Privacy Regulations and Penalties

Over the years, many laws and regulations have been introduced to protect the confidentiality and privacy of individuals’ online personal information, both personally identifiable information (PII) such as name, address, or driver’s license number, and browsing history. Keeping track of and complying with these regulations is essential for any modern business.

Early Regulations: CAN-SPAM, Safe Harbor, and Privacy Shield

In the United States, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) sought to give individuals control over commercial e-mail by forcing companies to provide information about who was collecting the data and an “unsubscribe” option, preventing any further communications. (For larger companies with multiple departmental marketing units, complying with a global unsubscribe can be quite expensive.)

Data transfer between European countries and the U.S. fell under the auspices of the US-EU Safe Harbor, which required companies receiving personal data to treat it consistently with EU regulations.