Blog Post

Landmark Data Privacy Legislation Serves as a Benchmark in a Rapidly Shifting Legal Landscape

By: Kevin Bampoe

Almost everyone has experienced the phenomenon of being bombarded with advertisements on social media for something they were thinking about only moments before. Search queries in search engines such as Google, Bing, or Yahoo are used to generate content and advertisements on unaffiliated sites and platforms including Facebook, Instagram, Amazon, YouTube and eBay almost instantaneously. This seemingly mysterious ability for advertisers to know exactly what a consumer wants, and when they want it, relies on the Wild Wild West-like data privacy regulation landscape in the U.S. and a lack of policy and legislation aimed at safeguarding consumers’ interests. Tech companies gather, store, and even sell human behaviors and preferences, a business model which has generated billions of dollars in ad revenue. California believes enough is enough and that consumers have a right to own and control their data as well as hold companies responsible for protecting their data and liable for failing to do so.

Last year the General Data Protection Regulation (GDPR) went into effect August 2018 and with it a large number of data privacy-related requirements and high fines for failure to comply. Currently in the United States there is a mess of laws enacted on both federal and state levels targeting a certain industry, activity, or type of data but no comprehensive privacy regulation policy. With the enactment of the GDPR came a shift in data privacy regulation and the first major piece of legislation in the United States, the California Consumer Privacy Act of 2018 (CCPA). The GDPR has been highly regarded since its approval and serves as a wake up call to the industry. Its impact has already reached far beyond the EU indicating a shift in priorities and willingness to legislate to protect individual rights.

In June 2018 California Governor Gavin Newson approved the CCPA which the American Bar Association considers “the absolute toughest data privacy law in the United States.” The basic mechanism of this legislation is a consumers’ ability to make requests to any business making more than $25 million in revenue, that buys or sells personal information of 50,000 consumers or more, or derives 50% or more of its revenue from the sale of consumer personal information and under the Act. This would apply to companies both within and outside the state of California. These requests embody four basic rights of the legislation: the right to know which entails requesting and the disclosure of how their data is being used, who it is being sold to, the right to opt-out of allowing businesses to sell their personal information, the right to receive equal service and pricing from businesses as to prevent companies from utilizing consumer data for targeted pricing, and the right to ask that their data be deleted.

An example highlighting the need for legislation such as this is how Facebook users do not control the data which Facebook collects and then sells. Even after deleting your Facebook account Facebook retains the data collected, continuing to utilize and sell it for their own interests. This legislation will finally give users the ability to compel Facebook to disclose how their information has been used and with whom it has been shared, opt-out of having their data sold, to delete all of their information which has been collected and to bring litigation should Facebook fail to comply.

With the CCPA going into effect on January 1, 2020 experts are waiting to see how this will affect consumer data collection practices by companies and whether consumers will actually utilize this legislation. Not everyone is patiently waiting as there are 17 other states that have recently introduced their own legislation aimed at protecting consumer data privacy and using the CCPA as a framework.

In June, the Maine Act to Protect the Privacy of Online Customer Information was approved, which when effective will prohibit broadband internet access service from using, disclosing, selling or permitting access to personal customer information without the customers express consent. The New York Privacy Act requires companies to disclose their methods of de-identifying personal information, to place safeguards around data sharing, and to allow consumers to obtain the names of all entities with whom their information has been shared. Nevada, Pennsylvania, Massachusetts, Hawaii, and Maryland have also introduced comprehensive legislation and Texas is updating their current policy as well. While not identical to each other they share common principles, supporting the belief that this jurisdictional-based trend will continue to expand, leading to calls for a comprehensive national or even global approach to privacy.

This new wave of legislation isn’t the only sign of change on the horizon.  On September 4, 2019 Google settled complaints against them by the Federal Trade Commission and the New York Attorney General for failing to obtain parental consent in collecting data on kids under 13. Google agreed to pay $170 million in fines and to limit ads on kids’ videos, making it one of the most significant enforcement actions against a big technology company in the U.S. This represents policy makers’ focus on privacy and antitrust of big internet platforms that have enjoyed few regulatory constraints up until now.

Google isn’t the only recent target of the FTC for Children’s Online Privacy Protection Act (COPPA) violations with other companies including Facebook are under scrutiny for failing to acquire parental consent when dealing with minors. A popular app, TikTok, was fined $5.7 million earlier this year for similar claims of failure to obtain parental consent  prior to collecting names, email addresses, and similar information from children under 13. This is not the first time complaints such as this have been settled with the FTC. Back in 2014 Google settled with the FTC for its failure to obtain parental consent for charges by children playing mobile games. Apple agreed to settle and changed its billing practice after similar complaints. Yelp also paid for allegations that they failed to test their age-registration feature on its app by collecting information from children as young as 9 without parental consent.

