The issue arises because Toysmart.com operated a privacy policy
assuring customers that their personal information, including
names, addresses and credit card numbers, would not be shared with
a third party.
The Federal Trade Commission (FTC), which brought the action
against Toysmart.com on 10 July, will argue that the sale should
not be allowed as it would break the confidentiality promise made
by the company to its customers.
If this situation were to arise in the UK, the company’s action
would be a clear breach of current data protection law. However,
the US has no data protection specific policies and so regulation
of this area is often unclear.
Recently, the FTC attempted to overcome this in its
investigations into DoubleClick’s plans to link up a database with
information on 90% of US consumers with its own resources in order
to improve advertising.
The investigations were based on possible privacy breaches of
provisions in the Federal Trade Commissions Act relating to unfair
or deceptive trading practice. In response to the FTC’s actions
DoubleClick took the step of setting up its Consumer Privacy
Advisory Board.
