Skip to main content
  • 1545 Accesses

Abstract

The right to privacy in the United States (US) can be traced to the late 1800s. However, and while the right to privacy has a long history in the US, it would not have been conceived that today the right has become one of the most important and contested rights. This is because it competes with many other policy areas of government such as national security and the economy. Nonetheless, the US is home to some of the largest Internet companies in the world. The data protection laws in the US can be vest described as being sectorial based. To date this has served the state well, however as there are increasing concerns in relation to the misuse and abuse of personal data, governments and regulators have sat up and taken note of the many anomalies.

Due to the breadth and depth of the sectorial approach to data protection, this Chapter while generally focuses solely on the laws of the Federal Trade Commission and Health. The Chapter briefly highlights the other laws that consider personal data such as the Children’s Online Privacy Protection Act, amongst others. The Chapter further outlines how some states such as California have developed specific data protection laws.

In considering the wider cybersecurity and AI risks posed by new technology, this Chapter, consistent with the other chapters will discuss the definition of personal data and the concept of consent . Despite the sectorial approach taken by the US, they have thought about the implications to children from smart home appliances, toys and other AI devices that will come onto the market. This Chapter briefly highlights some of the work that has been undertaken by the US in this area of policy and the law.

Moreover, further work is needed by the US to also consider what and how smart home technology such as fridges, televisions, to toys and robots will have an impact more generally to Americans. This work is urgently needed to better understand the potential impacts to the disabled and elderly members of society. On the other side, one of the most vulnerable group, in our view are children, and the sectorial regulatory approach may no longer be viable to protect this cohort. Arguably, of all the laws discussed and compared in this book, the US is the most complex to understand what and where a data subjects right to data protection lies. With the implementation of the new state-based privacy laws of California, it remains to be seen whether this will result in major changes at the federal level. There have been calls for more specific data protection laws at the federal level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Grau, l, (2012) An American Constitutional History Course for Non-American Students Carlos III University of Madrid https://core.ac.uk/download/pdf/29403732.pdf

  2. 2.

    Ibid.

  3. 3.

    Ibid.

  4. 4.

    Ibid. Other rights that appear for the first time in the Pennsylvania Constitution are “[t]hat the people have a right to bear arms for the defence of themselves, and the state,” which years later was to be included almost literally in the federal Bill of Rights as the second Amendment; “[t]hat all men have a natural inherent right to emigrate from one state to another that will receive them, or to form a new state in vacant countries, or in such countries as they can purchase, whenever they think that thereby they may promote their own happiness,” rights which, in this case, were to be expressly forbidden in the federal Constitution.

  5. 5.

    Warren, S., Brandeis, L, “The Right to Privacy.” Harvard Law Review 4:5, (1890), 192–196.

  6. 6.

    Griswold v. Connecticut, 381 US 479 (1965).

  7. 7.

    Glancy, D, The Invention of the Right to Privacy, Arizona Law Review Vol. 21 (1979).

  8. 8.

    Ibid.

  9. 9.

    Ibid.

  10. 10.

    Ibid.

  11. 11.

    Ibid.

  12. 12.

    Ibid.

  13. 13.

    Grau, L, (2012) An American Constitutional History Course for Non-American Students Carlos III University of Madrid https://core.ac.uk/download/pdf/29403732.pdf

  14. 14.

    Richards, N., Solove, D, (2010) Prosser’s Privacy Law: A Mixed Legacy, California Law Review Vol. 98:1887,1888–1920.

  15. 15.

    Ibid.

  16. 16.

    Ibid.

  17. 17.

    Ibid.

  18. 18.

    Ibid.

  19. 19.

    Roe v. Wade, 410 US 113 (1973)

  20. 20.

    Ibid.

  21. 21.

    Ibid, 164.

  22. 22.

    Luis Grau, L, (1973) An American Constitutional History Course for Non-American Students Carlos III University of Madrid https://core.ac.uk/download/pdf/29403732.pdf. Rowe v Wade 410 US 113, 152–153.

  23. 23.

    Dörr, D., Weaver, R, (2014) Perspectives on Privacy: Increasing Regulation in the USA, Canada, Australia and European Countries – Privacy and the Fourth Amendment, De Gruyter, 3–6.

  24. 24.

    Ibid.

  25. 25.

    Ibid.

  26. 26.

