New York is now one of the 43 states where “revenge porn,” the posting of explicit photographs or videos to the Internet without the subject’s consent, is punishable by law. See how far the states have come – find out how many had criminalized revenge porn as of 2014, when Socially Aware first covered the

The U.S. Supreme Court on Oct. 16, 2017, announced it had granted the government’s petition for certiorari in United States v. Microsoft and will hear a case this Term that could have lasting implications for how technology companies interact with the U.S government and governments overseas. At issue is a consequential Second Circuit decision from last year that held that warrants issued under the Stored Communications Act (SCA) do not reach emails and other user data stored overseas by a U.S. provider.

While no federal appellate court besides the Second Circuit has squarely addressed the issue, multiple district courts outside the Second Circuit have declined to follow the Second Circuit’s reasoning in similar fact patterns involving other technology giants. The result is that U.S. law enforcement has different authority to access foreign-stored user data depending on where in the United States a warrant application is made. Google, for example, has expended significant resources to develop new tools to determine the geographic location of its users’ data so as to be in accord with the Second Circuit’s approach. Yet the company currently faces a hearing on sanctions for its alleged willful noncompliance with law enforcement requests in the Ninth Circuit based on a district court ruling that parted ways with the Second Circuit.


Continue Reading

In this era of big data, a company’s value may increasingly depend on the value of the information it has collected and stored. As companies amass ever-growing amounts of often sensitive personal data, the privacy and cybersecurity risks involved in mergers and acquisitions have become greater. As a result, today’s M&A transactions necessarily require deep

Because it bases its assesments on job title, location and industry, LinkedIn’s new Salary feature might be more accurate than are other online compensation estimation tools.

States are trying to pass laws that balance bereaved people’s desire to access their deceased loved ones’ social media accounts with the privacy interests of the account holders and

lines of binary codes traveling through the virtual tunnel

Deluged with an unprecedented amount of information available for analysis, companies in just about every industry are discovering increasingly sophisticated ways to make market observations, predictions and evaluations. Big Data can help companies make decisions ranging from which candidates to hire to which consumers should receive a special promotional offer. As a powerful tool for

We’re trying something new here at Socially Aware: In addition to our usual social-media and tech-law analyses and updates, we’re going to end each work week with a list of links to interesting social media stories around the Web, primarily things that caught our eye during the week that we may or may not

The European Commission (the “Commission”) and the U.S. Department of Commerce issued the draft legal texts for the much anticipated EU-U.S. Privacy Shield (the “Shield”), set to replace the currently inoperative Safe Harbor program (“Safe Harbor”). The new agreement is aimed at restoring the trust of individuals in the transatlantic partnership and the digital economy, and putting an end to months of compliance concerns of U.S. and EU companies alike. The draft will be discussed with EU data protection authorities (“DPAs”) and adopted by Member States representatives before it becomes binding.

The publication of the Shield documents, on February 29, 2015, came at a time of high expectations and a certain tension. Last October, the European Court of Justice (the “ECJ”) invalidated the Commission’s decision 2000/520/EC and effectively shut down the Safe Harbor framework, which until then allowed thousands of European companies to send personal information to U.S. companies that had committed to protecting personal information.   As a result, thousands of U.S. and EU companies were suddenly left in a legal limbo.  In response to the risk of enforcement against companies relying on Safe Harbor, and to address the concerns raised by EU DPAs, the Commission announced in early February that a new political agreement had indeed been reached with the U.S. government. It also made good on its promise to make the details of the agreement public by month’s end.

At first glance, the Shield bears a strong resemblance to Safe Harbor, which misled some commentators to denounce it as a mere duplicate in disguise.  However, the Shield introduces substantial changes for data protection, including additional rights for EU individuals, stricter compliance requirements for U.S. organizations, and further limitations on government access to personal data. From the perspective of U.S. companies, it appears that the Shield may actually signify a shift to heavily monitored compliance. In this sense, the question may no longer be “How good is the Privacy Shield for privacy?” but rather “How burdensome will it become for businesses?”

This alert takes a closer look at the Shield and highlights some of the key differences from the Safe Harbor and other available data transfer mechanisms.

