EU High Court Overturns Telecom Data Retention Requirements

The Court of Justice of the European Union, the highest court in the EU, declared the EU’s 2006 Data Retention Directive invalid in a judgment issued on April 8, 2014. The directive, which has been implemented via national legislation by most EU member states, requires telecommunications and Internet providers to collect and retain traffic and location data regarding users’ calls and Internet activity for up to two years in order to assist law enforcement in the prevention of “serious crime” (such as organized crime and terrorism). The Court of Justice, however, determined that the directive interferes with European citizens’ fundamental rights to privacy.
Continue Reading...

Social Networking for Jerks: FTC Goes After Site for Scraping Facebook Content

In the 1979 Carl Reiner film The Jerk, a new phonebook is delivered and Steve Martin, playing the title character, rejoices that “I'm somebody now! Millions of people look at this book every day! This is the kind of spontaneous publicity - your name in print - that makes people. I'm in print! Things are going to start happening to me now.”
As we all know, a quarter-century later, things have changed. Getting one’s name publicized takes only a few seconds—if not to millions of people, at least to whomever we’re connected on social media. But, according to the Federal Trade Commission, jerks still abound.
Continue Reading...

Updated Location Privacy Protection Act Introduced

On March 27, 2014, Senator Al Franken (D.-Minn.) introduced the Location Privacy Protection Act of 2014, a bill that addresses so-called “stalking apps.” While Senator Franken’s intent is to target those apps designed to maliciously track individuals without their knowledge, the legislation (an updated version of a bill we discussed three years ago) would require all companies to get users’ permission before collecting and sharing location data from smartphones, tablets, and in-car navigation devices. To obtain consent, entities subject to the law (if passed) would have to provide “clear, prominent, and accurate notice” that tells the user that his or her geolocation information will be collected. The notice must also identify the categories of entities to which the geolocation information may be disclosed, and provide a link or some other easy means for users to access publicly available information about the geolocation data to be collected. The bill includes several exceptions to the consent requirement, allowing the collection or use of geolocation data without the requisite notice and consent for purposes such as allowing parents to locate children, and enabling the provision of emergency services.
Continue Reading...

Google "Street View" case may be headed for SCOTUS Review

By John D. Seiver

Google held true to its promise to seek SCOTUS review of the Ninth Circuit’s interpretation of the term “radio communications” in the Wiretap Act when it filed its Petition for Certiorari last week. Google had argued in the Ninth Circuit that intercepting unencrypted Wi-Fi transmissions is within a specific exemption, but the Ninth Circuit (initially and on rehearing) held instead that unencrypted Wi-Fi is protected from interception by the Wiretap Act. Absent an extension, oppositions are due April 30, 2014.
Continue Reading...

California AG Weighs in on Cybersecurity

By Paul Glist and Leslie Moylan

Just as NIST completes its version 1.0 national Framework for Improving Critical Infrastructure Cybersecurity, California Attorney General Kamala Harris has made clear she intends a leadership role for California. With a guide called “Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents,” the AG offers a simplified, brief, and plain English version of cybersecurity protections directed toward small and medium size California businesses that likely lack the resources to hire full-time cybersecurity personnel. The Guide’s “Practical Steps to Minimize Cyber Vulnerabilities” are based on acknowledged deficiencies in the devices, websites, and apps at the network’s edge, and on the need for users and businesses to discipline their behavior and increase their vigilance against threats. The best practices outlined in the Guide are not unique to small or medium size businesses and overlap to a large extent NIST’s perspective on threats and cyber recommendations from many sources. The NIST Framework provides greater detail and is more explicit in the latitude it provides for business judgments about the proportionality of precautions with respect to the specific risks. Both the California Guide and NIST Framework seek to prod organizations to analyze risks, determine needs, and outline plans to protect, detect, respond and recover.
Continue Reading...

Oregon Restricts Employers' Access to Private Social Media Accounts

By Christie S. Totten, Chrys A. Martin, Angela Galloway, and Peter G. Finch

 Oregon recently joined numerous states in prohibiting employers from seeking access to employees’ or prospective employees’ private social-media accounts, personal email, and other online content. Employers may not:
  1. Require or request that an employee or applicant allow the employer access to the individual’s personal social media account (e.g. cannot ask for the password)
  2. Compel an employee or applicant to add the employer to the individual’s social media contact list, (e.g. cannot require the employee to “friend” the employer on Facebook); or 
  3. Compel an employee or applicant to allow the employer to view the personal account.
Continue Reading...