    Ibid.

  27. 27.

    Richards, N, (2015) Why Data Privacy Law Is (Mostly) Constitutional, 56 Wm. & Mary L. Rev. 1501.

  28. 28.

    Ibid.

  29. 29.

    Sorrell v. IMS Health Inc 131 S. Ct. 2653, 2672 (2011), in Neil Richards, Why Data Privacy Law Is (Mostly) Constitutional, 56 Wm. & Mary L. Rev. 1501 (2015)

  30. 30.

    Ibid.

  31. 31.

    Richards, N, (2015) Why Data Privacy Law Is (Mostly) Constitutional, 56 Wm. & Mary L. Rev. 1501.

  32. 32.

    Ibid.

  33. 33.

    Carpenter v. United States 138 S. Ct. 2206 (2018)

  34. 34.

    Ibid.

  35. 35.

    Ibid.

  36. 36.

    Ibid.

  37. 37.

    Schiedermair, S, The New General Data Protection Regulation of the European Union – Will it Widen the Gap between Europe and the US? 72–78, in Dieter Dörr, Russell L. Weaver, (2014) Perspectives on Privacy: Increasing Regulation in the USA, Canada, Australia and European Countries - Privacy and the Fourth Amendment, De Gruyter, 3–6.

  38. 38.

    Article 3 (1) GDPR regulates that the GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Union. According to Recital 19 it is irrelevant whether the processing of personal data takes places within the European Union or without. It is also insignificant in which legal form the arrangement takes place, whether through a branch or a subsidiary with a legal personality. The GDPR applies to controllers in third countries insofar as personal data of individuals that reside in the European Union are involved and the processing is carried out to offer goods or services to such data subjects in the European Union or to monitor their behaviour (Article 3 (2)).

  39. 39.

    Ross, W, US Secretary of Commerce, EU Data Privacy Laws are Likely to Create Barriers to Trade, FIN. TIMES (May 30, 2018), https://www.ft.com/content/9d261f44-6255-11e8-bdd1-cc0534df682c. (“GDPR’s implementation could significantly interrupt transatlantic co-operation and create unnecessary barriers to trade, not only for the US, but for everyone outside the EU.”). Walter Copan, Director, Nat’l Inst. Standards. & Tech, Dep’t of Commerce, Developing the NIST Privacy Framework: How Can a Collaborate Process Help Manage Privacy Risks (Sept. 24, 2018), https://www.nist.gov/ speech-testimony/developing-nist-privacy-framework-how-can-collaborative-process-help-manage-privacy. [hereinafter Copan Keynote] (“It is too soon to tell how large an impact these regulations will ultimately have on products and services that rely on access to users’ data, and whether there will be a substantial measurable improvement in desired privacy outcomes.”). Developing the Administration’s Approach to Consumer Privacy, 83 Fed. Reg. 48,600, 48,601 (Sept. 26, 2018). In Data Protection Law: An Overview Congressional Research Service March 25, 2019 https://fas.org/sgp/crs/misc/R45631.pdf

  40. 40.

    Ibid.

  41. 41.

    51 CEOs from companies such as Amazon, IBM, Salesforce, Target and more, https://www.cnbc.com/2019/09/10/business-roundtable-urges-congress-to-pass-consumer-data-privacy-law.html

  42. 42.

    Ibid.

  43. 43.

    Data Protection Law: An Overview Congressional Research Service March 25, 2019, https://fas.org/sgp/crs/misc/R45631.pdf

  44. 44.

    Solove, D., Hartzog, W, (2014) The FTC and the New Common Law of Privacy, 114 Colum. L. Rev. 583–587.

  45. 45.

    Ibid.

  46. 46.

    Heck, Z, (2018) A Litigator’s Primer on European Union and American Privacy Laws and Regulations, 44 LITIG. 59–59.

  47. 47.

    Ibid.

  48. 48.

    15 U.S.C. §§ 6801–6809. In Data Protection Law: An Overview Congressional Research Service March 25, 2019, https://fas.org/sgp/crs/misc/R45631.pdf

  49. 49.

    Ibid.

  50. 50.

    Ibid.

  51. 51.

    Ibid, 15 U.S.C. §§ 1681–1681x.

  52. 52.

    Ibid.

  53. 53.

    Ibid, Pub. L. No. 104-104, 110 Stat. 56 (1996) (codified throughout 47 U.S.C.).

