The internet has been around for decades now. In fact, today’s population includes a separate generation of humans born in the internet era. But, unfortunately, internet privacy is still a global issue.
However, it is a more serious concern for Americans as they form one of the largest internet user groups. According to 2019 stats, the United States has the third-highest number of internet users (~313 million).
On top of that, the USA also hosts Silicon Valley with numerous tech giants. That’s why Americans are much more vulnerable to data security threats than any other nation.
Wondering if your government has done anything to protect your online integrity? Can you complain to any authorities in the case of a cyber threat?
In this article, we explain the current status of internet privacy in the USA. Read along to learn how your state protects your data and what tips can help you enjoy online security.
What is internet privacy, and why is it important?
Before discussing privacy in the USA, let’s first understand what internet privacy is all about.
Internet privacy is about the protection of your online data from others. That includes every entity other than you, including your government authorities, web trackers, advertisers, third-party data aggregators, criminal hackers, and even the websites you visit.
This online privacy is important because these entities use various methods to trace and chase you online. Through these methods, they can collect bits of personal and non-personal details about you with or without your consent. They can then use this information in whatever manner they want to.
Of course, when it’s about your data, you should be in control of how it gets collected and distributed online, shouldn’t you?
Certainly, nobody likes to share one’s salary/monthly income, financial details, physical address(es), personal and family members, and other sensitive data to strangers, no matter even if these strangers are present online.
Unfortunately, the way internet-driven technology has taken over lives, it’s almost impossible to have complete control of your data in your hands. Mostly, you inadvertently end up handing over a lot more information to others than intended. Whereas the receiving parties thankfully obtain all of this data from you, believing it your consent.
So, you see, this complicated relationship of the internet with your real-life details is what makes internet privacy crucial. It defines how and why your data should remain private to you unless you explicitly, knowingly, and willingly share it with others.
How does the internet affect privacy for Americans?
Wondering how the internet or the digital means such as cookies or your device expose your real-world details online?
Well, it’s not about the digital means only. Instead, what has made the internet directly meddle with your privacy is the way you, we, and all of us use it.
For instance, consider how you use social media, mainly Facebook. You must be having at least a hundred friends connected on your profile, right? And, a significant portion of those friends would typically be your Facebook Friends, isn’t it?
In other words, you really know nothing about those stranger friends except the details they mentioned on their profiles (or deliberately shared with you during chats).
So, it means that when you post personal stuff on Facebook, like your new purchase, a birthday gift, your check-ins, or plans for vacations, you’re basically sharing your information with strangers too!
Those strangers can also get much more information about you through these details, such as your financial status, your family’s affordability, lifestyle, your routine activities, and the times when your home remains vacant.
In short, you disclose everything to strangers without realizing how your activities breached your privacy on Facebook.
Similarly, other activities like online background checks – a thing common in the USA, often violate Americans’ internet privacy. Those platforms collect and distribute a lot more information about you to others, often failing to verify whether the inquirer has a legitimate reason to gather this data about you or not.
This is all in addition to the various stealth means through which the criminal hackers get a hold of your data.
Why is Internet privacy an issue?
Well, it’s unfortunate that despite years of advocacy by privacy enthusiasts, awareness campaigns, and lots of debates, internet privacy remains a problem.
Because people often confuse privacy with security against criminal hackers. Of course, that matters for your privacy, but it’s just a single aspect of it.
When we talk about internet privacy, we refer to criminal hacking activities and the malicious practices by legitimate service providers that compel the users to surrender their privacy.
Although, it doesn’t mean that people are ignorant of their data privacy. In fact, they are much aware of how their information lands at the hands of others.
According to a 2019 survey by Pew Research Center, more than 80% of Americans realize that they have very little control over their data. Also, 79% of US adults are concerned about how companies use their data. Whereas 64% of participants also mentioned their concerns about the governments’ data collection.
However, this awareness, together with a sense of helplessness, makes internet privacy an issue today. A problem is yet awaiting a comprehensive solution!
