As Socially Aware readers know, social media is transforming the way companies interact with consumers. Learn how to make the most of these online opportunities while minimizing your company’s legal risks at Practising Law Institute’s (PLI) 2018 Social Media conference, to be held in San Francisco on Thursday, February 1st, and in New York City on Wednesday, February 14th; both events will be webcasted. The conference will be chaired by Socially Aware co-editor John Delaney, and our other co-editor, Aaron Rubin, will also be presenting at the event.

Topics to be addressed will include:

  • The new business opportunities—and legal risks—that social media is providing for businesses
  • What every company should know about online contractual eco-systems
  • How to avoid running afoul of the law when employing social media influencers and using marketing tools like user-generated content, hashtags and native advertising online
  • The privacy-related developments that have arisen in connection with geo-location tracking and interest-based advertising
  • How to minimize the risks that accompany social media use in the workplace

In addition, an in-house panel will provide creative solutions to real-world social-media-related issues and address emerging social media trends.

Don’t miss this opportunity to get up-to-date information on the fast-breaking developments in the critical area of social media so that you can most effectively meet the needs of your clients.

For more information or to register, please visit PLI’s website here. We hope to see you there!

“My Google Home Mini was inadvertently spying on me 24/7 due to a hardware flaw,” wrote a tech blogger who purchased Google Inc.’s latest internet of things (IoT) device. Following the incident, a pact of consumer advocacy groups insisted the U.S. Consumer Product Safety Commission (CPSC) recall the Google smart speaker due to privacy concerns arising when the device recorded all audio without voice command prompts.

The CPSC is charged with protecting consumers from products that pose potential hazards. Traditionally, this has meant hazards that may cause physical injury or property damage. But as internet-connected household products continue to proliferate, issues like the “always-on” Google Home Mini raise an important question: Where does cybersecurity of consumer IoT devices fit within the current legal framework governing consumer products?

The Explosion of IoT

Forecasts predict that by 2020 IoT devices will account for 24 billion of the 34 billion devices connected to the internet. According to a recent Gemalto survey, “[a] hacker controlling IoT devices is the most common concern for consumers (65%), while six in ten (60%) worry about their data being stolen.”

The rapid growth of the IoT market and continued integration into daily life raises the question of which regulatory body or bodies, if any, should be responsible for consumer safety when it comes to cybersecurity for consumer IoT devices.

The Intersection of Consumer Product Safety, Privacy and Cybersecurity

The CPSC’s jurisdiction has traditionally been limited to physical injury and property damage. It is “charged with protecting the public from unreasonable risks of injury or death associated with the use of the thousands of types of consumer products under the agency’s jurisdiction.” Continue Reading Connected Devices Bring New Product Liability Challenges

Following a recent U.S. district court’s ruling, foreign companies operating cloud-based services may find themselves subject to federal long-arm jurisdiction under the Federal Rules of Civil Procedure 4(k)(2), even if they have no physical presence in the United States. In reaching its decision, the court noted that the question was ripe for consideration by the court of appeals; thus, it remains to be seen whether the decision will stand if appealed.

In Plixer International, Inc. v. Scrutinizer GMHB, the District Court of Maine ruled that, while jurisdiction would not exist under Maine’s long-arm statute, the court had specific personal jurisdiction over a German company under federal long-arm statute. Rule 4(k)(2), the federal long-arm statute, provides that serving a summons or filing a waiver of service establishes personal jurisdiction over a defendant if the defendant is not subject to jurisdiction in any state’s courts of general jurisdiction as long as exercising jurisdiction is consistent with the U.S. Constitution and laws.

Continue Reading Foreign Cloud-Based Service Providers May Be Subject to Personal Jurisdiction in the United States

The U.S. Supreme Court on Oct. 16, 2017, announced it had granted the government’s petition for certiorari in United States v. Microsoft and will hear a case this Term that could have lasting implications for how technology companies interact with the U.S government and governments overseas. At issue is a consequential Second Circuit decision from last year that held that warrants issued under the Stored Communications Act (SCA) do not reach emails and other user data stored overseas by a U.S. provider.

While no federal appellate court besides the Second Circuit has squarely addressed the issue, multiple district courts outside the Second Circuit have declined to follow the Second Circuit’s reasoning in similar fact patterns involving other technology giants. The result is that U.S. law enforcement has different authority to access foreign-stored user data depending on where in the United States a warrant application is made. Google, for example, has expended significant resources to develop new tools to determine the geographic location of its users’ data so as to be in accord with the Second Circuit’s approach. Yet the company currently faces a hearing on sanctions for its alleged willful noncompliance with law enforcement requests in the Ninth Circuit based on a district court ruling that parted ways with the Second Circuit.

Continue Reading SCOTUS to Resolve Lower-Court Dispute Over U.S. Warrants Seeking Foreign-Stored User Data

Recent challenges to the Federal Trade Commission’s (FTC) authority to police data security practices have criticized the agency’s failure to provide adequate guidance to companies.