  54. 54.

    Ibid.

  55. 55.

    Ibid, Cable operators are defined to include anyone who uses the cable system to provide any video or other programming service. §§ 522(5)–(6). Satellite carriers are defined as any entity that uses the facilities of a satellite or satellite service to establish and operate a channel of communications for point-to-multipoint distribution of television station signals. § 338(k)(7); 17 U.S.C. § 119(d)(6).

  56. 56.

    Ibid, 47 U.S.C. ch. 5.

  57. 57.

    Ibid.

  58. 58.

    Ibid.

  59. 59.

    Ibid.

  60. 60.

    Ibid.

  61. 61.

    Ibid, §§ 6501–6506.

  62. 62.

    Ibid.

  63. 63.

    Ibid, Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508, 100 Stat. 1848 (1986) (codified at 18 U.S.C. §§ 2510–3127).

  64. 64.

    Ibid, § 1030.

  65. 65.

    Ibid.

  66. 66.

    Ibid, Consumer Financial Protection Act of 2010, Pub. L. No. 111-203, tit. X, 124 Stat. 1376, 1955–2113 (2010)

    (codified at 12 U.S.C. §§ 5491–5603).

  67. 67.

    Ibid.

  68. 68.

    Ibid.

  69. 69.

    Federal Trade Commission Act (15 U.S.C. §§41–58) https://uscode.house.gov/view.xhtml?req=granuleid%3AUSC-prelim-title15-chapter2-subchapter1&edition=prelim

  70. 70.

    Cate, F, Consumer Protection in the Age of the Information Economy The Failure of Fair Information Practice Principles, (2018) https://www.ftc.gov/system/files/documents/public_comments/2018/12/ftc-2018-0098-d-0036-163372.pdf. Schwartz, P, “Privacy and Democracy in Cyberspace,” 52 Vanderbilt Law Review 1607, 1614 (1999).

  71. 71.

    Ibid.

  72. 72.

    Ibid.

  73. 73.

    Ibid.

  74. 74.

    Ibid.The most fundamental principle is notice. Consumers should be given notice of an entity’s information practices before any personal information is collected from them. Without notice, a consumer cannot make an informed decision as to whether and to what extent to disclose personal information. Moreover, three of the other principles discussed below—choice/consent, access/participation, and enforcement/ redress—are only meaningful when a consumer has notice of an entity’s policies, and his or her rights with respect thereto. The second widely-accepted core principle of fair information practice is consumer choice or consent. At its simplest, choice means giving consumers options as to how any personal information collected from them may be used. Specifically, choice relates to secondary uses of information—i.e., uses beyond those necessary to complete the contemplated transaction. Refers to an individual’s ability both to access data about him or herself—i.e., to view the data in an entity’s files—and to contest that data’s accuracy and completeness. Both are essential to ensuring that data are accurate and complete. Data must be accurate and secure. To assure data integrity, collectors must take reasonable steps, such as using only reputable sources of data and cross-referencing data against multiple sources, providing consumer access to data, and destroying untimely data or converting it to anonymous form.

  75. 75.

    Hartzog, W., Solove, D, (2015) The Scope and Potential of FTC Data Protection, 015 Vol. 83 No. 6, 2231–2248.

  76. 76.

    Ibid.

  77. 77.

    Ibid.

  78. 78.

    15 U.S.C. § 45(a)(2).

  79. 79.

    FTC v. Wyndham Worldwide Corp., 10 F. Supp. 3d 602 (D.N.J. 2014), in Woodrow Hartzog, Daniel J. Solove The Scope and Potential of FTC Data Protection, 015 Vol. 83 No. 6 (2015), 2231–2248.

  80. 80.

    Ibid.

  81. 81.

    Ibid.

  82. 82.

    Ibid.

  83. 83.

    Ibid.

  84. 84.

    Ibid.

  85. 85.

    Ibid.

  86. 86.

    Ibid.

  87. 87.

    Ibid.

  88. 88.

    Ibid.

  89. 89.

    894 F.3d 1221, 1228 (11th Cir. 2018).

  90. 90.

    Ibid.

  91. 91.

    Solove, D., Hartzog, W, The FTC and the New Common Law of Privacy, 114 Colum. L. Rev. (2014) 583–587.

  92. 92.

