Individual privacy rights are important facets of almost every country’s legal system. While no two privacy laws or regulations are the same, they all serve the same purpose: to allow individuals to act and speak without fear that things done and said in private will be exploited or exposed. The advent of the Internet has brought new challenges to privacy protections, and the Internet privacy laws that have followed have been diverse and far-reaching. There are many different types of Internet privacy laws, ranging from protections for employee e-mail communications and restrictions on re-broadcasting social networking data to browser tracking activities and online data breaches.
The United States is one of the few countries in the world that lacks an overarching privacy law. In the US, privacy, including Internet privacy, is legislated on the state level. Some state Internet privacy laws prohibit companies who store electronic information on customers or clients from dispersing that information without specific consent, and others mandate certain data security protections to prohibit unintended disclosure or Web publication. These are known generally as “data breach” or “data protection” laws. Data breach laws are one of the most common Internet privacy laws, and are in force in almost all U.S. states as well as the European Union, Canada, and Australia, among other countries.
Another common type of Internet privacy law deals with communication monitoring. The Internet is fast becoming one of the foremost communication tools. E-mail, instant messaging, and social network interactions are among the platforms upon which Internet users connect with each other. Sometimes these communications can be monitored, however, particularly when on a workplace or public computer. Many states and countries set restrictions on how and under what circumstances computer owners can monitor the Internet communications that happen over their networks.
Similarly, data usage and statistics about Internet connectivity are sometimes considered private information. In some places, Internet service providers need to be upfront and transparent about their data monitoring activities in order to comply with the reigning law. It is usually illegal for an Internet service provider to alter the quality of a subscriber’s service or cut off service entirely based on how the service provider thinks the subscriber is using the connection.
Assuring online privacy is often not as challenging as is complying with the specifics of any given Internet privacy law. Even Internet privacy laws that cover the same ground are often different in scope or specific requirements. Some data breach laws require specific disclosure to all potentially affected individuals in writing, for instance, while others require all users to affirmatively consent to a provider's terms at the time services are rendered. Some laws prohibit the monitoring of employee e-mail communications across the board, while others set certain restrictions and parameters on monitoring that is and is not acceptable. Companies doing business in more than one jurisdiction need to be particularly careful that their activities meet the privacy standards of each location in which they maintain a presence.
Laws prohibiting cyber crimes, such as e-mail hijacking, identity theft, and electronic fraud, as well as laws promoting Internet safety, are also in force in most jurisdictions, but are typically considered computer crime laws, not Internet privacy laws. Privacy laws deal specifically with individual privacy and the privacy of personal information, and concern activities that typically would not be punishable but for the privacy laws that target them. Criminal laws are typically stronger, and carry tougher penalties. Although one could potentially prosecute e-mail hacking, for instance, as a privacy invasion, the criminal laws typically yield a more favorable, and more pecuniary, result.