Academic journal article St. John's Law Review

It's Nothing Personal: Why Existing State Laws on Point-Ofsale Consumer Data Collection Should Be Replaced with a Federal Standard

Academic journal article St. John's Law Review

It's Nothing Personal: Why Existing State Laws on Point-Ofsale Consumer Data Collection Should Be Replaced with a Federal Standard

Article excerpt

"Are you interested in signing up to receive exclusive offers and news about our products via email?" We almost all have fielded some variant of this question at the check-out counters of the retail stores we frequent. And it is no wonder that businesses continue to experiment with new methods of obtaining our email addresses-it has been forecasted that, by 2019, more than 246 billion emails will be exchanged around the world each day.1 In 2018, the prevalence of email in our daily lives is already overwhelming, making it "one of the most profitable and effective" platforms out there for promotional messaging.2 From a commercial standpoint, email-"the lifeblood of the internet"-allows for expansion beyond the traditional bounds of advertising and helps businesses penetrate the broader worlds of consumers.3

Technological growth as rapid as that which has occurred in the digital space over the past several decades is almost certain to generate ambiguities across all areas of the law. Privacy, and information privacy in particular, is one field in which especially puzzling questions have arisen. information privacy, as distinguished from decisional privacy-the focus in Roe v. Wade, for example-can be viewed "as the result of legal restrictions and other conditions, such as social norms, that govern the use, transfer, and processing of personal data."4 In the United States, information privacy is a segmented body of law, made up of a disconnected set of sector-specific rules, which have been established by an unintended mix of "federal and state legislatures, agencies and courts, industry associations, individual companies, and market forces."5 Other commentators similarly have described United States information privacy as "ad hoc,"6 "patchwork,"7 and "piecemeal,"8 the oversight of which has been entrusted to "a hodgepodge" of uncoordinated actors.9

Much of today's uncertainty in this area stems from the challenges those actors have faced in adapting a core principle of information privacy law-namely, what has been dubbed "personal data,"10 "personal information,"11 or "personally identifying information ('PII')"12-to contemporary life. Because it is the "personal" quality of certain types of information that springs consumer rights,13 a clear definition of what counts as "personal" is crucial to any law in this sphere. Traditionally defined as "information relating to an identifiable individual,"14 from a modern perspective, personal data is a much hazier concept, and no standard definition has been established in the United States.15 In today's world, even "a few scraps" of anonymous data on the Internet can be enough to piece together someone's identity;16 thus, as the development of technology continues to accelerate onward, some commentators suggest adherence to a definition of personal data that is more fluid and dependent upon continuing social advancements.17

One subset of information privacy law that has proven particularly murky in modern application is that which governs how private entities collect the personal information of consumers during in-store transactions. California's Song-Beverly Credit Card Act ("Song-Beverly" or the "Song-Beverly Act"), for example, which was enacted in 1971 to bolster consumer protections against credit card fraud and preserve data privacy, prohibits businesses from requesting or requiring that a customer provide personal identification information during the course of a credit card transaction, subject to limited exceptions.18 Similar laws have been enacted in several other jurisdictions, and they each apply to varying categories of information, transactions, and conduct.19 One element that is consistent among them, however, is that they all were passed before "the advent of modern electronic payment methods, online transactions, downloadable products and the Internet," rendering their application in today's retail atmosphere uncertain.20 Judicial interpretation of these laws necessarily involves some gap filling, and often varies from one jurisdiction to the next, leaving consumers with inconsistent safeguards and businesses with scant guidance on how to maintain compliant practices. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.