    Federal Trade Commission Act (15 U.S.C. §§41-58), [section 1191 et seq. of this title] and under this subchapter to extent that such functions relate to administration of Flammable Fabrics Act, and (2) under Act of August 2, 1956. [section 1211 et seq. of this title], transferred to Consumer Product Safety Commission by section 30 of Act Oct. 27, 1972, Pub. L. 92–573 [section 2079 of this title]. By section 3 of act Sept. 26, 1914, Bureau of Corporations abolished and all employees and functions of said Bureau transferred to Federal Trade Commission.

  93. 93.

    Ibid. (a) Clarification of Federal Trade Commission Jurisdiction. Any person that directly or indirectly controls, is controlled directly or indirectly by, or is directly or indirectly under common control with, any bank or savings association (as such terms are defined in section 3 of the Federal Deposit Insurance Act [12 U.S.C. 1813]) and is not itself a bank or savings association shall not be deemed to be a bank or savings association for purposes of any provisions applied by the Federal Trade Commission under the Federal Trade Commission Act [15 U.S.C. 41 et seq.]. (b) Savings Provision. No provision of this section [amending section 18a of this title] shall be construed as restricting the authority of any Federal banking agency (as defined in section 3 of the Federal Deposit Insurance Act [12 U.S.C. 1813]) under any Federal banking law, including section 8 of the Federal Deposit Insurance Act [12 U.S.C. 1818].

  94. 94.

    Ibid, section 5.

  95. 95.

    Ibid. However, to enact TRRs the FTC must comply with several procedures that are not required under the notice-and-comment rulemaking procedures set forth in Section 553 of the Administrative Procedure Act, which are the default rulemaking procedures for federal agencies. These additional procedures require the FTC to publish an advance notice of proposed rulemaking, give interested persons an opportunity for an informal hearing, and issue a statement accompanying the rule regarding the prevalence of the acts or practices treated by the rule.

  96. 96.

    In Data Protection Law: An Overview Congressional Research Service March 25, 2019, https://fas.org/sgp/crs/misc/R45631.pdf

    Ibid.

  97. 97.

    FTC v. Sun Spectrum Commc’ns Org., Inc., No. 03-CV-8110 (S.D. Fla. Oct. 3, 2005)

  98. 98.

    Ibid, and see also Federal Trade Commission, US and Canadian Telemarketers Pay $415,000 to Settle FTC Charges, Defendants Charged with Selling Nonexistent Credit Cards, https://www.ftc.gov/news-events/press-releases/2005/10/us-and-canadian-telemarketers-pay-415000-settle-ftc-charges

  99. 99.

    No. C- 4636 (F.T.C. Dec. 20, 2017).

  100. 100.

    Ibid, Children’s Online Privacy Act 1998, 15 U.S.C 6501–6505.

  101. 101.

    Ibid.

  102. 102.

    Ibid.

  103. 103.

    Ibid.

  104. 104.

    Ibid.

  105. 105.

    Ibid.

  106. 106.

    Federal Trade Commission, The Future of the COPPA Rule: An FTC Workshop https://www.ftc.gov/news-events/events-calendar/future-coppa-rule-ftc-workshop

  107. 107.

    894 F.3d 1221, 1237 (11th Cir. 2018). See Federal Trade Commission, https://www.ftc.gov/system/files/documents/cases/labmd_ca11_ftc_opposition_to_fee_request_2018-1119.pdf. How the development of new technologies or business models, the evolving nature of privacy harms, and changes in the way parents and children use websites and online services, affect children’s privacy today. How the Rule should address parental consent for education technology vendors that collect personal information consented to by schools, Whether the Rule should include a specific exception to parental consent for audio files containing a child’s voice that website operators collect and then promptly delete. Whether the Rule should permit general audience platforms to rebut the presumption that all users of child-directed content are children, and if so, under what circumstances. Whether the revisions to the Rule made in 2013 have worked as intended or require modification; and Whether the Rule should be amended to better address websites and online services that do not include traditionally child-oriented activities, but that have large numbers of child users.

  108. 108.

    Ibid.

  109. 109.

    Ibid.

  110. 110.

