IPWatchdog.com is in the process of transitioning to a newer version of our website. Please be patient with us while we work out all the kinks.

Posts Tagged: "privacy"

UK Judge Backs Meghan Markle over Leaked Letter

The actor Meghan Markle gained fame playing a paralegal in the TV show Suits. Now, as Her Royal Highness, The Duchess of Sussex, she is starring in her own legal drama in London’s High Court. On February 11, Mr. Justice Warby granted summary judgment in favor of the Duchess on most of the issues in her privacy and copyright case brought against Associated Publishers, which publishes the tabloid Mail on Sunday newspaper and MailOnline website in the U.K. The Duchess brought the action over the publication in February 2019 of five articles that included 88 quotations from a letter she had sent to her father, in which she discussed their relationship. She claimed that the publication of the articles involved (1) a misuse of her private information, (2) a breach of the defendants’ duties under data protection law and (3) an infringement of her copyright in the letter.

The Varying Laws Governing Facial Recognition Technology

News coverage abounds about the latest breakthroughs in facial recognition technology. But, while this technology is an amazing technical achievement, it is not without potential drawbacks to privacy for those unwittingly subject to facial recognition in public. This includes the recent emergence of facial recognition technology paired with the large amounts of data available on the internet and social media through the scraping of images from numerous internet sources to provide an unusually powerful tool for uncovering the identity – including name, address and interests – of an individual through the use of just a single photograph. In response to these burgeoning technological advances in the field, cities and states have begun developing an array of legal approaches to regulate facial recognition technology, some scrambling to limit or prohibit its use, others enthusiastically embracing it. In this patchwork legal landscape, it can be challenging to know where and when the technology can be used – and for what purposes.

Adding a Cybersecurity Plan to the Business Plan: Cybersecurity and IP Considerations for Startups

Imagine the following scenario: You have an idea for a new mobile application. As adoption of the app picks up, so does your business, and you hire more employees to provide sales and support assistance. You are on your way to transforming your startup into a successful business. Needing additional capital to scale the business more quickly, you identify a strategic partner interested in investing in your business. Before you can close on the funding, several employees report that they did not receive their paychecks through the direct deposit system. The investigation reveals that several months ago, your organization received a series of spear phishing emails. You learn that multiple employees opened the email and its attachment giving the cybercriminals access to your systems. Not only are you out the payroll money, but you also learn that in addition to your employees’ banking information, the criminals had access to your customer contact information and the source code for your app. A cyberattack is an unwelcome event for any company, but the effects can be especially detrimental to a startup, with 60% or more of small businesses that experience a data breach going out of business within a year of the breach. It is impossible for any size business to guarantee a system that is fully secure. However, not all companies have millions of dollars to invest in cybersecurity and by allocating even limited funds to assessing your data privacy risks, implementing a protection plan and creating an incident response plan, a startup can significantly improve its chances of surviving a cyberattack.

This Week on Capitol Hill: Senate Examines Effect of IP on Drug Prices Again, House IP Subcommittee Talks USPTO Oversight

This week on Capitol Hill, the heated drug pricing debate is back in the spotlight, with a Senate Judiciary Committee hearing on intellectual property and the price of prescription drugs on Tuesday. In the House of Representatives, oversight hearings will examine both the activities of the U.S. Patent and Trademark Office and data security efforts made by the Federal Trade Commission. Off the Hill, The Cato Institute looks at U.S. cyber defense capabilities, and the week closes with a Brookings Institution event on China’s actions towards global tech dominance.

Other Barks & Bites for Friday, February 8

This week in Other Barks & Bites: the Federal Circuit affirms a Section 101 invalidation of patent claims in favor of Mayo Collaborative Services; Apple wins an order to limit damages in Qualcomm patent case; Google frets over proposed European Union copyright rules; India proposes jail time for film piracy; patent validity challenges drag down the stock of a major pharmaceutical firm; and a snag in the U.S.-China trade talks throws Wall Street for a loop.

California Ahead of Federal Government in Cybersecurity for the Internet of Things

The bill would create a new title within California Civil Code named Security of Connected Devices. The first part of this title would require a manufacturer of a connected device, defined as any object capable of connecting to the Internet and assigned either an Internet protocol address or a Bluetooth address, to equip the device with reasonable security features appropriate to the nature and function of the device, appropriate to the information it may collect or transmit and designed to protect both the device and the information it contains from unauthorized access.

A Look At Facebook Patents Covering ‘Big Brother’ Data Collection Technologies

Facebook users continue to be shocked at the amount and kind of data being collected by the social media platform, including recent reports about call and SMS text messaging data which Facebook has been collecting from Android mobile users. Along with the political heat Zuckerberg continues to take, Facebook itself could be on the hook for a record fine from the Federal Trade Commission if it’s found that the company’s data practices violate terms of a 2011 consent decree between Facebook and the FTC. With all of this focus on Facebook’s data collection practices, we decided to take a look at some of the social media technologies patented by Facebook at the U.S. Patent and Trademark Office, which may give readers a better idea of just how this American social media giant leverages user data.

