Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Intellectual Property Blog


Contact Us

250 Character(s) Remaining
Type the following characters: romeo, three, tango, three, papa, papa

* Indicates a required field.

McBrayer Blogs

Do You Know How the Cookies Crumble? Your Duty in Protecting E-Commerce Consumers’ Data Privacy

The pandemic led people to work from home, connect from home, shop from home, and, for many, entrepreneur from home. With every passing day, people and businesses are more reliant on e-commerce and the internet in general, and, at the same time, people and businesses are more sophisticated about privacy issues. People are now accustomed to seeing cookies notices whenever they land on a website, and they are generally familiar with the idea that websites may be collecting data about them. Many consumers even know that they may have rights to control how a business manages that private information collected.

However, the laws that have passed to regulate businesses and protect consumers’ data are varied depending on what the business behind the website does, where the business operates, and where the consumer interacting with the website lives. For example, the Commonwealth of Kentucky currently has no law governing a Kentucky business’s handling of Kentucky consumers’ data. Although legislation was introduced in February 2021 and is sitting in committee, it is unlikely to have any legal impact in 2022. However, that does not mean Kentucky businesses can ignore privacy laws; they may have obligations to consumers elsewhere.

E-commerce is not restricted to consumers residing in Kentucky, and businesses must concern themselves with the laws governing their business activities elsewhere. As such, that same Kentucky business may have obligations in Virginia or California to consumers in those places, as those states have famously passed privacy laws. The Kentucky business may also have very different obligations outside the United States’ borders. And, unfortunately for the business, those different states and countries’ laws aren’t the same, which means the Kentucky business—which has no obligations to Kentucky residents—has varying obligations outside of Kentucky’s borders depending on its type of business, level of business, and number of consumers using its business. Further complicating matters is the reality that by the end of 2022 those obligations may be different, as rules in each jurisdiction change over time, and the company may have new obligations in places like New York or Florida, where legislation unique to those states is pending.

In sum, privacy policies are diverse, complicated, and evolving. This is not a one-size-fits-all area of the law, and, therefore, a Kentucky company must not assume that it is safe to just copy and paste another company’s privacy policy. After all, that other company’s privacy policy may not apply to the copying company’s business or customers or, worse, the copied policy may itself not be compliant with any applicable laws. It is better to be safe than sorry. For assistance with e-commerce law and privacy issues, contact McBrayer today.

Bruce PaulBruce Paul is a Member of McBrayer law practicing in the firm's Louisville office.  His law practice primarily focuses on intellectual property, copyright law, trademarks, commercial and business litigation, employment law, and infringement litigation. Mr. Paul can be reached at bpaul@mcbrayerfirm.com or (502) 783-6245. 

Services may be performed by others. This article does not constitute legal advice.

Lexington, KYLouisville, KYFrankfort, KY: MML&K Government SolutionsWashington, D.C.