    Ibid. The program was required to be “fully documented in writing” and to “contain administrative, technical, and physical safeguards appropriate to respondent’s size and complexity, the nature and scope of respondent’s activities, and the sensitivity of the personal information collected about consumers.” It set out specific safeguards that the program must include, such as: (1) an employee designated to oversee information security, (2) the identification of security risks, (3) the design and implementation of safeguards to control those risks, (4) requirements that service providers also maintain appropriate safeguards, and (5) that the program be regularly evaluated and adjusted.

  111. 111.

    Ibid.

  112. 112.

    Ibid, LabMD, Inc. v. FTC, 891 F.3d 1286, 1300 (11th Cir. 2018)

  113. 113.

    §160.103. In Data Protection Law: An Overview Congressional Research Service March 25, 2019, https://fas.org/sgp/crs/misc/R45631.pdf.

  114. 114.

    Health Information Privacy, HIPAA Privacy Rule, Department of Health and Human Services, https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

  115. 115.

    Ibid.

  116. 116.

    Ibid.

  117. 117.

    Ibid.

  118. 118.

    Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest US Health Data Breach in History, Department of Health and Human Services https://www.hhs.gov/about/news/2018/10/15/anthem-pays-ocr-16-million-record-hipaa-settlement-following-largest-health-data-breach-history.html

  119. 119.

    Ibid.

  120. 120.

    HIPPA Privacy Rules, § 160.103, Definitions, https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html

  121. 121.

    Ibid.

  122. 122.

    Ibid.

  123. 123.

    Ibid.

  124. 124.

    Federal Trade Commission Act (15 U.S.C. §§41–58).

  125. 125.

    Ibid.

  126. 126.

    United States Health Information Privacy, https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html

  127. 127.

    Ibid, section 3

  128. 128.

    Ibid.

  129. 129.

    This also extends to another authorization for the same research study, with an authorization for the creation or maintenance of a research database or repository, or with a consent to participate in research

  130. 130.

    Health Insurance Portability and Accountability Act 1996, section 1128E, referring to section 221, https://www.congress.gov/104/plaws/publ191/PLAW-104publ191.pdf

  131. 131.

    Ibid.

  132. 132.

    Ibid.

  133. 133.

    Siegel, R, Tech Policy, Google scores major victory in E.U. ‘right to be forgotten’ case https://www.washingtonpost.com/technology/2019/09/24/google-scores-major-victory-eu-right-be-forgotten-case/

  134. 134.

    Ibid.

  135. 135.

    A covered entity’s contract or other written arrangement with its business associate must contain the elements specified at 45 CFR 164.504(e).

  136. 136.

    Business Associates, 45 CFR 164.502(e), 164.504(e), 164.532(d) and (e), https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html

  137. 137.

    Ibid.

  138. 138.

    Ibid.

  139. 139.

    Section 7(a), In hearings which section 4 or 5 requires to be conducted pursuant to this section— (a) Presiding Officers.—There shall preside at the taking of evidence (1) the agency, (2) one or more members of the body which comprises the agency, or (3) one or more examiners appointed as provided in this Act; but nothing in this Act shall be deemed to supersede the conduct of specified classes of proceedings in whole or part by or before boards or other officers specially provided for by or designated pursuant to statute. The functions of all presiding officers and of officers participating in decisions in conformity with section 8 shall be conducted in an impartial manner. Any such officer may at any time withdraw if he deems himself disqualified; and, upon the filing in good faith of a timely and sufficient affidavit of personal bias or disqualification of any such officer, the agency shall determine the matter as a part of the record and decision in the case.

  140. 140.

    Privacy and Data Security Update, 2018, Federal Trade Commission https://www.ftc.gov/system/files/documents/reports/privacy-data-security-update-2018/2018-privacy-data-security-report-508.pdf

  141. 141.

    Ibid. In 2018, FTC had brought 51 actions, 39 under an older US EU Safe Harbor program, 4 under APEC CBPR, and 8 under Privacy Shield.

  142. 142.

    Ibid, described in section 57a(f)(3) of this title.

  143. 143.

    Ibid, described in section 57a(f)(4) of this title.

  144. 144.

    Ibid, subject to part A of subtitle VII of title 49.

  145. 145.

    Ibid, insofar as they are subject to the Packers and Stockyards Act, 1921, as amended [7 U.S.C. 181 et seq.], except as provided in section 406(b) of said Act [7 U.S.C. 227(b)].(3) This subsection shall not apply to unfair methods of competition involving commerce with foreign nations (other than import commerce) unless, (A) such methods of competition have a direct, substantial, and reasonably foreseeable effect (i) on commerce which is not commerce with foreign nations, or on import commerce with foreign nations; or (ii) on export commerce with foreign nations, of a person engaged in such commerce in the United States.

