The [Non]enforceability of Privacy Promises–Pinero v. Jackson Hewitt

23 01 2009

A recent court case reiterates that privacy policies aren’t the be-all, end-all panacea for protecting online privacy.

By Ethan Ackerman

One of the main arguments against a federal online privacy law has been that website privacy policies were a self-regulatory solution that was more than sufficient, permitted more flexibility, and bound parties as surely as any federal law. Real-life court cases continue to suggest the contrary.

From mid-90s FTC staff decisions to “encourage self-regulation” to the 1998 formalization of a Clinton administration e-commerce policy framework to the extension of this policy through both terms of the G.W. Bush Administration, “self-regulation” of online privacy has been the policy of the executive branch of the federal government. Similarly, “self-regulation” has been the primary card played (the 10 of spades?) against Congressional attempts to pass federal online privacy regulation, successful in stalling any legislation on the issue since at least the 106th Congress. Online industry lobby groups still emphasize that “self-regulation” is the only needed enforcement, and online privacy advocates cite self-regulation’s failures for the ‘decade of disappointment’ in internet privacy.

Meanwhile, outside of the policy debates, online activity has exploded, along with the collection and use of personal information online. Putting aside the real challenge of discovering unacceptable uses, sometimes that collection and use (or misuse) is egregious enough that someone sues over it. As the recent case of Pinero v. Jackson Hewitt Tax Service shows yet again, actual monetary damages matter more than egregiousness.


The content in this post was found at and was not authored by the moderators of Clicking the title link will take you to the source of the post.



Leave a comment

You must be logged in to post a comment