People know that their internet privacy in the USA is at risk. But they can’t really help it due to the unapologetic government surveillance and obligatory agreements to companies’ privacy policies that link the use of a service with the surrender of privacy.
Do we have a right to internet privacy in the USA?
After going through all the aggressive approaches toward interfering with your online life, you might wonder if you are really entitled to privacy in America online.
Regretfully, no straightforward answer exists to this question.
Although considering the tech giants face fines due to privacy violations, it seems the constitution does protect the citizen’s internet privacy.
For instance, Facebook faced a fine of $5billion for privacy violations back in 2019. Whereas, in 2010, Capital One got slapped with a fine of $80 million for a data breach affecting its customers’ privacy.
However, the truth is, no federal laws actually exist to govern the internet privacy of Americans typically. At least, you won’t find something like the EU-GDPR.
Yet, it doesn’t mean that the government doesn’t care about your privacy at all.
The actual problem is the absence of an explicit central regulation regarding the citizen’s online privacy and security.
Nonetheless, the government firmly believes that the citizens enjoy the right to privacy in the USA.
Also, the U.S. Supreme Court believes that the penumbra of several other rights explicitly covered by the constitution also protects the rights to internet privacy.
Therefore, you don’t have to panic over the absence of a central law regarding your online data privacy.
Numerous separate federal laws do exist to monitor and regulate certain aspects of your internet privacy.
Consequently, any fines that may be imposed on privacy violators are levied per these laws. For example, the 2019 Facebook fine actually came from the US Federal Trade Commission (FTC).
Though, you are lucky if you live in one of the US states that have defined dedicated laws for internet security. (We’ll talk about these states in detail later.) Yet, if your state has no specific online privacy laws, then the following acts monitor your privacy.
The Federal Trade Commission Act (FTC) 
Established under the Federal Trade Commission (FTC), the FTC Act of 1914 basically deals with the practices related to commerce and trade. Thus, today, FTC applies the same act when addressing issues related to e-commerce or online services.
According to this act, FTC can take actions against any entities or services that it finds performing deceptive or unfair practices. It can also take actions against services that violate user privacy, whether deliberately or unintentionally.
Here is what the FTC 1914 Act empowers the Commission with,
“Under this Act, as amended, the Commission is empowered, among other things, to (a) prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce; (b) seek monetary redress and other relief for conduct injurious to consumers; (c) prescribe rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices; (d) gather and compile information and conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and (e) make reports and legislative recommendations to Congress and the public.”
Electronic Communications Privacy Act (ECPA) 
As the term implies, the ECPA 1986 is a dedicated law covering consumers’ privacy with regards to electronic communication.
When first established by the US Congress, the law was supposed to prevent privacy breaches by intercepting electronic communications, such as by wiretapping and signal interruption.
However, given the emergence of the internet as the primary means of communication, the law underwent numerous amendments to include online communications too.
Explaining the general provisions of this law on their website, the US Department of Justice, Office of Justice Programs, Bureau of Justice Assistance (OJP BJA) elaborates,
“The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.”
The same law also protects employees’ privacy in the case of employer tracking on cellphones and electronic communication. The law experienced this extension in its scope following the Omnibus Crime Control and Safe Streets Act of 1968.
The masses frequently criticize the ECP for its failure to adequately cover all scopes of electronic communications and the subsequent frauds.
The most common criticism is its dated scope that misses out on how modern communications involve data transfer and privacy breach, such as how people transmit or share their data with mobile network authorities.
Nonetheless, the law is still helpful in protecting the citizen’s privacy in the USA in many cases. For example, in 2010, this law helped in charging two Philadelphia schools for spying on students via webcams in school-provided laptops.
Computer Fraud And Abuse Act (CFAA) 
This law came into existence following an amendment in the federal law for computer frauds to include hacking.
Since this first amendment in 1986, the law has gone through multiple amendments – the latest being in 2008 to broaden the coverage.
In particular, the CFAA restrains anyone from committing fraudulent activities involving or regarding computers. As explained by the National Association of Criminal Defense Lawyers (NACDL) on their website,
“The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization but fails to define what “without authorization” means. With harsh penalty schemes and malleable provisions, it has become a tool ripe for abuse and use against nearly every aspect of computer activity.”