  146. 146.

    Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach.

    Settlement includes fund to help consumers recover from data breach, Federal Trade Commission, https://www.ftc.gov/news-events/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related

  147. 147.

    Ibid.

  148. 148.

    Ibid.

  149. 149.

    Do-Not-Call Registry. Public Law No. 108–82.

  150. 150.

    15 USC Ch. 87A NATIONAL DO-NOT-CALL REGISTRY, https://uscode.house.gov/view.xhtml?req=granuleid%3AUSC-prelim-title15-chapter87A&edition=prelim

  151. 151.

    Ibid.

  152. 152.

    Andrews Group, Australian Communications and Media Authority – Unsolicited Communications Research Findings Report – May 2018, https://www.rand.org/content/dam/rand/pubs/technical_reports/2012/RAND_TR1218.pdf

  153. 153.

    AB375, Title 1.81.5, The California Consumer Privacy Act of 2018, and see, California Legislative Information, https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375

  154. 154.

    Ibid.

  155. 155.

    Personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

  156. 156.

    Ibid.

  157. 157.

    Ibid.

  158. 158.

    Ibid. 1798.100–110. The information may be delivered by mail or electronically, and if provided electronically, the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit this information to another entity without hindrance. A business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period. (e) This section shall not require a business to retain any personal information collected for a single, one-time transaction, if such information is not sold or retained by the business or to reidentify or otherwise link information that is not maintained in a manner that would be considered personal information. (1) Retain any personal information collected for a single, one-time transaction, if the information is not sold or retained by the business. (2) Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.

  159. 159.

    1798.105.

  160. 160.

    Ibid. (5) Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code. (7) To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business. (8) Comply with a legal obligation. (9) Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

  161. 161.

    Ibid, Information is used internally in a manner that is compatible with the context of the collection. Information is necessary to comply with a legal obligation. Information is necessary for internal uses of a company, if those uses are reasonably expected by consumers. Information is necessary for scientific, historical or statistical research in the public interest. Information is necessary to promote free speech. Information is necessary to identify and repair errors. Information is necessary to protect against deceptive, fraudulent or illegal activity. Information is necessary to detect security incidents. Information is necessary to complete a transaction requested by the data subject or to perform a contract.

  162. 162.

    Richards, N, (2015) Why Data Privacy Law Is (Mostly) Constitutional, 56 Wm. & Mary L. Rev. 1501–1503.

  163. 163.

    1798.110. (a) and (b) A business that collects personal information about a consumer shall disclose to the consumer, pursuant to paragraph (3) of subdivision (a) of Section 1798.130, the information specified in subdivision (a) upon receipt of a verifiable request from the consumer. (c) A business that collects personal information about consumers shall disclose, pursuant to subparagraph (B) of paragraph (5) of subdivision (a) of Section 1798.130

  164. 164.

    Ibid, 1798.125.

  165. 165.

    Ibid, 1798.135 (4) In addition, data subjects that exercise their right to opt out of the sale of their personal information, refrain from selling personal information collected by the business about the consumer. (5) For a consumer who has opted out of the sale of the consumer’s personal information, respect the consumer’s decision to opt out for at least 12 months before requesting that the consumer authorize the sale of the consumer’s personal information. (6) Use any personal information collected from the consumer in connection with the submission of the consumer’s opt-out request solely for the purposes of complying with the opt-out request.

  166. 166.

    Ibid, 1798.130. and Civil Code § 1798.130(a)(5). 1798.100(c). § 1798.130(a)(5)(A). § 1798.130(a)(5)(B). § 1798.130(a)(5)(C). Also see, Jeffrey King, Alidad Vakili, Julia B. Jacobson, with assistance from Brian Philips (Counsel, Raleigh) and Jenny Sneed (Associate, Raleigh), K&L Gates Frequently Asked Questions About the California Consumer Privacy Act of 2018 (CCPA), http://www.klgates.com/frequently-asked-questions-about-the-california-consumer-privacy-act-of-2018-ccpa-07-31-2018/

  167. 167.

