Maryland’s Attorney General, Douglas Gansler, announced January 28, 2013 that Maryland has a new Internet Privacy Unit to monitor the data collection practices of online companies. According to the Attorney General’s press release, the Internet Privacy Unit will
monitor companies to ensure they are in compliance with state and federal consumer protection laws, including the Children’s Online Privacy Protection Act (COPPA), which, in most cases, restricts companies from collecting personal information of children under 13 years old. The Unit will also examine weaknesses in online privacy policies and work alongside major industry stakeholders and privacy advocates to provide outreach and education to businesses and consumers to broaden awareness about privacy rights so they are more equipped to manage online privacy challenges. Additionally, the Unit will pursue enforcement actions where appropriate to ensure consumers’ privacy is protected.
One of the most intriguing lines in the release is that the new Internet Privacy Unit will “examine weakness in online privacy policies.” Regulatory agencies have to date focused on whether companies say what they do and do what they say in privacy policies, but not whether there were “weakness[es]” in those policies. Without clear legislative standards, determination of what the Maryland Internet Privacy Unit considers to be a “weakness” could well be a data protection practice that is well within the scope of existing law. We will be watching developments on this front with great interest.