Broadly, this includes intentional unauthorized access to someone’s computers with malicious intent.
Whereas, the law consists of numerous dedicated sections addressing computer-related malpractices such as computer espionage, trespassing into government, financial, or any unauthorized computer, committing frauds, intercepting traffic to sniff on passwords or data, damaging a computer with viruses, or threatening to do so.
Also, the law includes a special section for the penalties levied in the case of such violations.
Children’s Online Privacy Protection Act (COPPA) 
Protecting the children isn’t just the responsibility of the parents or guardians, but of the state too. This holds true for ensuring physical as well as online protection to the minor.
That’s the reason behind this USA internet privacy protection act for children.
In brief, COPPA regulates how the online services deal with the data and privacy of minor internet users in America. Summarizing the rule, FTC stated on its website,
“COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.”
Alongside the central act, an additional COPPA Rule is also in place to monitor the website’s compliance. Because of these laws, the websites frequently mention how they collect and store the data of children and whether or not they should use it.
However, this law has faced some criticism for its inadequacy to ensure proper compliance and implementation. For example, social media platforms like Facebook do not really permit children to sign up. This blanket ban thus leads to age fraud as well.
Still, the law is important to wage legal actions against privacy violators. For example, in 2019, FTC used this law to fine ByteDance (the parent company behind TikTok), which compelled the latter to launch a kids-only mode.
Also, the law is quite flexible and adaptable to further amendments and extension of coverage as and when required.
Gramm–Leach–Bliley Act (GLBA) 
The GLB Act, or the Financial Services Modernization Act of 1999, regulates privacy protection with regards to financial matters.
This act came into existence following the merger of the Citicorp bank and the insurance company Travelers Group, to regulate such mergers. Since these types of financial institutions directly manage the citizen’s data as well, the law monitors how these institutions collect, use, and store users’ data.
Summarizing the scope of this law, FTC explains,
“The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.”
GLBA is basically a successor of the 1933 Glass–Steagall legislation. The latter had certain restrictions over the amalgamation of financial institutions with security and insurance companies. Thus, GLBA removed the barriers thereby permitting the firms to develop different market strategies without comprising the citizen’s privacy in the USA.
Despite the advantages, the law often faces criticism due to how it facilitates the formation of financial giants. Nonetheless, as far as citizen’s financial privacy in the USA is concerned, the GLBA plays a key role.
Fair and Accurate Credit Transactions Act (FACTA) 
Today, when data breaches and identity thefts are becoming commonplace, you should thank this law for providing you with free annual credit reports.
Precisely, FACTA appeared as a dedicated federal law in late 2003 following an amendment to the Fair Credit Reporting Act.
The amendments empowered the subsequent FACTA to provide one free credit report to the citizens every 12 months from each of the three credit monitoring services – Experian, Equifax, and TransUnion).
In this way, FACTA primarily aims at reducing identity theft incidents by gathering accurate information, letting the customers correct any discrepancies in their credit reports, limiting the access of financial institutions to the consumers’ medical information, and protecting employee misconduct investigations.
Describing the law on their website, FTC states,
“It gives consumers the right to one free credit report a year from the credit reporting agencies, and consumers may also purchase, for a reasonable fee, a credit score along with information about how the credit score is calculated. The Act also requires the provision of “risk-based-pricing” notices and credit scores to consumers in connection with denials or less favorable offers of credit. The Act also adds provisions designed to prevent and mitigate identity theft, including a section that enables consumers to place fraud alerts in their credit files, as well as other enhancements to the Fair Credit Reporting Act.”
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) 
The CAN-SPAM Act is the main law that monitors spamming and email marketing. It typically works in a two-way manner.
That is, it protects consumers’ privacy in the USA (to some extent) from being barraged with spam messages. (Here, the backronym “CAN-SPAM” functions as a law canning spam.) At the same time, it also makes specific provisions for the services to let them spam. (It now serves as permission; “you can spam”.)
