Privacy concerns are the number-one factor deterring consumers from shopping online, [FOOTNOTE 1]and so commercial web sites are rushing to reassure potential customers by adopting privacy policies. Unhappily, many of these policies show few traces of the legal principles that apply to them, and may lead to more trouble than no policy at all.

Though America has long recognized privacy rights in personal information, the legal context for web site privacy policies is based partly on existing laws and principles and partly on new and rapidly evolving rules and practices. This article discusses the major legal issues related to web site privacy, including “fair information practices,” the FTC Act, [FOOTNOTE 2]contract law, the Children’s Online Privacy Protection Act, [FOOTNOTE 3]the Electronic Communications Privacy Act, [FOOTNOTE 4]the Fair Credit Reporting Act [FOOTNOTE 5]and the European Union’s data privacy directive. [FOOTNOTE 6]Drafting a successful web site privacy policy may require negotiating this minefield of statutes and precedents, as well as anticipating the law’s future direction.