By Kateryna Kostiuchenko*
The world has changed dramatically with the advent of the Internet. The Internet brought endless opportunities to create bigger and better businesses, but it also brought more possibilities for yet unexplored issues, such as privacy and security concerns. The Internet reshaped the way we live our everyday lives; it has also reshaped the law. The most prominent emerging area of law is Internet law, and it has always been adjusting to societal changes as the online space continues to progress.
Privacy laws have existed in our country for a long time. Each state, however, has adapted privacy laws to its own system based on the Constitution, common law, and statutes, and there has never been one single national privacy law. The root of the fundamental right of protection of one individual’s privacy against invasion by others lies in the Restatement (Second) of Torts. Privacy is not only protected in the idea of personal physical space; it can also very much involve one’s senses, such as overseeing or overhearing someone’s private affairs, investigating into private concerns, opening private mail, or examining private bank accounts or personal documents. The law has also adjusted to the online space and applies strict rules to the Internet just as much as the physical world.
The Electronic Communications Privacy Act of 1986, the Communications Decency Act of 1996, and the Federal Trade Commission (“FTC”) are some of the main federal regulations and regulators of online space. The FTC is an independent government agency with the core mission of protecting U.S. consumers and enforcing antitrust laws. Its vision is inspired by the idea of having an empowered, informed public and protecting it from unfair business practices. With the advent of the Internet, and social media platforms in particular, privacy and security enforcement became one of the more prominent aspects of the FTC’s work. In the past five years, the FTC brought seventy-six cases against big tech companies for violating user privacy or security.
One of the latest FTC cases was filed against Twitter, a company that has been in news headlines for various reasons lately. According to the FTC, Twitter asked its users for personal data for the sole purpose of securing their accounts. However, the company misused the private information to gain monetary benefit. Since May 2013, Twitter has been asking its users to provide their emails and phone numbers under the promise that that information will be used for multi-factor identification and account recovery only. The FTC investigation has revealed that Twitter has also been using the provided consumer information for targeted ads. Twitter settled with the Department of Justice and the FTC in the amount of $150 million. The settlement will take place if approved by the federal court. This case also imposes on Twitter a prohibition against using consumers’ emails and phone numbers illegally and an obligation to notify its users of improper information use, as well as of the FTC action. “No CEO or company is above the law, and companies must follow our consent decrees,” the FTC concluded. “Consumers who share their private information have a right to know if that information is being used to help advertisers target customers,” said U.S. Attorney Stephanie M. Hinds for the Northern District of California. “Social media companies that are not honest with consumers about how their personal information is being used will be held accountable,” she added.
This year also marked the end of an investigation into another big tech company. Forty states sued Google, and the company agreed to pay a $392 million privacy settlement, which the Attorneys General called the biggest internet privacy settlement led by the Attorneys General. The core issue in the case is that Google kept tracking users’ locations when they connected to WiFi or used certain apps, even when they turned off location-tracking services, despite the fact that the company claimed to no longer collect geolocation data. Google separately settled a similar case against Arizona for $85 million. Additionally, as of June of this year, Google faces a $5 billion class action lawsuit for collecting users’ online activity information even when they were browsing in Google’s private Incognito mode. Thomas E. Loeser, a known class action attorney and a partner at Hagens Berman Sobol Shapiro, said: “Big Tech relies on confusing, incomplete and misleading disclosures about third party use of data.” That is true, and the hope is that it is going to change as the influx of litigation against big tech firms becomes prominent and consumers become more aware of and more educated about privacy laws.
There is essentially a trade-off of privacy—and potentially security—against the ease of access to information from anywhere, anytime. Tech platforms provide us with an ability to access entertainment, communicate with friends and followers, and share any thoughts we desire from the convenience of our pockets. Around seventy percent of individuals use social media platforms on a regular basis in the United States. The question is: will that trade-off be as easy now, as consumers are seeking clarity in what the big tech companies truly mean under their promise of privacy and security?
* J.D. Candidate, Class of 2023, Sandra Day O’Connor College of Law at Arizona State University.
 Ann Wooster, Invasion of Privacy by Internet or Website Postings, 54 A.L.R. 1, 1 (2010).
 James Grimmelmann, Internet Law 260 (12th ed. 2022).
 Telecommunications Act of 1996, Fed. Commc’n. Comm’n (2013), https://www.fcc.gov/general/telecommunications-act-1996; Telecommunications Act of 1996, Pub. L. No. 104-104, 110 Stat. 56; Grimmelmann, supra note 4.
 About the FTC, Fed. Trade Comm’n, https://www.ftc.gov/about-ftc.
 Grimmelmann, supra note 4.
 Joel Thayer, The Federal Government Conducted an Investigation of Big Tech’s Privacy Practices. Where Are the Results?, Hill (Oct. 26, 2022), https://thehill.com/opinion/technology/3703490-why-wont-government-release-results-of-investigation-into-big-techs-privacy-practices/.
 Lesley Fair, Twitter to Pay $150 Million Penalty for Allegedly Breaking Its Privacy Promises – Again, Fed. Trade Comm’n (May 25, 2022), https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again.
 Bobby Allyn, Twitter Will Pay a $150 Million Fine over Accusations It Improperly Sold User Data, (May 25, 2022), Nat’l Pub. Radio, https://www.npr.org/2022/05/25/1101275323/twitter-privacy-settlement-doj-ftc.
 Press Release, Dep’t Just., Twitter Agrees with DOJ and FTC to Pay $150 Million Civil Penalty and to Implement Comprehensive Compliance Program to Resolve Alleged Data Privacy Violations (May 25, 2022), https://www.justice.gov/opa/pr/twitter-agrees-doj-and-ftc-pay-150-million-civil-penalty-and-implement-comprehensive.
 Cecilia Kang, Google Agrees to $392 Million Privacy Settlement with 40 States, N.Y. Times (Nov. 14, 2022), https://www.nytimes.com/2022/11/14/technology/google-privacy-settlement.html#:~:text=More%20on%20Big%20Tech&text=Google%3A%20The%20tech%20giant%20agreed,company%20continued%20collecting%20that%20information.
 Christine Schiffner, ‘The Tide Is Turning’ on Big Tech as Plaintiffs Firms File More Data Privacy Lawsuits, Law (Feb. 16, 2022), https://www.law.com/nationallawjournal/2022/02/16/the-tide-is-turning-on-big-tech-as-plaintiffs-firms-file-more-data-privacy-lawsuits/?slreturn=20221020173828#:~:text=Plaintiffs%20firms%20and%20attorneys%20general,judgments%20are%20giving%20some%20indication.
 Thayer, supra note 9.
 Social Media Fact Sheet, Pew Rsch. Ctr. (Apr. 17, 2022), https://www.pewresearch.org/internet/fact-sheet/social-media/.