In other words, the criticism goes, businesses do not know what they need to do to avoid a charge that their data security programs fall short of the law’s requirements.

A series of blog posts that the FTC began on July 21, 2017, titled “Stick with Security,” follows promises from acting Chair Maureen Ohlhausen to provide more transparency about practices that contribute to reasonable data security. Some of the posts provide insight into specific data security practices that businesses should take, while others merely suggest what, in general, the FTC sees as essential to a comprehensive data security program. Continue Reading More Insight From the FTC on Data Security—or More of the Same?

Nearly all companies—whether they’re focused on the B2C market or the B2B market—have embraced social media as a way to promote their goods and services and to interact with customers and potential customers. The growing use of social media has, however, created challenges for federal securities regulators who must enforce antifraud rules that were written prior to the digital age.

Our Guide to Social Media and the Securities Laws summarizes how regulation has evolved in the face of the growing use of social media. It discusses the principal areas of focus for SEC-reporting companies, registered investment advisers, registered investment companies and registered broker-dealers that use social media.

Read our Guide to Social Media and the Securities Laws.

On July 21, 2017, following last June’s announcement that the Delaware House of Representatives had passed (with near unanimity) blockchain-related provisions proposing to amend several sections of the Delaware General Corporation Law (DGCL), the Delaware Governor officially signed the legislation into law.

The newly enacted legislation provides, among other things, specific statutory authority for Delaware corporations to use “distributed electronic networks or databases,” aka distributed ledgers or blockchain technology, for the creation and maintenance of corporate records, including the corporations’ stock ledger.[2]

1. The Use of Blockchain Technology for the Creation and Administration of Corporate Records

Section 219(c) of the DGCL provides that a stock ledger of a Delaware corporation is the only evidence of the identity of stockholders of the corporation who are entitled to inspect the list of stockholders and to vote at meetings.

Until now, under current recordkeeping practice, the stock ledger of a corporation could only be created and maintained by a corporate secretary or a corporation’s transfer agent. Often, a stock ledger consists of a capitalization table, i.e., electronically encoded data on a computer program like Microsoft Excel, which is producible in printed form. Continue Reading Delaware Governor Signs Groundbreaking Blockchain Legislation into Law

In the most recent edition of his CyberSide Chat series, Socially Aware contributor Andy Serwin discusses emerging cybersecurity issues including:

  • The need to strike a balance between the efficiencies of the Internet of Things and the increased cyberattack vulnerability that usually goes along with using extra devices;
  • The pre- and post-cyber-breach steps a company can take to mitigate the damage that could be caused by a theft of the company’s data or an attempt to shut down its systems;
  • The factors companies should consider when determining how much of their resources to dedicate to preventing a cyberattack.

Check out Andy’s insightful presentation:

In the wake of a successful social media conference in San Francisco, Socially Aware co-editors John Delaney and Aaron Rubin are revved up and ready to chair (John) and present (Aaron and John) at another Practicing Law Institute (PLI) 2017 Social Media conference! This one will be held in New York City on Wednesday, February 15, and will be webcasted.

Attendees and webcast listeners will learn how to leverage social-media-marketing opportunities while minimizing their companies’ risks from entirely new panels of industry experts, lawyers and regulators.

Topics to be addressed will include:

  • Key developments shaping social media law
  • Emerging best practices for staying out of trouble
  • Risk mitigation strategies regarding user-generated content and online marketing
  • Legal considerations regarding use of personal devices and other workplace issues

Other special features of the conference include:

  • Regulators panel: guidance on enforcement priorities for social media and mobile apps
  • In-house panel: practical tips for handling real-world issues
  • Potential ethical issues relating to the use of social media by attorneys

The conference will end with a networking cocktail reception—a great way to meet others who share your interest in social media, mobile apps and other emerging technologies.

Don’t miss this opportunity to get up-to-date information on the fast-breaking developments in the critical area of social media and mobile apps so that you can most effectively meet the needs of your clients.

For more information or to register, please visit PLI’s website here.  We hope to see you there!

SociallyAware_Vol8Issue1_Thumb2The latest issue of our Socially Aware newsletter is now available here.

In this edition,we examine a spate of court decisions that appear to rein in the historically broad scope of the Communications Decency Act’s Section 230 safe harbor for website operators; we outline ten steps companies can take to be better prepared for a security breach incident; we describe the implications of the Second Circuit’s recent opinion in Microsoft v. United States regarding the U.S. government’s efforts to require Microsoft to produce email messages stored outside the country; we explore the EU’s draft regulation prohibiting geo-blocking; and we take a look at UK Consumer Protection regulators’ efforts to combat undisclosed endorsements on social media.

All this—plus an infographic highlighting the most popular social-media-post topics in 2016.

Read our newsletter.