Privacy Policies and FTC Enforcement Actions

Privacy Lawyer

Various large website privacy policies have been scrutinized in the media lately, including those from Google, Reddit, and Facebook. No court has addressed at length whether a privacy policy constitutes an enforceable contract, but, under existing precedent related to clickwrap and browsewrap agreements, it is safe to presume that some privacy policies may be considered to be enforceable contracts and, consequently, serve as evidence of the legal relationship between the website and the end user.

Further, under US law, privacy policies are not required unless a website targets children and falls under the mandates of the Children’s Online Privacy Protect Act. Even though US law does not require privacy policies, the Federal Trade Commission recommends them and views failure to comply with a privacy policy a deceptive trade practice. Implementing a privacy policy also reduces potential liability for trade deception-based claims by disclosing to end-users how the website collects and uses personal or personally identifiable information.

For example, the FTC has penalized websites that do not transparently disclose their use of personal or personally identifiable information. In In re GeoCities, GeoCities collected personal information from visitors to its website, including education and income level information, which it claimed would not be shared with third parties. GeoCities then shared this information with third party advertisers.

The FTC filed suit against GeoCities for its practices. The Court ultimately ordered that GeoCities had misrepresented to consumers that it would not share personal or personally identifiable information with third parties. Further, the Court ordered GeoCities to clearly display an accurate privacy policy on each page of its website and provide members with an opportunity to have their information deleted from GeoCities’ website and third party databases.

The terms of a privacy policy may also help protect against deceptive competitive trade practices. In FTC v. ReverseAuction.com, ReverseAuction scraped email addresses, user IDs, and feedback ratings of eBay users by logging into the eBay website to obtain this data. After mining this data, ReverseAuction sent emails to eBay users claiming that their account would soon expire and, therefore, they should sign up for ReverseAuction’s services.

Subsequent to these actions, the FTC took action against ReverseAuction. The FTC found that ReverseAuction deceptively sent its emails to third parties after wrongfully obtaining their information from eBay in violation of eBay’s privacy policy. In short, the FTC used ReverseAuction’s violation of eBay’s privacy policy as justification (in part) for its enforcement action.

These actions evidence that, though law in the United States, except in limited cases, does not require privacy policies, they are incredibly useful and help companies avoid liability. Consequently, it is important to implement a well drafted and custom privacy policy tailored to your business’s needs.

Extra, Extra!
Recent Posts

2025 Changes to Trademark Fees

2025 Changes to Trademark Fees

Trademark

There are some significant changes coming to the United States Patent and Trademark Office (USPTO) that will affect trademark filings beginning January 18, 2025. These changes include the introduction of the Trademark Center, new fees, and revised application requirements. Here is an overview of the key changes: The USPTO will retire the TEAS system, which […]

Read more about 2025 Changes to Trademark Fees

Automated Decision-Making Technology: California Releases Proposed Regulations

Automated Decision-Making Technology: California Releases Proposed Regulations

Internet Law

In today’s competitive e-commerce landscape, automated decision-making technology is becoming more and more important. From personalized product recommendations to targeted advertising and streamlined logistics, these systems help ecommerce businesses adapt and grow. But new regulations are on the horizon, and these changes could reshape the way e-commerce businesses use automation. The California Privacy Protection Agency […]

Read more about Automated Decision-Making Technology: California Releases Proposed Regulations

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Put Revision Legal on your side