<P> There are significant differences between the EU data protection and US data privacy laws . These standards must be met not only by businesses operating in the EU, but also by any organization that transfers personal information collected concerning citizens of the EU . In 2001 the United States Department of Commerce worked to ensure legal compliance for US organizations under an opt - in Safe Harbor Program. (29) The FTC has approved TRUSTe to certify streamlined compliance with the US - EU Safe Harbor . </P> <P> In 1995 the European Union (EU) introduced the Data Protection Directive for its member states . As a result, many organizations doing business within the EU began to draft policies to comply with this Directive . In the same year, the U.S. Federal Trade Commission (FTC) published the Fair Information Principles which provided a set of non-binding governing principles for the commercial use of personal information . While not mandating policy, these principles provided guidance of the developing concerns of how to draft privacy policies . </P> <P> The United States does not have a specific federal regulation establishing universal implementation of privacy policies . Congress has, at times, considered comprehensive laws regulating the collection of information online, such as the Consumer Internet Privacy Enhancement Act and the Online Privacy Protection Act of 2001, but none have been enacted . In 2001, the FTC stated an express preference for "more law enforcement, not more laws" and promoted continued focus on industry self - regulation . </P> <P> In many cases, the FTC enforces the terms of privacy policies as promises made to consumers using the authority granted by Section 5 of the FTC Act which prohibits unfair or deceptive marketing practices . The FTC's powers are statutorily restricted in some cases; for example, airlines are subject to the authority of the Federal Aviation Administration (FAA), and cell phone carriers are subject to the authority of the Federal Communications Commission (FCC). </P>

Who is required to have a privacy policy