The CAN-SPAM act emerged in later 2003 in an attempt to curb unsolicited and disturbing spam emails. Yet, to avoid becoming an obstacle for harmless marketing and promotional emails, it has defined specific criteria for the emails to pass through.
Explaining this law, FTC states on its official portal,
“This Act establishes requirements for those who send unsolicited commercial email. The Act bans false or misleading header information and prohibits deceptive subject lines. It also requires that unsolicited commercial email be identified as advertising and provide recipients with a method for opting to receive any such email in the future. In addition, the Act directs the FTC to issue rules requiring the labeling of sexually explicit commercial email as such and establishing the criteria for determining the primary purpose of a commercial email.”
While the law sounds helpful, the main problem with this act is that it restricts the states from overriding CAN-SPAM.
Because of its leniency towards the sendersBesides and the preemption to state laws, CAN-SPAM has faced much criticism.
Nonetheless, it doesn’t mean that the law is entirely useless. In 2004, the act convicted the first spammer for war spamming. Since then, the law helped charge numerous convicts for spamming, phishing, and similar malicious activities.
State laws for internet privacy in the US
Although, the federal laws described above are pretty helpful for addressing cybercrimes and internet privacy violations.
Nonetheless, given the ever-changing nature of cybercrimes, these laws may, at times, fail at adequately addressing a crime. Or, they may leave some gaps in warranting thorough online privacy in the USA.
Numerous US states have devised state-level regulations for monitoring digital malpractices and privacy violations to overcome this problem.
Here is a quick review of how those states pave the way for complete internet privacy for Americans.
California is one the best states that has staunchly focused on users’ privacy in the USA. In fact, it won’t be wrong to say that Californian internet privacy laws served as an inspiration for other states.
The most important legislation is the California Consumer Privacy Act (CCPA) that came into effect in 2020. It appeared as the most comprehensive digital or internet privacy legislation that regulates various aspects of consumer privacy.
This law empowers internet users to have more control over their personal data that businesses collect about them.
According to the Office of The Attorney General, State of California Department of Justice (OAGCA),
“This landmark law secures new privacy rights for California consumers, including The right to know about the personal information a business collects about them and how it is used and shared; The right to delete personal information collected from them (with some exceptions); The right to opt-out of the sale of their personal information; and The right to non-discrimination for exercising their CCPA rights. Businesses are required to give consumers specific notices explaining their privacy practices. The CCPA applies to many companies, including data brokers.”
Precisely, this law applies to e-commerce and the overall collection of electronic communication data via various devices and the Internet of Things (IoT).
Shortly after the CCPA came into effect, the voters helped enforce another privacy legislation that jazzed up the authority of CCPA.
This agency is responsible for enforcing the privacy laws within the state, investigate privacy violations, and evaluate penalties. Also, it transformed the CCPA into a full-fledged law.
Delaware is yet another state that has inclusive legislation for users’ internet privacy in the USA.
The law, precisely known as the Delaware Online Privacy and Protection Act (DOPPA), came into effect in 2016.
Since then, it regulates how businesses and services can collect users’ personal data, practice advertising and marketing to the consumers, including children, and identify users via online books.
Though, the law isn’t as comprehensive as California’s. Still, it suffices to provide better information to the users about the status of their data privacy.
Notably, the law ensures privacy protection to children and e-readers. Whereas it also has separate clauses that regulate and prohibit unnecessary employee tracking.
Like California, Massachusetts has also set up an inclusive privacy protection law for the citizens.
Named as the “Massachusetts Data Privacy Law,” this law resembles the CCPA in the way it empowers the users over their data.
However, it has some deviations as well – although, the much-needed ones. For instance, it allows the users to even sue a part for possible violation of the data state privacy laws.
As stated in Section 9 of the bill, the “Private Right of Action,”
A consumer who has suffered a violation of this chapter may bring a lawsuit against the business or service provider that violated this chapter. A violation of this chapter shall constitute an injury, in fact, to the consumer who has suffered the breach. The consumer need not suffer a loss of money or property as a result of the violation to bring an action for a violation of this chapter.