The GDPR In Full Effect: What Will Happen to WHOIS?

It has been a long time coming, but the General Data Protection Regulation (GDPR) is almost here. This new privacy regulation requires substantial changes to the collection and storage of data and will affect multiple disciplines, including the brand protection industry. One of the ‘victims’ of the new law is the WHOIS database. How will these changes affect its records?

When Kids’ Toys Are Listening, the FTC is Watching

Chinese toymaker VTech recently settled charges with the FTC in the first-ever case involving internet-connected toys. VTech became a victim of cyber attackers back in 2015, when hackers got access to the company’s online database and compromised accounts of over 11 million, which included data for about 6.37 million children… Today, the key to compliance when dealing with IoT is to “know thyself,” Bahar explained. In other words, take the time to understand what truly is in these smart components, not only from a technical perspective but a legal one. In addition, make sure to make good on your promises. If you tell consumers that you are protecting their data or their privacy in certain ways, make sure you are making good on that commitment.

FCC Chairman Pai’s block of broadband privacy rules is latest step in rolling back 2015’s Open Internet Order

FCC Chairman Ajit Pai has moved to block broadband privacy rules drafted by the previous administration and set to go into effect in early March… FCC commissioners voted 3-2 last October to adopt broadband privacy rules which limit the amount of data which can be collected by ISPs from their consumers. The rules created an opt-in/opt-out model in which broadband customers must intentionally opt-in to any data collection programs developed by ISPs to collect data considered by the FCC to be sensitive, including geo-location, family size, browsing history or app usage history. Pai was one of two dissenting votes in last October’s decision on the broadband privacy rules, and his dissent reflected his views on harmonizing the FCC’s privacy regime with the FTC.

Federal Gag Orders Likely to Change

There is often a tension between the needs of law enforcement and the companies that collect and store the electronic data of individuals. Law enforcement may seek this data from the companies through subpoenas, search warrants, and other court orders as part of its investigation and request that the companies did not disclose their interaction with authorities to maintain the confidentiality of the investigation. In contrast, companies may wish, or be obligated under the terms of their agreements or privacy policies, to disclose to their customers that they have produced the customers’ electronic data to law enforcement pursuant to legal process. To prevent the companies from doing so, federal law enforcement typically obtains a non-disclosure order pursuant to 18 U.S.C. § 2705(b) from a federal magistrate court. These orders have generally not had a definite expiration date. However, companies have recently begun to challenge the limits and scope of such orders. The recent case of Microsoft Corp. v. United States Dep’t of Justice, No. C16-0538 JLR, represents the most serious challenge to date.

European Commission publishes proposed text for new e-Privacy regulation

This new e-Privacy Regulation, if adopted, will replace the current e-Privacy Directive and will establish, together with the General Data Protection Regulation, GDPR, a new privacy legal framework for electronic communications. The proposal aims to be lex specialis to the GDPR. Probably to ensure consistency with the new privacy legal framework for electronic communications, the entry into force provision of the leaked text has been amended to state expressly that the e-Privacy Regulation will come into force on the same date as the GDPR (25 May 2018). With many legislative hurdles still remaining before it is approved, this represents an ambitious timeline for EU legislators.

Staying Ahead of Privacy and Security Risks in the Internet of Things

In creating a privacy and security plan, IOT companies should be mindful of regulatory enforcement for failure to fully comply with their own advertised practices. For example, companies should honor representations made to consumers regarding privacy and security practices, or risk regulatory scrutiny. If not, the FTC may bring an enforcement action, which it did against IOT company, TRENDnet, Inc. According to the FTC, TRENDnet failed to implement reasonable security practices, monitor security vulnerability reports from third parties, test and review potential security vulnerabilities, and implement reasonable guidance for its employees, and thus was in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a). The case settled, and the terms of the settlement prohibited TRENDnet from misrepresenting its privacy and security practices and required it to establish a comprehensive security risk program.

FCC approves broadband privacy rules, gives ISP customers the ability to opt-out of data sharing

The FCC’s broadband privacy rules require ISPs to present their customers with a choice to opt in or opt out of providing consent to use certain categories of information which are deemed to be sensitive. Such sensitive information includes any data pertaining the the customer’s geo-location, health, finances, children, Social Security number, browsing history, app usage history or the content of electronic communications. Information related to a customer’s e-mail address or tier level of broadband service, however, is considered non-sensitive.

Privacy and Security in the Age of the Driverless Car

The privacy implications of the driverless car are significant. The data that such a vehicle could collect and the potential uses of that data could be extraordinarily intrusive. Driverless cars could provide both historic and real-time, continuous geolocation data. Companies could utilize this data to determine not only your current location and destination but also every place that you have been. This data could lead to commercially valuable, but extremely sensitive and intimate information about individuals being discovered. Advertisers may be able to discern the purchasing patterns of individuals by tracking what stores they frequent. Insurers may be able to determine what the lifestyle of individuals is like by following their daily activities (e.g., constant trips to the gym) and dining habits (e.g., persistent trips to fast food restaurants).