Posts Tagged: "data privacy"

Facebook users continue to be shocked at the amount and kind of data being collected by the social media platform, including recent reports about call and SMS text messaging data which Facebook has been collecting from Android mobile users. Along with the political heat Zuckerberg continues to take, Facebook itself could be on the hook for a record fine from the Federal Trade Commission if it’s found that the company’s data practices violate terms of a 2011 consent decree between Facebook and the FTC. With all of this focus on Facebook’s data collection practices, we decided to take a look at some of the social media technologies patented by Facebook at the U.S. Patent and Trademark Office, which may give readers a better idea of just how this American social media giant leverages user data.

Dystopian novels and science fiction often return to the subject of the loss of personal privacy which is often encouraged by the use of technology enabling constant, omnipresent surveillance. Perhaps the most famous example of this in the science fiction canon of the 20th century is George Orwell’s Nineteen Eighty-Four. First published in 1949, Orwell’s novel conceives of a world where government surveillance is so complete that the vast majority of citizens don’t mind being watched by two-way telescreens in their own apartments. Even the novel’s rebellious protagonist Winston Smith comes around at the end to fall prey to the same cult of personality that allows the government overseer — Big Brother — to remain in power… With concerns over the use of personal data fresh in the mainstream news, we’ll run a series of articles that will take a closer look at U.S. tech giants both in terms of the types of data they track and the purposes for which that data is used.

To get the case off the ground, the court will decide whether Equifax can be sued in the first place – it’s tricky, because different federal circuits disagree about when this can happen. So, courts in Delaware, Illinois and Washington DC (for example) would allow the plaintiffs to proceed merely because their data is at risk after a hack. This is pretty easy to show. On the other hand though, New York, Conneticut and North Carolina would need to see not just a leak, but that the leaked data has actually been misused afterwards. Equifax HQ is in Atlanta, the 11th circuit. Although those courts have a history of recognising that difficulty (and so supporting data victim lawsuits), it hasn’t yet come down firmly on the question of risk vs misuse.

There is often a tension between the needs of law enforcement and the companies that collect and store the electronic data of individuals. Law enforcement may seek this data from the companies through subpoenas, search warrants, and other court orders as part of its investigation and request that the companies did not disclose their interaction with authorities to maintain the confidentiality of the investigation. In contrast, companies may wish, or be obligated under the terms of their agreements or privacy policies, to disclose to their customers that they have produced the customers’ electronic data to law enforcement pursuant to legal process. To prevent the companies from doing so, federal law enforcement typically obtains a non-disclosure order pursuant to 18 U.S.C. § 2705(b) from a federal magistrate court. These orders have generally not had a definite expiration date. However, companies have recently begun to challenge the limits and scope of such orders. The recent case of Microsoft Corp. v. United States Dep’t of Justice, No. C16-0538 JLR, represents the most serious challenge to date.

This new e-Privacy Regulation, if adopted, will replace the current e-Privacy Directive and will establish, together with the General Data Protection Regulation, GDPR, a new privacy legal framework for electronic communications. The proposal aims to be lex specialis to the GDPR. Probably to ensure consistency with the new privacy legal framework for electronic communications, the entry into force provision of the leaked text has been amended to state expressly that the e-Privacy Regulation will come into force on the same date as the GDPR (25 May 2018). With many legislative hurdles still remaining before it is approved, this represents an ambitious timeline for EU legislators.

Recently, Windows 10 data tracking has gotten Microsoft into legal troubles with a data regulatory agency that has been engaged with data privacy activism in the past. France’s Commission Nationale de l’Informatique et des Libertés (CNIL) issued a formal notice to Microsoft informing the company that it has three months to take measures that will make Windows 10 compliant with the French Data Protection Act. CNIL noted multiple ways in which Windows 10 fails to satisfy French data protection law including excessive data collection from apps and the Windows Store, lack of security measures for personal identification numbers (PINs), a lack of user consent for targeted advertising and no option to block cookies. (At this point, it should be pointed out that CNIL’s official website uses cookies, as the screenshot posted here will show readers.)

On the morning of Tuesday, July 12th, members of the U.S. Senate Committee on Commerce, Science, & Transportation convened for a hearing on a notice of proposed rulemaking recently issued by the Federal Communications Commission (FCC). The hearing, titled How Will the FCC’s Proposed Privacy Regulations Affect Consumers and Competition, did much to talk about the potential effects of the FCC’s increased oversight of broadband Internet service providers even as partisan viewpoints among committee members were exposed.

Alston & Bird recently announced that former federal prosecutor Michael Zweiback has rejoined the firm as partner in its Privacy & Data Security Practice and Government & Internal Investigations Group, bringing not only extensive experience in cybersecurity, but also an exceptional background in white collar criminal defense and government enforcement litigation. Based in the firm’s Los Angeles office, he arrives from Arent Fox LLP, where he was a partner and co-leader of its Cybersecurity and Data Protection Group.

Federal Communications Commission chairman Tom Wheeler has unveiled a proposed consumer data privacy rules for Internet service providers (ISPs), which would charge those telecom companies to provide more transparency on data privacy techniques to consumers. The proposal released by the FCC indicates that the agency is trying to apply the privacy requirements of the Communications Act to broadband Internet services to give consumers the choice over how broadband providers can use the data that consumer use of the service generates.