Delaware Governor Signs Internet Privacy, Safety Package into Law

Students, employees and victims offered new safeguards for personal data and rights.

by / August 10, 2015
At Moss Hill Elementary in Kinston, N.C., second grader Jaylin Solomon reacts to the photograph he took of himself on his iPad. On Aug. 7, Delaware Gov. Jack Markell signed into law a four-part Internet privacy and safety package that will help to protect the personal information of school-aged children, among others. Flickr/Zach Frailey

Four new pieces of legislation aimed at protecting consumers and children on the Internet were signed into Delaware law Friday, Aug. 7.

Delaware Gov. Jack Markell signed the new rules as part of a four-part Internet privacy and safety package designed to safeguard the information and integrity of a number of at-risk groups.

According to a press release, the laws will help to protect the personal information of school-aged children, prevent the distribution of victim’s personal information and stop the practice of employers demanding access to their employees' personal social media accounts.

Two of the laws are geared toward school-aged children. The Delaware Online Privacy and Protection Act prohibits the marketing of age-restrictive products, like cigarettes and alcohol, to children through websites and mobile applications directed at youth. The act specifically prohibits the use of personal information to target children with the intent to market restricted items or services.

In addition, the Online Privacy and Protection Act requires commercial websites and apps to disclose the "personally identifiable information" collected about users and how it will be used through a privacy policy. Online book services may not share customers’ reading information without a court order, as “what people read can reveal or imply much about them.”

The Student Data Privacy Protection Act focuses on protecting the personal information of students who use technology to complement and enhance their education. The legislation would prohibit education technology service providers from selling student data and using the data to target advertising to students and their families.

Service providers would also be prohibited from collecting data for the purposes of non-educational purposes and will require “reasonable procedures and practices for ensuring the security of student data they collect or maintain.”

The law requires that educational service providers protect the data and are subject to deleting the student data if an appropriate request is made by a school district. A Student Data Privacy Task Force will also be created under the law.  

The Victim Online Privacy Act will protect the victims of domestic violence, sexual assault and stalking from having their address, photograph or telephone number distributed online for the purposes of inciting harm against them.

The bill is an extension of the Department of Justice’s Address Confidentiality Program.

The Employee/Applicant Protection for Social Media Act prevents employers from demanding access to an employee's or applicant’s personal social media accounts. Under the new rule, employees are also protected from being forced to log in for the employer, accepting the employer as a “friend,” or being forced to disable their account’s privacy settings so that the employer can view their full online profile.

While the bill does limit the means of access for an employer, it does not prohibit an employer from investigating and punishing conduct that harms the employer or business. The law also allows employers to retain control over company accounts created for business purposes.