considerably broader spectrum of provisions regarding interception and forensic examination of the data and communication, especially in wake of the 9/11 events, as stipulated in the USA Patriot Act. Although the USA Freedom Act curbed and amended those provisions substantially, legal problems arising from these laws are still acute and widely discussed.


  1. Braverman B (2013) Fear FACTA: beware the truncation requirement of the Fair and Accurate Credit Transactions Act.
  2. Brennan W (2016) Complying with the CAN-SPAM Act. Lexis Pract Advis J. Last accessed 18 July 2017
  3. Brill J (2012) Privacy, consumer protection, and competition. Loyola University Chicago School of Law.
  4. Brown CT, Raul AC, Spencer AL, McNicholas ER (2017) Collection, storage and transfer of data in the United States. Lexology.
  5. Caragozian JS, Warner DE Jr (2000) Privacy rights of employees using workplace computers in California. Privacy Rights Clearinghouse.
  6. Castro D (2011) Benefits and limitations of industry self-regulation for online behavioral advertising. The Information Technology & Innovation Foundation.
  7. Caterine MJ (2009) Privacy of electronic communications. American Bar Association.
  8. Cobb S (2016) Data Privacy and Data Protection: U.S. Law and Legislation, ESET.
  9. Crane C (2012) Social networking v. the employment-at-will doctrine: a potential defense for employees fired for Facebooking, terminated for Twittering, booted for blogging, and sacked for social networking. Wash Univ Law Rev 89:639Google Scholar
  10. Doyle C (2012) Privacy: an overview of the Electronic Communications Privacy Act. Congressional Research Service, p i.
  11. Doyle C (2014) Cybercrime: an overview of the federal computer fraud and abuse statute and related federal criminal laws. Congressional Research Service, “Summary”.
  12. Eisenhauer MP (2007) Managing your data processors: legal requirements and practical solutions. BNAI’s World Data Protection Report.
  13. Fair A (2016) Civil penalties undergo inflation recalculation. Federal Trade Commission.
  14. Goitein E, Patel F (2015) What went wrong with the FISA Court. Brennan Center for Justice 13.
  15. Gorelick JS, Marzen S, Solum LB (1989) Destruction of evidence. Aspen Law and Business, Aspen, Co. 255Google Scholar
  16. Grosdidier P (2013) Choose your friends — and privacy settings — wisely. LAW 360.
  17. Hamilton MD (2016) Social media privacy issues in workplace investigations. LAW 360.
  18. Jolly I (2016) Data protection in the United States: overview. Thompson Reuters Practical Law. Google Scholar
  19. Kang YP (2016) DOJ Hacks Shooter’s iPhone, Drops Apple Suit. Law 360.
  20. Lazarus D (2016) Column: FTC is falling short in protecting consumers’ data used by big business. Los Angeles Times.
  21. Listokin S (2017) Does industry self-regulation of consumer data privacy work? IEEE Security & Privacy, 92Google Scholar
  22. Litwin S (2006) Employees’ right to privacy in the workplace. Massachusetts Continuing Education Program.
  23. Liu J (2015) So what does the USA Freedom Act do anyway? Lawfare.
  24. Lynch C, Flint L (2017) The USA Freedom Act turns two. Lawfare.
  25. Mann SF (2014) Fact sheet: Section 215 of the USA PATRIOT Act. Center for Strategic and International Studies.
  26. McGeveran W (2016) Friending the privacy regulators. Ariz Law Rev 58:959, 961Google Scholar
  27. McGinnis K (2014) The ever expanding scope of employee privacy protections. Moore & Van Allen Blog.
  28. Ombres D (2015) NSA domestic surveillance from the Patriot Act to the Freedom Act: the underlying history, constitutional basis, and the efforts at reform. Seton Hall Leg J 39(1):27–58Google Scholar
  29. Perez E (2013) Secret court’s oversight gets scrutiny. Wall Street Journal.
  30. Raul CA, Manoranjan TD, Mohan V (2014) United States. In: Raul AC (ed) The privacy, data protection, and cybersecurity law review. Law Business Research Ltd, London, p 268Google Scholar
  31. Rich J (2015) Beyond cookies: privacy lessons for online advertising. AdExchanger Industry Preview.
  32. Saikali A (2012) Federal data breach notification laws. Data Security Law Journal.
  33. Singer N (2013) Data protection laws, an ocean apart. New York Times.
  34. Solove DJ, Hartzog W (2014) The FTC and the new common law of privacy. Columbia Law Rev 114:583Google Scholar
  35. Sotto LJ, Simpson AP (2014) United States. In: Jay RP (ed) Data protection & privacy in 26 jurisdictions worldwide, 2nd edn. Gideon Roberton 191.
  36. Stanger AJ (2005) Document destruction after Enron: interpreting the New Sarbanes-Oxley Obstruction Statutes. U.C. Davis Bus Law J 5:13.
  37. Stevens G (2010) Federal Information Security and Data Breach Notification Laws, Congressional Research Service.
  38. Surette EC. Liability of business to governments and consumers for breach of data security for consumers information. 1 A.L.R. 7th 2Google Scholar
  39. Swire PP, Ahmad K (2012) Foundations of information privacy and data protection. International Association of Privacy Professionals, Portsmouth, p 4Google Scholar
  40. Swire P, Kennedy-Mayo D (2017) How both the EU and the U.S. are “Stricter than Each Other for the Privacy of Government Requests for Information”. Emory Law J 55:617Google Scholar
  41. Terry N (2017) Existential challenges for health care data protection in the United States. Ethics Med Public Health 3:19CrossRefGoogle Scholar
  42. Toner A (2017) With new browser tech. Apple preserves privacy and Google preserves trackers. Electronic Frontier Foundation.
  43. Tosi RM, Bishop LS, Allensworth RB (2016) Proactive protection of consumers or premature penalty? Consumer Financial Protection Bureau bucks the trend in data security breach cases. K&L Gates Blog.
  44. Ware WH (1973) Records, computers, and the rights of citizens. RAND.
  45. Zetter K (2014) The Feds cut a deal with in-flight Wi-Fi providers and privacy groups are worried. WIRED.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Indiana University, Robert H. McKinney School of LawIndianapolisUSA

Personalised recommendations