These changes are all waves resulting from the big splash the GDPR made when enacted last year in the EU. This, along with the political reaction to the fact that personal data has been used to persuade voters without their knowledge or consent, and the growing discontent with big data companies storing and selling significant amounts of personal data has led to a demand for consumer privacy protections and the ability to hold big data companies accountable. The GDPR gave California and other states a framework to draft their comprehensive legislation but all narrower in scope. The GDPR is based upon the principles of notice, consent, and establishing a legal basis for personal data collection. The overall EU approach to data privacy recognizes each individual has rights to their personal data and obligates those who collect, store and process this data to provide and protect said rights.

The GDPR gives one a right to access personal data held about them, a right to have inaccurate personal data rectified, a right to require one to erase personal data held, a right to restrict processing of personal data, a right to receive personal data and have it transferred to a third party, a right to object to the processing of one’s personal data, and a right to withdraw consent. The CCPA on the other hand does not require companies to transfer consumer’s personal data to another entity nor the right to obligate companies to correct inaccurate or incomplete information but it does give consumers a private right of action with statutory damages between $100-$750 per person, per incident when data has been breached.

After Google was fined $57 million for failing to properly disclose to users how data is collected across its services, including its search engine, Google Maps, and YouTube, to offer personalized advertisements the whole world took notice. Now with this recent  settlement for COPPA violations and the CCPA going into effect January 1, 2020 it is clear that the days of the Wild Wild West are rapidly coming to a close but what the future of data privacy regulation looks like is uncertain. This is only the beginning and while big data companies rush to ensure compliance they, and their lobbyists, won’t go down without a fight.

Citations

Kartikay Mehrotra, Laura Mahoney, Daniel Stoller, Google, Industry Try to Water Down First U.S. Data-Privacy Law, Bloomberg News(Sep. 4, 2019), https://www.bloomberglaw.com/document/XFM55GKC000000?bna_news_filter=tech-and-telecom-law&jcsearch=BNA%25200000016cfbb4dc83a5fffbfc213e0000#jcite

Tightening Government Privacy Laws Presents Challenges to Online Marketers, Yahoo News(Sep. 3, 2019), https://finance.yahoo.com/news/tightening-government-privacy-laws-presents-193000628.html

Shalina Chatlani, What California’s New Data Privacy Law Means For You, KPBS News(Sep. 5, 2019), https://www.kpbs.org/news/2019/sep/05/californias-new-data-privacy-law-what-it-means-you/

Dom Nicastro, Examining Where 8 US States Stand on Consumer Data Privacy Laws, CMSWire(Aug. 30, 2019), https://www.cmswire.com/customer-experience/examining-where-eight-us-states-stand-on-consumer-data-privacy-laws/

Wes Rapaport, Updates to Texas Digital Privacy Laws Take Effect, KXAN (Sep. 5, 2019), https://www.kxan.com/news/texas-politics/updates-to-texas-digital-privacy-laws-take-effect/

Ben Brody, Mark Bergen, Google to Pay $170 Million for YouTube Child Privacy Breaches, Bloomberg News(Sep. 04, 2019), https://www.bloomberglaw.com/document/X1S3OIA4000000?bna_news_filter=tech-and-telecom-law&jcsearch=BNA%25200000016cfc69dc83a5fffcf946130000#jcite

Robert Bowman, David Stauss, A Look At US Data Privacy Laws 1 Year After GDPR, Law360(Jun. 21, 2019), https://www.law360.com/articles/1170562/a-look-at-us-data-privacy-laws-1-year-after-gdpr

Adam Satariano, Google Is Fined $57 Million Under Europe’s Data Privacy Law, The NY Times(Jan. 21, 2019), https://www.nytimes.com/2019/01/21/technology/google-europe-gdpr-fine.html

Dr. Rao Papolu, In The Wake Of GDPR, It Can’t Be Business As Usual With Consumer Data Privacy, Forbes (Sep. 18, 2018), https://www.forbes.com/sites/forbestechcouncil/2018/09/18/in-the-wake-of-gdpr-it-cant-be-business-as-usual-with-consumer-data-privacy/#20a6d7fd61fb

By: Dejaih Johnson

With February being Black History Month, I find this is a great opportunity to look at a brief history of the U.S. patent system and some of the African American inventors, innovators, and scientists who have helped shape American innovation.

