Maryland AG Launches New Internet Privacy Unit, Plans Aggressive Enforcement

By: Ifrah Law

Maryland Attorney General Douglas Gansler (D) has announced that his office is launching a new Internet Privacy Unit designed to address issues related to online privacy and to ensure that companies are in compliance with state and federal consumer protection laws. The unit will also handle issues related to cyberbullying and cybersecurity.

Gansler, who also serves as the president of the National Association of Attorneys General (NAAG), has previously stated that online privacy was a priority. Gansler said in a statement that Internet privacy is “one of the most essential consumer protection issues of the 21st century.”

As president of the NAAG, Gansler is leading a campaign entitled “Privacy in the Digital Age,” which focuses on the best ways to manage data risks associated with online activity. Last year, Gansler led an effort by 36 state attorneys general to demand changes from Google when it unilaterally changed its user privacy policy.

The Internet Privacy Unit will also work with major industry stakeholders and privacy advocates to provide outreach and education to businesses and consumers. The unit may also pursue enforcement actions “where appropriate” to ensure that consumers’ privacy is protected.

One area of online privacy that the unit will examine is whether companies are complying with the Children’s Online Privacy Protection Act (COPPA), a federal law that restricts site operators from knowingly collecting personal data from children younger than 13. The Federal Trade Commission (FTC) announced in December that it adopted new rules governing COPPA that will go into effect in July 2013, which were the first significant revisions since the original rules went into effect in 2000. The new rules significantly increase the number of types of companies that are required to obtain parental permission before knowingly collecting personal details from children, as well as the types of information that will require parental consent to collect.

The unit will also “examine weaknesses” in online privacy policies. Not only will companies be required to have privacy policies in place, but these policies need to be thorough and comprehensive to ensure compliance with all relevant privacy laws. And, of course, companies need to be following in practice what they “preach” in their privacy policies.

Maryland is not the first state to create a privacy unit in its Attorney General’s office. California created such an office last July, and the office has aggressively pursued mobile app developers who do not display their privacy policies, including filing suit against Delta Airlines for allegedly failing to post a privacy policy on its mobile app.

The FTC and state attorney general offices will doubtless continue to be aggressive in their enforcement of privacy laws. Companies with an online presence should review their privacy policies and practices, particularly as affected by recent rule changes such as the COPPA revisions. Also, Maryland is signaling that it will be an active player in monitoring and enforcement of personal privacy and cybersecurity. While federal legislation continues to stall, the states are most definitely moving ahead.