Internet Laws

 

Privacy Act


The FOIA/Privacy Act Division, in the Office of the Assistant Secretary for Public Affairs (ASPA), is the focal point for HHS Privacy Act administration, including the HHS System of Records Notices (SORNs) and Computer Matching Agreements (CMAs).

The Privacy Act of 1974, as amended to present, including Statutory Notes (5 U.S.C. 552a),

  • Protects records about individuals retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual has rights under the Privacy Act to seek access to and request correction (if applicable) or an accounting of disclosures of any such records maintained about him or her.

Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. §§ 2510-2523


View Federal Statutes

Description

Background

The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly referred together as the Electronic Communications Privacy Act (ECPA) of 1986.  The ECPA updated the Federal Wiretap Act of 1968, which addressed interception of conversations using "hard" telephone lines, but did not apply to interception of computer and other digital and electronic communications. Several subsequent pieces of legislation, including The USA PATRIOT Act, clarify and update the ECPA to keep pace with the evolution of new communications technologies and methods, including easing restrictions on law enforcement access to stored communications in some cases.

General Provisions

The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.


9-48.000 - Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (“CFAA”), codified at Title 18, United States Code, Section 1030, is an important law for prosecutors to address cyber-based crimes. As technology and criminal behavior continue to evolve, however, it also remains important that the CFAA be applied consistently by attorneys for the government and that the public better understand how the Department applies the law.

To accomplish these goals, the Department has developed the following policy to guide attorneys for the government in the appropriate considerations for prosecutors contemplating charges under the CFAA.

Children's Online Privacy Protection Rule ("COPPA")

Tags: 

16 CFR Part 312

Children's Online Privacy Protection Act of 1998, 15 U.S.C. 6501–6505

Children's Privacy

Rule Summary

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.



The Kids Online Safety Act of 2023 Sponsored by Senators Blumenthal and Blackburn

 Background as Congressional hearings, media reports, academic research, and heartbreaking stories from families have repeatedly shown, online platforms can have a harmful effect on children and teens: fostering body image issues, creating addictive use, promoting products that are dangerous for young audiences, and fueling bullying and other destructive behaviors. The Kids Online Safety Act provides kids and parents with the tools, safeguards, and transparency they need to protect against threats to children’s health and wellbeing online. The legislation would require that online platforms put the interests of children first, providing an environment that is safe by default. The Kids Online Safety Act also ensures that parents and policymakers know whether online platforms are taking meaningful steps to address risks to kids by requiring independent audits and supporting public scrutiny from experts and academic researchers. The Kids Online Safety Act of 2023 builds on the version from the 117th Congress by clarifying key definitions and rules to better focus on urgent harms to kids. 

Cyber Intelligence Sharing and Protection Act Cybersecurity is an increasingly important issue for U.S. industry, federal and state governmental entities and utilities. It is vital that these entities are able to share cyber threat information in a timely manner. The Cyber Intelligence Sharing and Protection Act (CISPA) (H.R. 624) attempts to close gaps in current legislation by improving information sharing for cybersecurity purposes, a goal that AALL strongly supports. Unfortunately, as drafted, H.R. 624 addresses these important issues by including provisions which would allow businesses to share consumer’s private information with the government without a warrant or any provisions for significant oversight, while also providing these same companies with protection from liability.


S.686 - RESTRICT Act


Introduced in Senate (03/07/2023)


Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act or the RESTRICT Act

This bill requires federal actions to identify and mitigate foreign threats to information and communications technology (ICT) products and services (e.g., social media applications). It also establishes civil and criminal penalties for violations under the bill.

Specifically, the Department of Commerce must identify, deter, disrupt, prevent, prohibit, investigate, and mitigate transactions involving ICT products and services (1) in which any foreign adversary (such as China) has any interest, and (2) that pose an undue or unacceptable risk to U.S. national security or the safety of U.S. persons.

Additionally, Commerce must identify and refer to the President any covered holding (e.g., stock or security) that poses an undue or unacceptable risk to U.S. national security or the security and safety of U.S. persons. If the President determines that the holding poses such a risk, the President may compel divestment of or otherwise mitigate the risk associated with the holding.

Commerce may (1) designate any foreign government or regime as a foreign adversary upon a determination that the foreign government or regime is engaged in a long-term pattern or serious instances of conduct significantly adverse to U.S. national security or the security and safety of U.S. persons, and (2) remove such a designation. Commerce must notify Congress before making or removing a designation; these actions are subject to congressional disapproval.

The bill outlines (1) enforcement mechanisms, including actions by the Department of Justice; and (2) civil and criminal penalties for violations.




Internet privacy laws: Conclusion

Different jurisdictions around the world have their own internet privacy and data security laws. For example, Brazil has the Lei Geral de Proteção de Dados (LGPD) while Canada has the Consumer Privacy Protection Act (CPPA), both of which are broadly similar in scope to the EU’s GDPR or California’s CCPA.

In the US, there is no one comprehensive federal law that governs data privacy. Internet regulation is a complex patchwork of sector-specific and medium-specific laws, including laws and regulations that address telecommunications, health information, credit information, financial institutions, and marketing. 

No comments:

Post a Comment

Subscribe to: Posts (Atom)

Class Presentations start April 8th 2024

 Class Presentations - Note for presentations find out what is currently being done and try to either leverage or build on.   Power point - ...

  • Assignment #2 due 3/6
     Assignment #2 due 3/6 Please select a topic that you wish to discuss based upon contemporary issues in computer science. Send me what your ...
  • Class Presentations start April 8th 2024
     Class Presentations - Note for presentations find out what is currently being done and try to either leverage or build on.   Power point - ...
  • Assignment #1 due 1/29/24
      Please pick two topics that will be used for the class and I'd like to discuss. The class will focus on issues related to technology o...