New York is now one of the 43 states where “revenge porn,” the posting of explicit photographs or videos to the Internet without the subject’s consent, is punishable by law. See how far the states have come – find out how many had criminalized revenge porn as of 2014, when Socially Aware first covered the
However, the European Data Protection Board (EDPB), the successor to the Article 29 Working Party, has issued a non-binding opinion that the use of cookie walls should be prohibited under new EU ePrivacy rules. The EDPB argues that cookie walls run contrary to the General Data Protection Regulation (GDPR): “In order for consent to be freely given as required by the GDPR, access to services and functionalities must not be made conditional on the consent of a user to the processing of personal data or the processing of information related to or processed by the terminal equipment of end-users, meaning that cookie walls should be explicitly prohibited.”
The cost for violating the Children’s Online Privacy Protection Act (COPPA) has been steadily rising, and companies subject to the law should take heed. Last week, the Federal Trade Commission (FTC) announced a record-setting $5.7 million settlement with the mobile app company Musical.ly for a myriad of COPPA violations, exceeding even the December 2018 $4.95 million COPPA settlement by the New York Attorney General. Notably, two Commissioners issued a statement accompanying the settlement, arguing that the FTC should prioritize holding executives personally responsible for their roles in deliberate violations of the law in the future.
COPPA is intended to ensure parents are informed about, and can control, the online collection of personal information (PI) from their children under age thirteen. Musical.ly (now operating as “TikTok”) is a popular social media application that allows users to create and share lip-sync videos to popular songs. The FTC cited the Shanghai-based company for numerous violations of COPPA, including failure to obtain parental consent and failure to properly delete children’s PI upon a parent’s request.
The California Attorney General continued its series of public forums regarding the California Consumer Privacy Act (CCPA), with forums last week in Riverside (January 24, 2019) and
Los Angeles (January 25, 2019). As in the previous forums, there were a significant number of attendees, but few elected to speak publicly regarding their views on the Act. You can read our reports on the public forums held earlier this month in San Francisco and San Diego.
Lisa Kim, Deputy Attorney General for the AG’s Privacy Unit, provided opening remarks at both forums and identified the areas of the AG’s rulemaking on which speakers should focus their comments, specifically those areas of the Act that call for specific AG rules. Ms. Kim encouraged interested parties to provide written comments and proposed regulatory language during this pre-rulemaking phase. Consistent with the prior forums, she noted that the AG’s office would be listening, and not responding, to comments made in Riverside and Los Angeles.
Of note, the presentation slides made available at the forum (and available here) state that the AG anticipates publishing proposed rules in Fall 2019,and that after that there will be a period for public comment and additional public hearings.
In anticipation of preparing rules to implement the California Consumer Privacy Act, the California Attorney General recently announced six public forums that he will host in January and February 2019 across California. On January 8, 2019, the AG hosted the first of these forums in San Francisco. The following provides an overview of the forum and the comments made at the forum.
Overview of the January 8, 2019, San Francisco Forum
Stacey Schesser, the Supervising Deputy Attorney General for the AG’s Privacy Unit, provided opening remarks. Ms. Schesser confirmed that the AG’s office is at the very beginning of its rulemaking process. Although the AG’s office will solicit formal comments after it prepares proposed rules, the AG is interested in receiving detailed written comments from the public with proposed language during this informal period.
These forums appear to be designed to inform the AG’s rulemaking and potentially streamline the process, by allowing public input before rules are drafted. In this regard, Ms. Schesser clarified that she and other AG representatives in attendance at the San Francisco forum were there only to listen to the public comments and would not respond to questions or engage with speakers. As a result, if the remaining forums follow a similar approach, it is unlikely that the forums will elicit meaningful intelligence regarding the AG’s anticipated approach to, or the substance of, the anticipated rulemaking.
Just over a month after the EU General Data Protection Regulation (GDPR) took effect, California passed its own sweeping privacy legislation, the California Consumer Privacy Act of 2018.
The Act stands to affect countless global companies doing business in California, many of which recently devoted extensive time and resources to GDPR compliance. These companies must…
As close observers of the implications of privacy law on companies’ data collection, usage and disclosure practices, we at Socially Aware were among the many tech-law enthusiasts anticipating the U.S. Supreme Court’s recent decision in Carpenter v. United States, in which the Court held that the government must obtain a warrant to acquire customer location information maintained by cellular service providers, at least where that information covers a period of a week or more.
Authored by Chief Justice John Roberts, the 5-4 opinion immediately enshrines greater protections for certain forms of location data assembled by third parties. It also represents the Court’s growing discomfort with the so-called “third-party doctrine”—a line of cases holding that a person does not have a reasonable expectation of privacy in records that he or she voluntarily discloses to a third party. In the longer run, there will likely be further litigation over whether the same logic should extend Fourth Amendment protections to other types of sensitive information in the hands of third parties as courts grapple with applying these principles in the digital age.
Anytime a cell phone uses its network, it must connect to the network through a “cell site.” Whenever cell sites make a connection, they create and record Cell Site Location Information (CSLI). Cell phones may create hundreds of data points in a normal day, and providers collect and store CSLI to spot weak coverage areas and perform other business functions.…
With the effective date of the EU’s General Data Protection Regulation (GDPR) less than one month away, companies subject to the GDPR are racing to comply with the regulation’s data privacy laws. But, for those companies, May 25 doesn’t represent a finish line as much as it does a starting gate.
In the coming…
In a decision that has generated considerable controversy, a federal court in New York has held that the popular practice of embedding tweets into websites and blogs can result in copyright infringement. Plaintiff Justin Goldman had taken a photo of NFL quarterback Tom Brady, which Goldman posted to Snapchat. Snapchat users “screengrabbed” the image…
In February the U.S Supreme Court heard oral arguments in United States v. Microsoft. At issue is Microsoft’s challenge to a warrant issued by a U.S. court directing it to produce emails stored in Ireland. With implications for government investigations, privacy law, and multi-national tech companies’ ability to compete globally, the case has…