As privacy becomes more difficult to obtain, special interest groups and government departments have been in discussion about how to keep the rights of users preserved. The Federal Trade Commission (FTC) is a branch of the United States government that is intended to protect the country’s consumers. The FTC is working towards enforcing Privacy by Design, an initiative that would provide privacy settings within websites and software by default[1]. However, they have not addressed a number of Individual Privacy issues. Their official website outlines that online privacy and security is each individual user’s legal responsibility[2]. Unfortunately, the FTC has not assessed whether or not there are successful safeguards regarding linkage of data when economic acquisitions of aggregators occur, which is a frequent circumstance. Also, they have not looked into if aggregators in agreements with first-party sites are enforcing their policies or the terms outlined in said agreement regarding Data Leakage. It has not been verified whether users have the right to erase their personal data stored by the aggregators or hidden third party tracking methods.

There has been discussion among American and European committees about instituting opt-in or opt-out programs. This is when organizations set the legal standard for collecting user data or using cookies to pass on information. The European Commission has been trying to put into action a 2009 law that regulates cookies for advertising.[3] The decision has since shifted to letting the online advertising industry regulate itself, allowing users to opt-out of personally targeted ads. Consumer rights groups are in disagreement with this because they feel it doesn’t sufficiently protect users from third party companies obtaining their personal data without their permission. Instead they have petitioned to have opt-out as the default, giving users the option to opt-in to receiving ads based on a profile. A group of primary advisers and regulators called the Article 29 Working Party called a meeting to discuss the issue of opt-in/out. They ruled that opt-out is in violation of European privacy law because the user is not giving consent to use their personal information.

Currently, in the United States, there is no opt-in policy for email. Companies can send anyone direct advertising emails without their permission, requiring that the person opt-out if they do not want to receive the messages.[4] It is required by law to include opt-out instructions in advertisement emails.


  1. Krishnamurthy, B., Naryshkin, K., & Wills, C. (2011, May). Privacy leakage vs. protection measures: the growing disconnect. In Proceedings of the Web (Vol. 2, pp. 1-10).
  2. Privacy and Security | BCP Business Center. (n.d.). Privacy and Security | BCP Business Center. Retrieved March 29, 2014, from {{ #NewWindowLink: }}
  3. O’Brien, K.J. (2011). Setting boundaries for internet privacy. New York Times. Retreived from {{ #NewWindowLink: }}
  4. LISTERV (n.d.). Opt-In laws in the USA and EU. L-Soft. Retrieved from {{ #NewWindowLink: }}