The issue arises because Toysmart.com operated a privacy policy assuring customers that their personal information, including names, addresses and credit card numbers, would not be shared with a third party.
The Federal Trade Commission (FTC), which brought the action against Toysmart.com on 10 July, will argue that the sale should not be allowed as it would break the confidentiality promise made by the company to its customers.
If this situation were to arise in the UK, the company’s action would be a clear breach of current data protection law. However, the US has no data protection specific policies and so regulation of this area is often unclear.
Recently, the FTC attempted to overcome this in its investigations into DoubleClick’s plans to link up a database with information on 90% of US consumers with its own resources in order to improve advertising.
The investigations were based on possible privacy breaches of provisions in the Federal Trade Commissions Act relating to unfair or deceptive trading practice. In response to the FTC’s actions DoubleClick took the step of setting up its Consumer Privacy Advisory Board.