1 / 19

Minnesota Passes the Nation’s First Internet Privacy Law

Minnesota Passes the Nation’s First Internet Privacy Law. Jody Blanke, Professor Computer Information Systems and Law Mercer University, Atlanta. Minnesota’s Internet Privacy Act. Enacted on May 22, 2002 To be effective on March 1, 2003 Applies (only) to Internet service providers [ISPs]

golda
Download Presentation

Minnesota Passes the Nation’s First Internet Privacy Law

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Minnesota Passes the Nation’s First Internet Privacy Law Jody Blanke, Professor Computer Information Systems and Law Mercer University, Atlanta ALSB - July 30, 2002

  2. Minnesota’s Internet Privacy Act • Enacted on May 22, 2002 • To be effective on March 1, 2003 • Applies (only) to Internet service providers [ISPs] • ISPs may not disclose personally identifiable information [PII] except as provided in this act ALSB - July 30, 2002

  3. "Personally identifiable information“ defined as • Information that identifies: • a consumer by physical or electronic address or telephone number; • a consumer as having requested or obtained specific materials or services from an Internet service provider; • Internet or online sites visited by a consumer; or • any of the contents of a consumer's data-storage devices. ALSB - July 30, 2002

  4. Required Disclosures of PII • Pursuant to subpoena • Pursuant to warrant or court order • For certain law enforcement purposes • In a civil action for conversion • To the consumer, upon request ALSB - July 30, 2002

  5. Permitted Disclosures of PII • In the “ordinary course of business” • “debt-collections activities, order fulfillment, request processing, or the transfer of ownership” • As provided by wiretap law • To other ISPs for purposes of enforcing acceptable use policies • To any person with the consumer’s authorization ALSB - July 30, 2002

  6. Authorization • May be written or electronic • Must describe persons to whom PII will be disclosed and anticipated uses • Must state conspicuously whether authorization will be obtained on an opt-in or opt-out basis ALSB - July 30, 2002

  7. Civil Action • May claim actual damages or $500, plus costs and attorney fees • No class actions permitted • It is a defense that the defendant has established and implemented reasonable practices and procedures to prevent violations of this chapter ALSB - July 30, 2002

  8. Preemption • Expires on the effective date of federal legislation that preempts state regulation of the release of PII by ISPs • If federal legislation were enacted that did not preempt state law, any such federal law would supercede conflicting provisions of the Minnesota law ALSB - July 30, 2002

  9. Online Personal Privacy Act • Senate bill co-sponsored by Senator Hollings and ten other Senators • Would preempt Minnesota law • Applies to [ISPs], online service providers [OSPs], and operators of commercial websites [OCWs] • Restricts collection, use and disclosure of PII ALSB - July 30, 2002

  10. “Collect” broadly defined as • The gathering of PII by any means, direct or indirect, active or passive, including • an online request for PII • PII gathered in chat room or from message board • “tracking or use of any identifying code linked to a user of such a service or website, including the use of cookies or other tracking technology” ALSB - July 30, 2002

  11. “Fair information practices” • Consistent with the “five core principles of privacy protection” • Notice/awareness • Choice/consent • Access/participation • Integrity/security • Enforcement/redress ALSB - July 30, 2002

  12. Notice • Must be “clear and conspicuous” • Must disclose • the types of information collected • the methods of collecting and using the information • all the disclosure practices, including whether it will be disclosed to third parties ALSB - July 30, 2002

  13. Opt-in Consent • Required for sensitive PII • Sensitive PII includes • individually identifiable health information • race or ethnicity • political party affiliation • religious beliefs • sexual orientation • social Security number • sensitive financial information ALSB - July 30, 2002

  14. Opt-out Consent • Requires “clear and conspicuous notice” and “robust notice” for PII • PII includes • first and last name, home or other physical address, e-mail address, telephone number, birth certificate number • any other identifier that would permit the physical or online contacting of a specific individual • information that is collected and combined with an identifier described above ALSB - July 30, 2002

  15. Exceptions • Does not apply to the collection, disclosure or use of information that is necessary • to protect security and integrity of the service or website, or the safety of people or property • to conduct a transaction for the user • Good faith disclosures may be made under the Children’s Online Privacy Protection Act • Disclosures may be made pursuant to a warrant or court order ALSB - July 30, 2002

  16. Changes in Privacy Policy • Whenever an ISP, OSP or OCW makes a material change in its policy for the collection, use or disclosure of sensitive or nonsensitive PII, it must notify all users of that service or website of the change, and may not act in accordance with the changed policy until the user is afforded an opportunity to consent or withhold consent to the new policy ALSB - July 30, 2002

  17. Access • Must provide access to PII collected from the user online, provide an opportunity for the user to suggest a correction or deletion of any such information, and make the correction or deletion • May decline to make the correction or deletion if it reasonably believes that it is inaccurate or inappropriate, and it so notifies the user, and provides an opportunity for the user to refute the reasons given for declining to make the suggested correction or deletion • May charge an access fee of no more than $3 ALSB - July 30, 2002

  18. Security • Must establish and maintain reasonable procedures necessary to protect the security, confidentiality and integrity of the PII it maintains ALSB - July 30, 2002

  19. Enforcement • By FTC • as unfair or deceptive acts or practices • By individuals • for violations regarding sensitive PII • By state attorneys general • on behalf of state residents ALSB - July 30, 2002

More Related