The history of patents in America is older than the U.S. Constitution. Prior to the Constitutional Convention, colonies would grant patents in solidarity. After 1787, the patent process was opened up to the people by what is now the Patent Copyright Clause of the Constitution. Though on its face race-neutral, the patent system did not apply for Black Americans born slaves since laws prohibited slaves from applying for or holding property. As a form of intellectual property, this included patents. In 1857, the U.S. commissioner for patents officially ruled that inventions by slaves could not be patented and were without protection.

Without a patent system, you cannot have innovation. Patents allow inventors to exercise a monopoly over their invention. Patents also allow inventors to make money from their patent by selling it or licensing it out for use by another party. Thus, the inability for slave inventors to be granted a patent for their inventions was detrimental during times where the American economy was experiencing rapid growth.

Although the laws prevented slaves from owning patents, that did not stop them from inventing. Often times, slave owners took credit for their slaves’ inventions through laws that said the “[slave master] is the owner of the fruits of the labor of the slave both manual and intellectual.” But Black inventors continued to provide major contributions. On March 3, 1821, Thomas Jennings became the first African-American inventor to be granted a patent for a process we now call “dry cleaning”. Definitively able to receive the fruits of his labor, Jennings spent the remainder of his years as a civil rights activist and much of his earnings promoting abolitionist causes. A short time after, Elijah McCoy, a free man from Canada, invented an automatic lubricator for oiling the steam engines of locomotives and ships. Over his lifetime, McCoy obtained 57 patents, and this legacy has extended through the 21^st Century. Former Air Force and NASA engineer, Lonnie Johnson, currently holds over 100 patents with over 20 more pending. Johnson is most famously known for his invention of the Super Soaker water gun and has generated more than $1 billion in U.S. sales. But success does not stop short of women. In 2006, Janey Emerson Bashen became the first Black woman to receive a patent for a software invention, and Dr. Hadiyah Green recently won a $1 million grant related to an invention that may help treat cancer.

African Americans have played a vital role in shaping innovation in this country. The effects of which can be felt every single day in the U.S. and around the world. True to the legacy of American innovation, today’s Black inventors continue to follow in the footsteps of those who came before them, in honor of their struggle and misused and underappreciated labor.

Citations:

American’s always had black inventors – even when the patent system explicitly excluded them, The Conversation, (Feb. 19, 2017), https://theconversation.com/americas-always-had-black-inventors-even-when-the-patent-system-explicitly-excluded-them-72619.

Biography, Lonnie Johnson, https://www.lonniejohnson.com/biography/ (last visited Feb. 8, 2019).

Diversity in Innovation: African-Americans’ Impact is Forever Reaching, InvetorsDigest, (Mar. 21, 2018), https://www.inventorsdigest.com/articles/diversity-innovation-african-americans-impact-forever-reaching/.

Dr. Hadiyah Green Wants to Use Lasers to Kill Cancer Cells, NBC News, (Mar. 17, 2017), https://www.nbcnews.com/news/nbcblk/dr-hadiyah-green-plans-defeat-cancer-lasers-n741206.

Elijah McCoy, Wikipedia, (Feb. 8, 2019), https://en.wikipedia.org/wiki/Elijah_McCoy.

11 African American Inventors Who Changed the World, Mental Floss, (Feb. 6, 2018), http://mentalfloss.com/article/86923/11-african-american-inventors-who-changed-world.

By: Joseph Mallek

The next generation of wireless, internet technology is now being rolled out around the world. The next generation, known as 5G, will bring greater speed, a more responsive, and greater connectivity. Not only will this be available on smartphones capable of connecting to the new network but the 5G network will also change the way we connect to the internet in our homes. Experts have described the 5G network as a revolutionary step for internet technology.

With the new generation of the internet set to roll out across the United States and the world, hardware manufacturers are all competing to provide countries with the new 5G infrastructure. One of these manufacturers is China’s largest telecommunication’s producer, Huawei. Huawei has long been suspected by U.S. intelligence officials to have an extremely close relationship with the Chinese Government. Use of Huawei phones for Government employees and Government contractors has been banned by the Trump administration, out of fear of spying and the use of backdoors in phones. The same fear exists if Huawei is allowed to sell its hardware to 5G providers.

The Trump administration is putting pressure on not only domestic internet providers to not use hardware from Huawei or anything Chinese manufacturer. Described as a new arms race, whoever controls this new technology will have a significant economic, intelligence, and military advantage this century. To protect the security of the United States and its allies, the administration is moving quickly to prevent the sale of Huawei hardware.