    Lapowsky, I, (2019) New York is poised to become the next battleground in the fight for consumers’ rights over their personal data, https://www.wired.com/story/new-york-privacy-act-bolder/

  168. 168.

    Ibid.

  169. 169.

    The New York State Senate, New York Privacy Act Bull Number: S5642 https://www.nysenate.gov/legislation/bills/2019/s5642

  170. 170.

    Ibid.

  171. 171.

    Ballard Spahr LLP, The National Law Review, New York State Data Privacy Law Fails, https://www.natlawreview.com/article/new-york-state-data-privacy-law-fails

  172. 172.

    Ibid.

  173. 173.

    Rustad, M., Koenig, T, Towards A Global Data Privacy Standard, Florida Law Review Vol, 71, (2019).

  174. 174.

    Daskal, J., Swire, P, The U.K.-US CLOUD Act Agreement Is Finally Here, Containing New Safeguards, October 2019, https://www.lawfareblog.com/uk-us-cloud-act-agreement-finally-here-containing-new-safeguards, CLOUD Act text, https://www.justice.gov/dag/page/file/1152896/download

  175. 175.

    Ibid.

  176. 176.

    Evans, M., (UK), Kessler, D., (US), Lennon, J., (AU) Ross, S, (US) US, CLOUD Act and International Privacy, Norton Rose Fulbright August 1, (2019), https://www.dataprotectionreport.com/2019/08/u-s-cloud-act-and-international-privacy/

  177. 177.

    Federal Trade Commission, FTC Strengthens Kids’ Privacy, Gives Parents Greater Control Over Their Information By Amending Children’s Online Privacy Protection Rule https://www.ftc.gov/news-events/press-releases/2012/12/ftc-strengthens-kids-privacy-gives-parents-greater-control-over

  178. 178.

    Ibid.

  179. 179.

    Jodka, S, (2017), The Internet of Toys: Legal and Privacy Issues with Connected Toys https://www.dickinson-wright.com/news-alerts/legal-and-privacy-issues-with-connected-toys

  180. 180.

    Ibid.

  181. 181.

    Ibid.

  182. 182.

    Ibid.

  183. 183.

    Ibid.

  184. 184.

    Ibid.

  185. 185.

    Memorandum For the Heads of Executive Departments and Agencies, Guidance for Regulation of Artificial Intelligence Applications, https://www.whitehouse.gov/wp-content/uploads/2020/01/Draft-OMB-Memo-on-Regulation-of-AI -1-7-19.pdf

  186. 186.

    Ibid.

References

  • Dörr, D., & Weaver, R. (2014). Perspectives on privacy: Increasing regulation in the USA, Canada, Australia and European Countries – Privacy and the Fourth Amendment (pp. 3–6). De Gruyter.

    Book  Google Scholar 

  • Glancy, D. (1979). The invention of the right to privacy. Arizona Law Review, 21, 2–28.

    Google Scholar 

  • Hartzog, W., & Solove, D. (2015). The Scope and Potential of FTC Data Protection, 015. George Washington Law Review, 83(6), 2231–2248.

    Google Scholar 

  • Richards, N., & Solove, D. (2010). Prosser's privacy law: A mixed legacy. California Law Review, 98, 1887.

    Google Scholar 

  • Schiedermair, S. (2014). The new general data protection regulation of the European Union – Will it widen the gap between Europe and the US? In D. Dörr & R. L. Weaver (Eds.), Perspectives on privacy : Increasing regulation in the USA, Canada, Australia and European countries – Privacy and the fourth amendment (pp. 72–78). De Gruyter, 3–6.

    Google Scholar 

  • Schwartz, P. (1999). Privacy and democracy in cyberspace. Vanderbilt Law Review, 52, 1607–1614.

    Google Scholar 

  • Solove, D., & Hartzog, W. (2014). The FTC and the new common law of privacy. Columbia Law Review, 114, 583–587.

    Google Scholar 

  • Warren, S., & Brandeis, L. (1890). The right to privacy. Harvard Law Review, 4(5), 192–196.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Walters, R., Novak, M. (2021). The United States. In: Cyber Security, Artificial Intelligence, Data Protection & the Law . Springer, Singapore. https://doi.org/10.1007/978-981-16-1665-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-1665-5_14

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-1664-8

  • Online ISBN: 978-981-16-1665-5

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics