Apart from in California (see above), in the United States there is no specific law covering the use of cookies or other similar online activity tracking devices. One piece of legislation that is very important is the Children’s Online Privacy Act (COPPA). This act refers to the information that is automatically collected from websites aimed at children, as well as other websites, networks, and even plug-ins that knowingly collect information from children under the age of 13 who are using the internet. Behavioral advertising for children under the age of 13 is also covered by COPPA.
It is vital that a customer or visitor to your site is well aware that there are cookies or other similar tracking devices in use. Failure to inform visitors of this can bring about the risk of legal action, fines, etc. There is also something known as the Digital Advertising Alliance code of conduct. Among other things, it recommends the inclusion of a display icon that makes it easy for users to decide against being tracked for behavioral advertising purposes.
Furthermore, due to the new regulations in place in Europe after the GDPR came into action, you should also be aware that your cookie policies should extend beyond following the US regulations – unless you only want to target a US market, which would put you at a disadvantage, as you would lose a large number of potential website visitors. Because of the new regulation, you should be aware that principles in Europe, such as the right to be forgotten, which normally do not apply for US sites, may now be something you should consider.
These days plenty of e-commerce activity takes place via smartphone apps, as one might expect. This increase in shopping on the go has led to a wider debate regarding data privacy relating to location data. This is where telecommunications companies become involved. The Federal Communications Commission (FCC) which regulates the collecting and disclosing of location information by telecommunications companies.
As this article has shown, data privacy and security are not always straightforward when it comes to the world of e-commerce. There are several complex issues and obstacles that need to be overcome in order to make sure that you are abiding by all the relevant legal guidelines. It is also worth keeping an eye on your state’s legislation. As we have seen with the change to the European legislation, this is an industry that is constantly changing and developing, and can affect internet activity across the globe – and with that, affect data protection and data security too.