Citations:

David E. Sanger, Julian E. Barnes, Raymond Zhong & Marc Santora, In 5G Race With China, U.S. Pushes Allies to Fight Huawei, The New York Times (Jan. 26, 2019), https://www.nytimes.com/2019/01/26/us/politics/huawei-china-us-5g-technology.html.

Sascha Segan, What Is 5G?, PCMag (Jan. 28, 2019), https://www.pcmag.com/article/345387/what-is-5g.

Michael Ken, Report: Trump to Ban Huawei Tech in US Wireless Networks, PCMag (Feb. 8, 2019), https://www.pcmag.com/news/366440/report-trump-to-ban-huawei-tech-in-us-wireless-networks.

By: Jacqueline Collins

As the growing problem of child sex trafficking has gained more attention from law enforcement and researchers, scientists have begun using artificial intelligence in order to find children and young women who are victims of this illegal practice. United States researchers from Temple University, George Washington University and Adobe launched an application in 2016 that collected photographs of hotels that could be matched with photographs used in online advertisements created by sex traffickers. These photographs collected through the application are contained in a database, called Hotels-50K.

While the original application and database made up of the collected photographs is for law enforcement use and view only, such as the National Center for Missing and Exploited Children, an additional application became open to the public and allows people from all over the world to download it and upload photographs of hotel rooms that they see in online sex trafficking advertisements. So far, over 50,000 hotels are contained within the database that has been collected from the use of this application, called TraffickCam. Out of the 50,000 hotels that are included in the database, 13,900 of them have corresponding photographs that came from people submitting them through the application. The artificial intelligence system uses algorithms in order to match up photographs found on websites like Expedia, with photographs that have been submitted by people trying to help fight sex trafficking.

While this is a significant step towards saving victims of sex trafficking, law enforcement agencies have admitted that it is uncertain if the database has directly saved anyone from the practice. With more people learning about the existence of the application, however, more people may become involved, increasing the number of hotels depicted on the database. One thing that was made clear by researchers and law enforcement is that they do not intend to use the information on this database in order to identify victims in the images. In fact, when they receive an image including a victim, the first thing that they do is delete the victim from the photograph, in order to protect the victim and reduce the likelihood that her picture will be sent back and forth online. Overall, although the direct results are unclear as to whether this database has saved any victims, researchers and law enforcement insist that there is a good-hearted motive behind it, and the goal is to save people who have fallen victim to sex trafficking.

Citations:

Dan Robitzski, Scientists are using AI to Find Hotel Rooms Being used for Child Sex Trafficking, Futurism (Feb. 11, 2019), https://futurism.com/ai-identify-child-trafficking-hotel-rooms.

Donna Lu, AI has helped rescue children trafficked for sexual exploitation, NewScientist (Feb. 12, 2019), https://www.newscientist.com/article/2193727-ai-has-helped-rescue-children-trafficked-for-sexual-exploitation/.

Jason Fields, Scientists use AI to help children sold for sex in hotels, Reuters (Feb. 11, 2019), https://www.reuters.com/article/us-usa-trafficking-ai/scientists-use-ai-to-help-children-sold-for-sex-in-hotels-idUSKCN1Q018K.

Katyanna Quach, How AI can help halt human sex trafficking – by identifying victim’s hotel rooms from pics, The Register (Feb. 5, 2019), https://www.theregister.co.uk/2019/02/05/ai_human_trafficking/.

By: Cayley Young

Earlier this week, European Union officials released the latest attempt to battle fake news, a uniform “code of practice”. The code outlines specific protocols related to online advertisements consisting of politics or containing political messaging. Protocols address best practices to address campaigns dedicated to misinformation and call for investment in products capable of targeting fake news bots used to cause political turmoil. While adoption of code practices is completely voluntary, the EU is optimistic that key industry players like Google, Facebook, and Twitter will lead the way with full compliance.

Despite good intentions, some are concerned the proposed code will be ineffective and could lead towards unwarranted infringement on personal liberties as media laws in other countries have. For example, Egypt’s rather new media law which prohibits the spread of false news by anyone with a 5,000 follower count on single social media platform has become an issue for many citizens. Recently, the Egyptian government has shifted its focus to stricter enforcement of the law recently in response to the massive impact of fake news on the U.S. presidential election. Although initially proposed to prevent the spread of calculated falsehoods, Egyptian citizens are concerned it is now being used as a channel for government oppression. The Committee to Protect Journalists has documented the case of several female journalists and tourists deemed in violation of the law after posting videos describing personal experiences of sexual assault while visiting Egypt. The prescribed sentence for a fake news violation is 8 years in prison.

