NTIA Logo Electronic Privacy

The Internet and the growth of information technologies have enabled the transmission, processing, and storage of vast amounts of information about individuals. These developments have led to increasing concerns about online privacy and consumer protection, as well as continually growing debate and legislation regarding the best means for protecting consumers and providing recourse.

The U.S. approach to privacy and consumer protection online has traditionally relied on a combination of self-regulation, sector-specific legislation, and Federal Trade Commission (FTC) enforcement of its authority to prevent unfair and/or deceptive trade practices in commerce. Congress has adopted legislation to protect certain highly sensitive personal information, such as the Children's Online Privacy Protection Act of 1998, the Financial Services Modernization Act of 1999 (commonly known as Gramm-Leach-Bliley), and the Health Insurance Portability and Accountability Act of 1996 which required HHS to issue medical privacy regulations.

In other areas, NTIA and the Department of Commerce have played an instrumental role in encouraging private sector self-regulatory efforts, such as the posting of privacy policies. NTIA has also held workshops to raise awareness about online privacy issues that affect industry and consumers.


NTIA highlighted the role of technological tools and developments to enhance consumer privacy online at a technology fair and workshop in September 2000. At the workshop, privacy experts and industry representatives discussed the role that privacy enhancing tools can play in either a self-regulatory or regulated environment.

NTIA also held a joint public workshop with the FTC in November 1999 on “online profiling” (the practice of creating consumer profiles for targeted advertising by tracking consumer movements online), at which key members of the profiling ad industry formed the Network Advertising Initiative to develop self-regulatory guidelines.

In 1998, NTIA and the Department of Commerce held one of the first conferences on the topic of online privacy. NTIA requested comments on various aspects of Internet privacy, including comment on the staff discussion paper "Elements of Effective Self Regulation for Protection of Privacy."

International Privacy

Because of the borderless nature of the Internet and electronic commerce, the issue of online privacy has been the subject of great interest and debate in the international community. One organization that has been at the forefront of the international discussion has been the Organization for Economic Cooperation and Development (OECD). The OECD has been examining alternatives for implementing in the online environment the OECD's 1980 Privacy Guidelines. The 1980 Guidelines established the four principles of notice, choice, access, and security.

In response to the European Union's adoption of the 1995 Data Protection Directive, the U.S. signed a Safe Harbor Agreement ("Agreement") with the European Union in July 2000 that allows U.S. companies that adhere to certain self-regulatory guidelines to exchange consumer data with European counterparts. Currently there are over 150 companies that have self-certified to the Sage Harbor Agreement. Others are still considering how to implement the Agreement. The International Trade Administration negotiated and administers the Agreement in the United States.

See Also: Other Related Privacy Links

For more information contact:

Wendy Lader
Office of Policy Analysis and Development

Judy Kilpatrick
Office of International Affairs

U.S. Department of Commerce
National Telecommunications and Information Administration
14th Street & Constitution Avenue, N.W., Room 4725
Washington, D.C. 20230

voice: (202) 482-1880
fax: (202) 482-6173

NTIA Homepage