Posts Tagged: "data privacy"

Privacy Policies and the Value of Data in Bankruptcy Sales

The last few years have seen unprecedented changes in the legal landscape concerning data protection and privacy. The European Union General Data Protection Regulation (GDPR) became enforceable in May 2018. In July 2018, the California Consumer Privacy Act (CCPA) was enacted, and it became effective January 1, 2020. In response to the GDPR and the CCPA, many businesses are updating their privacy policies to comply with these laws. While crafting these updates, drafters should be cognizant of the effect such policies could have not only in the short term, but also down the road. For example, in the bankruptcy context, the content of a company’s privacy policy is important. If a privacy policy does not inform customers that their data may be sold in a bankruptcy proceeding, courts are likely to impose restrictions on the sale of that data. These restrictions can significantly decrease the value of such assets. Because of this reality, drafters should keep a few considerations in mind as they update privacy policies to comply with new laws and maximize the value of data assets.

Does ‘Scraping’ Data Violate the Computer Fraud and Abuse Act?

We live in a world where data has become an increasingly valuable asset and huge companies are built on the collection and analysis of publicly available data. Yet, there is no federal statute that directly protects this type of information or even directly addresses how this information should be treated. Instead, businesses are often forced to rely on the Computer Fraud and Abuse Act (CFAA) in order to protect this valuable asset or commodity, which originally only provided criminal sanctions and was enacted to address computer hacking. Most recently, the Ninth Circuit in hiQ Labs, Inc. v. Linkedin Corp., 938 F.3d 985 (9th Cir. 2019), addressed under what circumstances a company may legally “scrape” data from another company’s website. There, the court determined on hiQ’s motion for preliminary injunction that “scraping” publicly available information from LinkedIn likely is not a violation of the CFAA because the LinkedIn computers are publicly accessible and hiQ thus did not access the computers “without authorization” as required by the CFAA. Under these circumstances, the court determined that it did not matter that LinkedIn had sent a cease and desist letter to hiQ prohibiting such access. This is a potentially very important decision for companies on both sides of this issue and for the general public, at least in the Ninth Circuit.

This Week in Washington IP: Fraudulent Trademarks, Facial Recognition Technology and Implementing MOBILE NOW for 5G Wireless Spectrum

This week in Washington, D.C., the Senate Subcommittee on Intellectual Property holds a hearing to look at ways to reduce the number of fraudulent trademark application filings that have been making their way to the U.S. Patent and Trademark Office. Other Senate committee hearings will focus on legislative proposals to protect consumer data privacy and promote the availability of wireless spectrum for 5G networks. Over in the House of Representatives, the Artificial Intelligence Task Force will convene a hearing to look into concerns related to the use of artificial intelligence technologies in the financial services industry. Elsewhere in D.C., both The Brookings Institution and the Information Technology and Innovation Foundation will host events discussing the use of facial recognition technology in the public and private sectors. 

Adding a Cybersecurity Plan to the Business Plan: Cybersecurity and IP Considerations for Startups

Imagine the following scenario: You have an idea for a new mobile application. As adoption of the app picks up, so does your business, and you hire more employees to provide sales and support assistance. You are on your way to transforming your startup into a successful business. Needing additional capital to scale the business more quickly, you identify a strategic partner interested in investing in your business. Before you can close on the funding, several employees report that they did not receive their paychecks through the direct deposit system. The investigation reveals that several months ago, your organization received a series of spear phishing emails. You learn that multiple employees opened the email and its attachment giving the cybercriminals access to your systems. Not only are you out the payroll money, but you also learn that in addition to your employees’ banking information, the criminals had access to your customer contact information and the source code for your app. A cyberattack is an unwelcome event for any company, but the effects can be especially detrimental to a startup, with 60% or more of small businesses that experience a data breach going out of business within a year of the breach. It is impossible for any size business to guarantee a system that is fully secure. However, not all companies have millions of dollars to invest in cybersecurity and by allocating even limited funds to assessing your data privacy risks, implementing a protection plan and creating an incident response plan, a startup can significantly improve its chances of surviving a cyberattack.

Delrahim, Simons Caution House Subcommittee Against Drawing Bright Lines on Antitrust Enforcement of Big Tech

The House Subcommittee on Antitrust, Commercial, and Administrative Law yesterday heard from Joseph Simons, Chairman of the Federal Trade Commission, and Makan Delrahim, Assistant Attorney General in the Department of Justice’s Antitrust Division as part of the Subcommittee’s fourth hearing in its “Online Platforms and Market Power” series. The latest hearing focused on the perspectives of the antitrust authorities, while previous hearings have examined the effects of the big tech companies on innovation and entrepreneurship; online platforms’ effect on a free and diverse press; and the role of data and privacy in competition. While both Delrahim and Simons said they are aggressively investigating and monitoring dominant platforms like Facebook and Google, they warned against overreach. Subcommittee Chair David Cicilline (D-RI) expressed his concern that, over the past decade, the largest tech firms have acquired more than 436 companies, “many of which were actual or potential competitors,” without intervention from antitrust enforcement authorities. The last major monopolization case was brought in 2001 against Microsoft, Cicilline noted. “This has created a de facto antitrust exemption for online platforms.,” he said, questioning whether the failure lies in the need for congressional action to amend and strengthen existing laws, a lack of agency resources to effectively combat the problem, or simply a lack of will to enforce the laws on the books.