Under this clause, the violator shall have to pay no more than $750 per consumer per incident (whichever is higher). This is in addition to the other costs, attorney fees, and other reliefs as the court deem appropriate.
This is just another state that has implemented somewhat strict legislation for privacy in the USA. They have implemented a comprehensive Illinois Personal Information Protection Act (PIPA) to protect their citizens.
Under this act, the state obliges all services collecting users’ data to inform the users promptly in the case of a security breach.
Also, it mandates businesses to seek explicit consent from the users before the collection of their biometric data.
This also holds true for any services that use facial recognition technology or fingerprint scans. For example, the way Facebook tags users’ photos based on its facial recognition technology, without explicit user consent, is questionable under this act.
Besides, this law also regulates the safe disposal policies for businesses, particularly for the disposal of information, including personal data.
Utah has also developed legislation for protecting the American’s personal information, entitled the “Protection of Personal Information Act.”
Their law mainly plays a crucial role in prohibiting all services from sharing users’ data with third parties. Yet, it also governs the safe disposal of users’ data by the businesses, prompt notification in case of breaches, and employee tracking.
Even before the state of California could impose the CCPA, Nevada came up with its own legislation for digital privacy. Though it didn’t gain much traction as the CCPA, it’s as good as the CCPA in empowering the Americans.
The law arrived as Senate Bill 220 got its approval in May 2019. The bill made changes to the existing privacy laws in Nevada, giving more control of personal information to the users.
This bill also compels the services to mention the type of information they collect explicitly, the third parties they would share the data with, a clear-cut disclosure about those third parties would process the data, and a straightforward opt-out option to the users.
Starting this year, New York made it to the news as Governor Andrew M. Cuomo announced the launch of a thorough privacy protection act. This law should supposedly give better control to the users over their digital data privacy in the USA.
While the New York Privacy Act is pending formal approval and enactment, it won’t be the first such move from the state.
In 2019, Governor Cuomo already put into effect the SHIELD (Stop Hacks and Improve Electronic Data) act. This law adds more accountability to the businesses regarding the handling of consumers’ data.
Inspired by the CCPA, Hawaii has also considered developing internet privacy laws for its citizens.
Though currently under discussion, the proposed bill for the privacy act monitors how businesses collect and deal with users’ data. It also requires the companies to give a clear opt-out option to the consumers alongside giving them the right to delete.
Another state inspired by California’s privacy laws is Maryland. This state has also come up with a replica of CCPA, the Maryland Online Consumer Protection Act.
Like CCPA, this law also regulates how businesses collect, share, and manage users’ data. However, what makes it better than CCPA is that it also necessitates it for the businesses to elaborate on third-party data sharing.
Currently, this law is under discussion, which means it isn’t in effect yet. However, whenever it does, it will surely be a blissful development for Maryland residents.
What about the other states?
Until now, we have only mentioned the states’ laws that actually do have noteworthy regulations in place.
While all 50 states do have some laws about data privacy in the USA, unfortunately, most of them revolve around data breaches. Given the absence of central federal law for it, we can’t really blame the individual states.
Perhaps, that’s why we frequently witness deliberate or inadvertent privacy violations by both the cybercriminals as well as by the tech giants, the advertisers, and others.
Nonetheless, to address this gap, the prevailing federal laws (or acts) that separately govern the different aspects of online practices do help to protect Americans.
Quick tips – How you can protect your internet privacy in the USA
Now that you know how the different federal and state laws within the USA protect your privacy, you can decide better if these laws are enough to ensure thorough protection to you.
If you find them less valuable, does it mean you would remain vulnerable to cyber threats for life?
Of course not!
You can also make some effort from your side to protect your internet privacy in the USA.
Though, we have separately compiled a detailed guide on the internet and computer security for you. However, if you’re running short of time, here we quickly list the most useful tips.
1. Protect your IP address
Your IP address is your digital identity. Thus, it requires as much protection as your identity card does. So, make sure to use a VPN to protect your IP address all the time.
