San Diego International Law Journal


Lori Chiu

Library of Congress Authority File


Document Type



This article seeks to elucidate these issues and provide a roadmap for the U.S. government to create unified federal laws to provide the private sector with specific protocols regarding use and dissemination of consumer personal information. First, this article will provide an explanation of the U.S.’s current sector-by-sector approach to regulating personally identifying information and will provide a case study of the Federal Trade Commission’s (“FTC”) enforcement action against a social networking site in 2011 as one example of the FTC’s recent efforts at regulating online privacy. Next, this article will analyze the U.S.’s current challenge of judicial enforcement of privacy laws in federal courts and will address recent efforts by Congress, the White House, and the FTC to develop comprehensive online privacy legislation. Third, this article will discuss the European Union’s approach to data protection, including such legislation as the 2012 E.U. Proposed Data Protection Directive.

Fourth, this article will provide specific recommendations for strengthening U.S. data protection policies to address new technologies that have surfaced since the inception of U.S. federal and state online privacy laws. These recommendations include passing uniform federal legislation that will include provisions that model the EU’s recent approach to data protection. Such legislation should establish a data controller within both the public and private sectors and require both public and private entities to provide transparent disclosures to consumers regarding the type of information the entity plans to collect and what purposes the entity will use the information for. Additionally, such legislation should require companies to obtain affirmative consent from consumers prior to collecting personally identifying information. Legislation should also provide consumers with a “right to be forgotten” that would mandate entities to stop tracking the consumer’s personal information when requested.

Finally, this article will propose that the FTC work with industry leaders within business communities to adopt industry specific codes of conduct that businesses can voluntarily opt into by self-certifying their compliance with such codes of conduct. In doing this, the U.S. can more effectively balance individual, community, and governmental interests in the area of data protection and ensure that both individuals and entities are on the same page with regard to the collection and use of the personally identifying information of consumers.