Skip to main content

This article, Staying Up To Date on U.S. Online Privacy Laws is shown as originally published on

With the majority of Americans concerned about their online privacy, and states like California taking measures to ensure that digital consumers are protected, marketers need to be fully aware of laws that not only affect how we advertise, but that could also cost us money if we fail to comply.

There is an abundance of information to become familiar with before launching a new campaign or website or even sending out a monthly newsletter — from how companies allow consumers to opt out of emails to how they store data collected when visitors access their website. And as marketers, it’s our responsibility to work transparently with the laws protecting consumers. Not only does this keep companies compliant, but it also builds a level of trust with customers.

U.S. Online Privacy Laws That Marketers Should Know About

Some of the online privacy laws to be aware of include:

The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the CAN-SPAM Act), which was enacted by Congress to address concerns about unwanted and unsolicited emails. The act provides numerous requirements for email marketers, including making it easy for consumers to opt out of emails and honoring such requests in a timely manner; being honest in the email header and subject line; and sharing your location with recipients.

The Children’s Online Privacy Protection Act (COPPA). COPPA assists parents in controlling what online information is collected from their children younger than 13. To comply with COPPA, companies that collect children’s personal information must make it explicitly clear what information they’re gathering and how they’re using it, limit the length of time that they retain information, and get consent from parents to collect the data and allow parents to revoke their consent.

• Their gross annual revenues are over $25 million.

• They buy, sell or receive “the personal information of 50,000 or more consumers, households or devices.”

• They earn more than half of their yearly revenue from selling the personal information of consumers.

Getting Started With Compliance

If you haven’t taken steps to ensure that your company is complying with online privacy laws, the time is now. Here are some of the steps our company has taken, and we recommend others do the same:

• We’ve created Google Alerts for updates to privacy laws that could affect us.

• We read relevant industry articles.

• We have an open line of communication with an attorney, and we defer to them on what additional steps we may need to take. Privacy laws can be fluid, and it can be hard to understand all of the implementation and compliance aspects.

• We audit our website’s privacy policy, as well as our clients’ privacy policies, at least every six months.

As more states create their own online privacy laws, the waters will likely get muddied and harder to navigate. It’s the responsibility of all marketers, advertisers and digital agencies to keep abreast of changes and comply with the evolving laws.