2. Ensure thorough virus protection
When we say viruses, we mean everything from a web skimmer on websites targeting your payment data to the more sophisticated malware. Make sure you have the first line of defense, a robust antivirus, in place.
3. Stay away from phishing emails
While emails serve as your primary means of personal and business communications, they also serve as a primary source of cyber threats to you.
Particularly, phishing emails are the leading cause of data breaches and malware attacks with a domino effect. Therefore, whether you’re at home or at work, be wary of all emails that you don’t recognize at once.
4. Save yourself from web trackers and advertisers
Online ads are the most giantMainlyruders. They interrupt not only your browsing experience but also embed various trackers. Therefore, the first thing to protect your privacy in the USA or abroad is to use a good adblocker to block malicious ads.
Secondly, since the websites know you would use an adblocker, they adopt different other ways as well to track you. Some of these include cookies and other web trackers like embedded social media trackers.
Also, blocking ads on your desktop isn’t enough. Make sure you disable ad tracking across all your devices to keep your online privacy intact.
5. Leave no online traces behind
This is just an extension of the above-mentioned tip. The web trackers that the sites use help them profile you. To execute this profiling, they use browser and device fingerprinting that establishes a permanent connection between you and those parties.
To protect yourself from such tracking, make sure to use a VPN, browse in incognito modes, or use Tor, together with ad blockers and anti-trackers, to stay private.
6. Use social media responsibly
As we highlighted at the beginning of this guide, social media platforms like Facebook severely intrude on your privacy. So, whether you need to protect your privacy in the USA or abroad, make sure you use social media very carefully. Don’t share your personal stuff or any other activity online that you wouldn’t want a stranger to know.
7. Protect your online communication
Just as emails demand privacy, you should also protect your chats on messaging apps.
In fact, these online communications need more attention since they include a lot more information about you. (Just think for a while about how you use WhatsApp. Would you share your WhatsApp chats with us? We bet you won’t!)
Thus, make sure you use the most secure options to communicate online – services that neither collect your data nor share it with others (whether intentionally or accidentally). You can take a look at these best secure messaging apps to choose an appropriate communication platform.
8. Be wary of hackers
Whether you’re a student, a person at home, an employee, a business owner, or a veteran, you are always important to criminal hackers. Always remember this thing when online to prevent any hacking attacks or privacy intrusions.
9. Protect your kids online
While you can fend off cyber threats by practicing cybersecurity tips, what about your kids? They are more vulnerable to privacy breaches and online bullying, together with other cyber threats.
Train your kids to stay safe online. Also, play your part to provide them with a safe digital ecosystem by having all security tools in place.
10. Keep your business safe
Just as you and your family need privacy, your business also demands the same.
In fact, your business needs more online privacy and security. One mishap and your whole business, together with you, your staff, and your consumers, will be at stake.
Ensure that you protect your online network with the best business proxies. Also, spread cybersecurity awareness among your staff to prevent any internal threats.
Internet privacy in the USA – Future outlook
After Europe’s GDPR came into effect, it triggered almost all governments globally to come up with such thorough privacy protection acts.
Particularly, given the seemingly never-ending trail of privacy breaches and violations by tech giants (thanks to Facebook’s Cambridge Analytica scandal that prompted such legal actions), having thorough digital data privacy regulations is inevitable.
For the Americans, it became even more critical. That’s because the region is a technological hub with maximum users from within the USA.
Although, the country previously lacked such inclusive laws for ensuring internet privacy in the USA. Yet, with time, several amendments in those laws led to the enforcement of dedicated privacy protection acts nationwide. These, together with the state-wide privacy laws, as they come up, will surely provide you with better internet privacy than ever.
So, if you’re concerned about the lack of a US version of GDPR, don’t worry.
In the future, the USA will indeed have better laws properly defining personally identifiable information (PII) and the ways businesses should deal with it.
Also, you can anticipate getting an explicit right-to-delete alongside a better right-to-forget to enjoy complete digital privacy in the USA.
Looking forward to a better and safer tomorrow!