Despite anxieties of the new code creating a slippery slope for freedom of speech, it is unlikely the EU will follow in the footsteps of Egypt. There are several key differences between the Egyptian media law and the uniform code of practice as established by the EU. For one, adherence to the policy completely voluntary, while it’s highly suggested for companies to join, there is no penalty for abstaining. Level of involvement will likely be determined by the behavior of industry leaders, not the threat of harsher government involvement. Additionally, the code is specific to politically motivated posts from bot sources rather than genuine personal accounts. It also focuses primarily on advertisements and is solely targeted towards companies that provide access to news sources online like search engines and social media platforms, not the general public.¹ That being said, the new code is less of an attack on free speech, and more of a first stitch effort to unify a fragmented industry against a unique threat.

Citations:

1. Bryan Koenig, EU Unveils Self-Regulatory Code to Combat Fake News, Law360 (Sept. 26, 2018), https://www.law360.com/cybersecurity-privacy/articles/1086620/eu-unveils-self-regulatory-code-to-combat-fake-news.

2. Ruth Michaelson, Fake News Becomes Tool of Oppression After Egypt Passes New Law, The Guardian (July 27, 2018), https://www.theguardian.com/global-development/2018/jul/27/fake-news-becomes-tool-of-repression-after-egypt-passes-new-law.

By: Emily Aziz

On August 19, 2018, a class action suit was brought against Apple Inc. (“Apple”) in New York federal court. Plaintiff Himelda Mendez, and other visually impaired and legally blind persons who require reading software to read website content, claim that Apple’s website is in violation of the Plaintiff’s rights under the Americans with Disabilities Act (“ADA”).

The ADA, which became law in 1990, prohibits discrimination against individuals with disabilities, such as blindness, in the public sphere. This includes jobs, schools, transportation, and all public and private spaces that are open to the general public. This act allows those with disabilities to have an equal opportunity to everyone else.

In the complaint filed against Apple, Mendez claims that the Apple website is designed, constructed, maintained, and operated in a way that denies visually-impaired and blind individuals from using the website, and therefore, is in violation of the ADA. She seeks a permanent injunction to cause a change in Apple’s corporate policies, practices, and procedures in order for its website to be fully accessible to blind and visually-impaired consumers.

Typically, in a growing internet-savvy world, visually-impaired and blind people are able to use screen-reading technology that states aloud the information on the website. Alternatively, the screen-reading technology displays the content on a Braille display. Companys, when dealing with their websites, must have an invisible code embedded beneath the graphic imagines in order for the screen reader to verbalize the picture that is on its website. Apple’s website, however, does not do that.

The complaint states that the World Wide Web Consortium, the international website standards organization, has published “well-established” guidelines for making websites accessible to blind and visually-impaired people. The complaint continues to explain that these guidelines are universally followed by most large business entities and government agencies to ensure their websites are accessible.

As a result of Apple being inaccessible to visually-impaired and blind people, some of its customers are unable to determine what is on the website, look for store locations, and browse or purchase electronics, such as the widely popular iPhone, iPad, and MacBook laptops.

According to Forbes, as of 2018, Apple is the largest technology company in the world and the eighth largest company in the world. This poses no question whether it has the funds or ability to make its website accessible to all individuals. Additionally, both the company and its consumers benefit from having the website more accessible; More of Apple consumers will be able to browse/purchase its products online when visually-impaired and blind individuals can explore its website. Additionally, visually-impaired and blind people, like Mendez’ complaint asserts, should have access to all websites, and are seriously hindered when companies, such as Apple, do not make its website accessible.

Citations:

Dave Simpson, Apple Cite Violates ADA For Those Who Are Blind, Suit Says, Law360 (March 16, 2018), https://www.law360.com/articles/1074822?sidebar=true.

Mendez v. Apple Inc. No. 07550. (S.D.N.Y. filed Aug. 18, 2018).

U.S. Dep. of Jus. Civ. Rights Div. Americans with Disabilities Act (1990), https://www.ada.gov/2010_regs.htm.

Kristin Stoller, The World’s Largest Tech Companies 2018: Apple, Samsung Take Top Spots Again, Forbes (June 6, 2018, 5:50 pm), https://www.forbes.com/sites/kristinstoller/2018/06/06/worlds-largest-tech-companies-2018-global-2000/#3173ee524de6.