• by Wendy Davis , Staff Writer @wendyndavis, January 28, 2013

Signaling a heightened focus on privacy, Maryland Attorney General Douglas Gansler said on Monday that he has created a new unit that will monitor Web companies' data collection practices.

The Internet Privacy Unit will investigate several aspects of online privacy, including whether companies are complying with the Children's Online Privacy Protection Act. That law prohibits Web site operators from knowingly collecting personal data from children younger than 13. The Federal Trade Commission recently issued new regulations that broaden the law's reach by prohibiting ad networks from using behavioral targeting techniques on children.

That's not all the new unit will focus on. It will also work with industry representatives and privacy advocates, and will pursue enforcement actions. Perhaps most intriguingly, the new group intends to "examine weaknesses in online privacy policies."

In other words, even companies that post privacy policies might face scrutiny if the policies have loopholes, or outright allow the companies to collect or use data in questionable ways. That's significant because in the past, regulators tended to focus only on whether companies posted and complied with their privacy policies, and not on whether the data collection practices themselves were too broad.

Gansler, who serves as president of the National Association of Attorneys General, has said previously that online privacy is a priority. Last year, he put together a coalition of 36 attorneys general who said they were concerned by Google's new privacy policy. Despite the pushback, Google went ahead with its new policy, which allows it to combine data about signed-in users across a variety of products and services, including Gmail, Android, and YouTube.

Gansler isn't the first state Attorney General to carve out a new privacy unit. California Attorney General Kamala Harris did so last July. Since then, her office has started cracking down on mobile app developers who don't offer privacy policies. Last month, she filed suit against Delta Air Lines for allegedly failing to post a privacy policy for the Fly Delta app.

The moves come as consumers are expressing concerns about threats to privacy. Last week, Microsoft reported that two-thirds of users regularly delete cookies; today, TRUSTe reports that 72% of smartphone owners are more concerned about privacy on their phones than they were a year ago. Given the apparent consumer concerns, it wouldn't be surprising to see more state officials following the lead of Maryland and California.