Privacy Policies and FTC Enforcement Actions

Privacy Lawyer

Various large website privacy policies have been scrutinized in the media lately, including those from Google, Reddit, and Facebook. No court has addressed at length whether a privacy policy constitutes an enforceable contract, but, under existing precedent related to clickwrap and browsewrap agreements, it is safe to presume that some privacy policies may be considered to be enforceable contracts and, consequently, serve as evidence of the legal relationship between the website and the end user.

Further, under US law, privacy policies are not required unless a website targets children and falls under the mandates of the Children’s Online Privacy Protect Act. Even though US law does not require privacy policies, the Federal Trade Commission recommends them and views failure to comply with a privacy policy a deceptive trade practice. Implementing a privacy policy also reduces potential liability for trade deception-based claims by disclosing to end-users how the website collects and uses personal or personally identifiable information.

For example, the FTC has penalized websites that do not transparently disclose their use of personal or personally identifiable information. In In re GeoCities, GeoCities collected personal information from visitors to its website, including education and income level information, which it claimed would not be shared with third parties. GeoCities then shared this information with third party advertisers.

The FTC filed suit against GeoCities for its practices. The Court ultimately ordered that GeoCities had misrepresented to consumers that it would not share personal or personally identifiable information with third parties. Further, the Court ordered GeoCities to clearly display an accurate privacy policy on each page of its website and provide members with an opportunity to have their information deleted from GeoCities’ website and third party databases.

The terms of a privacy policy may also help protect against deceptive competitive trade practices. In FTC v. ReverseAuction.com, ReverseAuction scraped email addresses, user IDs, and feedback ratings of eBay users by logging into the eBay website to obtain this data. After mining this data, ReverseAuction sent emails to eBay users claiming that their account would soon expire and, therefore, they should sign up for ReverseAuction’s services.

Subsequent to these actions, the FTC took action against ReverseAuction. The FTC found that ReverseAuction deceptively sent its emails to third parties after wrongfully obtaining their information from eBay in violation of eBay’s privacy policy. In short, the FTC used ReverseAuction’s violation of eBay’s privacy policy as justification (in part) for its enforcement action.

These actions evidence that, though law in the United States, except in limited cases, does not require privacy policies, they are incredibly useful and help companies avoid liability. Consequently, it is important to implement a well drafted and custom privacy policy tailored to your business’s needs.

Extra, Extra!
Recent Posts

Can I Trademark a Non-English Word or Phrase in the U.S.?

Can I Trademark a Non-English Word or Phrase in the U.S.?

Trademark

Yes, as long as the proposed trademark meets the other requirements for registration. U.S. trademark laws do not require that only the English language can be used for trademarks. However, whatever the language, trademarks must meet the legal requirements, including functionality, distinctiveness, uniqueness, etc. For example, every trademark must function as a trademark in that […]

Read more about Can I Trademark a Non-English Word or Phrase in the U.S.?

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Internet Law

In a new ruling, a California federal judge has declared the entirety of California’s Age-Appropriate Design Code Act (“CAADCA”) to be unconstitutional. Cal. Civ. Code §§ 1798.99.28 et seq. See media report here and the Opinion here. The case is Netchoice, LLC. v. Bonta, Case No. 22-cv-08861-BLF (US N.Dist. Cal, March 13, 2025). The CAADCA […]

Read more about California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Put Revision Legal on your side