Contemporary consumer privacy law in the United States is largely based on the Fair Information Practice Principles (FIPPs) which have instituted the popular “notice and choice” model of Internet consumer privacy protection. But, besides the overwhelming evidence of the failure of the notice and choice model, the FIPPs are conceptually challenged by the Internet of Things. If consumer privacy law is to survive in the twenty-first century, either the conflict between FIPPs and the Internet of Things must be resolved or an entirely new approach to consumer privacy must be devised.
If privacy policies are meant to secure informed consent from consumers before their personal data is collected, several studies have shown that they have failed. Consumers do not know what privacy policies are, often because they either do not read them or they cannot understand them. How should consumer privacy regulators address this failure? Drawing on lessons from current failures, some researchers are advocating a “nutrition label” approach to privacy policies.