What’s Mine is Theirs: Data Aggregation Legislation and Regulation on the Individual Consumer Level

This thesis explores the current regulatory and legislative protections afforded to consumers’ personal data in the United States and argues that there are insufficient protections in place to protect against the aggregation and dissemination of personal data of social media users. Three specific areas pertinent to the protection of personal data are studied: federal legislation and regulations, litigation, and contract considerations. This investigation ultimately finds federal legislation and regulation generally ineffective, as most legislation is outdated and regulatory bodies, namely, the FTC and the FCC, are unable to provide protection. The FTC lacks the authority to control conduct that is not, in and of itself, deceptive, and the FCC does not have direct jurisdiction over the Internet. Additionally, this paper explores several examples of state legislation and specific litigation attempts that have failed to effectively protect the privacy of individuals’ data mined through social media sites. An examination of personal data protection as it pertains to an individual’s DNA is utilized as an analogy, drawn for the purpose of exploring another area in which technology is outpacing the legal privacy protections afforded to individuals. While seemingly vastly different, the collection and sale of information gathered from consumers’ DNA and the collection and sale of consumers’ personal data is quite similar in that each provides insights into the individual that are intrusive and shines light on the lack of protection available for this information. This thesis ultimately recommends that the Federal Government create legislation that puts the burden of privacy protection on the consumer by mandating that social networking sites obtain consumer permission to collect and sell personal data by means of opt-­‐in, rather than opt-­‐out, user agreement models.