Electronic Communications Privacy Act

Like the CFAA, the Electronic Communications Privacy Act (ECPA) was originally passed in the 1980s. The ECPA prohibits the intentional interception of electronic communications, the intentional disclosure of electronic communications wrongfully obtained, and the intentional use of electronic communications wrongfully obtained.

Observers have suggested that the EPCA could limit the use of “online profiling.” Profiles are compiled by tracking users’ movements online, usually by the use of cookies (pieces of code that are placed on users’ computers when they visit a website that compiles information about users the websites use when the users make return visits). These cookies are often traded between sites so that online profiles of Internet users can be built, and marketing information can be targeted as specific users.

The ECPA contains an exception to its general rules about electronic communications that allows the interception and dissemination of electronic communications when one party to the communication has given consent. This would limit the use of EPCA in terms of online profiling since the site the user is in direct contact with would be allowed to use the consumer’s information under this exception.

Inside Electronic Communications Privacy Act