Some of the key takeaways include:

  • Safeguards related to intelligence activities will extend to all data transferred to the U.S., regardless of the transfer mechanism used.
  • The Shield’s dispute resolution framework provides multiple avenues for individuals to lodge complaints, more than those available under the Safe Harbor and alternative transfer mechanisms such as Standard Contractual Clauses or Binding Corporate Rules.
  • An organization’s compliance with the Privacy Shield will be directly and indirectly monitored by a wider array of authorities in the U.S. and the EU, possibly increasing regulatory risks and compliance costs for participating organizations.
  • The Department of Commerce will significantly expand its role in monitoring and supervising compliance, including by carrying out ex officio compliance reviews and investigations of participating organizations.
  • Participating organizations will be subjected to additional compliance and reporting obligations, some of which will continue even after they withdraw from the Privacy Shield.

Overview

The Commission made public all the documents that will constitute the new agreement, namely: a draft Adequacy Decision, FAQs, a Factsheet, Annexes detailing the principles and various compliance mechanisms, and a Commission Communication describing the current developments in the broader context of transatlantic discussions of the past few years.

In its press release, the Commission stated that the Shield “reflects the requirements” set by the ECJ in its ruling from October 6, 2015 (the “Schrems ruling”). As a reminder, key concerns of the Schrems ruling included: (1) the indiscriminate and excessive government access to EU citizens’ personal information, and (2) the lack of judicial redress mechanisms for EU citizens for privacy related complaints.

According to the Commission, the Shield will provide for “strong obligations on US companies” as well as “robust enforcement” mechanisms to ensure that such obligations are complied with. It will lay down “clear safeguards and transparency obligations on US government access.” Thirdly, it will ensure effective redress of EU Citizens’ rights by means of “several redress possibilities.” Finally, an annual joint review mechanism will allow the Commission, the U.S. Department of Commerce, and the European DPAs to monitor how well the Shield functions.
Continue Reading

Magnifying2In a new report, the Federal Trade Commission (FTC) declines to call for new laws but makes clear that it will continue to use its existing tools it to aggressively police unfair, deceptive—or otherwise illegal—uses of big data. Businesses that conduct big data analytics, or that use the results of such analysis, should familiarize themselves with the report to help ensure that their practices do not raise issues.

The report, titled “Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues” grew out of a 2014 FTC workshop that brought together stakeholders to discuss big data’s potential to both create opportunities for consumers and discriminate against them. The Report aims to educate businesses on key laws, and also outlines concrete steps that businesses can take to maximize the benefits of big data while avoiding potentially exclusionary or discriminatory outcomes.

What Is “Big Data”?

The Report explains that “big data” arises from a confluence of factors, including the nearly ubiquitous collection of consumer data from a variety of sources, the plummeting cost of data storage, and powerful new capabilities of drawing connections and making inferences and predictions from collected data. The Report describes the life cycle of big data as involving four phases:

  • Collection: Little bits of data are collected about individual consumers from a variety of sources, such as online shopping, cross-device tracking, online cookies or the Internet of Things (i.e., connected products or services).
  • Compilation and Consolidation: The “little” data is compiled and consolidated into “big” data, often by data brokers who build profiles about individual consumers.
  • Data Mining and Analytics: The “big” data is analyzed to uncover patterns of past consumer behavior or predict future consumer behavior.
  • Use: Once analyzed, big data is used by companies to enhance the development of new products, individualize their marketing, and target potential consumers.

The Report focuses on the final phase of the life cycle: the use of big data. It explores how consumers may be both helped and harmed by companies’ use of big data.

Benefits and Risks of Big Data

The Report emphasizes that, from a policy perspective, big data can provide significant opportunities for social improvements: big data can help target educational, credit, health care, and employment opportunities to low-income and underserved communities.  For instance, the Report notes that big data is already being used to benefit underserved communities, such as by providing access to credit using nontraditional methods to establish creditworthiness, tailoring health care to individual patients’ characteristics, and increasing equal access to employment to hire more diverse workforces.
Continue Reading