Federal Lawmakers Revive Do Not Track Kids Legislation

By Christin S. McMeley, Paul Glist, and Leslie Gallagher Moylan

A bipartisan, bicameral effort is again underway to extend current law and impose new restraints on the online tracking of children and teens under the age of 16. As promised, on Thursday, Nov.14, 2013, Senator Edward Markey (D-Mass) and Rep. Joe Barton (R-Texas) introduced their respective versions (S. 1700 and H.R. 3481) of the “Do Not Track Kids Act of 2013.” Specifically, the Do Not Track Kids Act would:

·         Extend many of the privacy protections already afforded to children ages 12 and under in the Children's Online Privacy Protection Act (COPPA) to teens through age 15 ;

·         Formally include online and mobile applications (the FTC already did this through enforcement actions and then by rule in its recent COPPA amendments);

·         Expand the definition of “personal information” to include device identifiers;

·         Extend COPPA protections to geolocation information;

·         Prohibit targeted marketing to children and minors without verifiable parental consent for children or the consent of a “minor” (13-15 year old);

·         Require the operators of a website, online service, or online or mobile application “directed to minors” to adopt and comply with a “Digital Marketing Bill of Rights for Teens” that is consistent with the Fair Information Practices Principles; and

·         Attempt to arm parents and their children with an “eraser button” to eliminate publically available personal information online.

Using momentum gained from the ineffective attempts to establish broader, voluntary Do Not Track standards and mechanisms, California’s recent “Do Not Track” and “Eraser” laws, and increased interest by lawmakers in online tracking and privacy issues generally, Senator Markey and Congressman Barton have focused their efforts “to protect children and teens”—which may be the only way to advance the broader Do Not Track concept in a stymied Congress.

Continue Reading...

Dealing with Networks and Regulatory Compliance: The Legal Side of Mobile Retail

On April 16, 2013, DWT lawyers James Mann and Ronnie London presented on the topic of “Dealing with Networks and Regulatory Compliance: The Legal Side of Mobile Retail” at the RAMP Advanced Commerce and Mobile Retail Services Summit in Chicago.

The presentation focused primarily on two topics:

  • Why the Networks Are Here to Stay (and Some Suggestions for Dealing with Them)
  • Update on Mobile Regulatory Issues

To view the full presentation, click here.

Congressmen ask FTC to Investigate Internet Use of "Supercookies"

By David M. Silverman

Two Congressmen have written a letter to the Federal Trade Commission (FTC) asking the FTC to investigate certain websites’ use of “supercookies” to track the activities of website visitors after they have left the website and without their knowledge. The letter, written by Congressmen Joe Barton (R-TX) and Ed Markey (D-MA), is based on an August Wall Street Journal article discussing their use. The cookies have become a key issue based on concerns they may be placed without knowledge of computer users and are practically invisible to them. Such so-called “supercookies” differ from traditional HTTP cookies that track user data in that they are small files hidden within Adobe Flash and elsewhere that remain on users’ computers even when browsing history and cache are cleared, and can be picked up even when browsing in “private browsing” mode.

Continue Reading...

Internet Privacy Class Actions

In today’s cyberworld, operating in online and social media can put companies in a special class. Unfortunately, that class could mean a class action lawsuit. Websites and social media provide search engines, website operators, and advertisers powerful ways to obtain and monetize data about users. Jimmy Nguyen explores how this power has triggered public and governmental concern about consumers’ online privacy, even leading to a Wall Street Journal investigative report in August 2010 and a wave of class action lawsuits. To read more, click here.

Six Tips for Compliance with Europe's New Cookie Rules

By Robert F. Stankey and Adam Shoemaker

While the European Union’s deadline for implementing new cookie rules has passed, substantial uncertainty remains about what organizations should do to make their online activities compliant. In this advisory we offer six practical tips for dealing with the uncertainty.

Continue Reading...

FTC Data Security Consent Decree Suggests Minimum Steps Companies Must Take

Posted by Ronald London

The FTC recently announced a consent decree with online retailer Life is good ( that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The FTC claimed Life is good offered such reassurances but failed to have in place sufficient measures (from the FTC's view) to back them up, based on the ability of a hacker to use SQL injection attacks on Life is good’s website to access consumers' credit card numbers, expiration dates, and security codes. To resolve allegations in a draft complaint the FTC had prepared alleging unfair trade practices, Life is good settled the claims by entering a consent decree requiring it to adopt a comprehensive information-security program and obtain biennial audits by an independent third-party security professional … for the next 20 years.

Continue Reading...

New AOL Initiative May Help Shield Consumers from Targeted Advertising

Posted by Hozaifa Y. Cassubhai

Web users may be better able to travel incognito online by the end of the year. 

AOL unveiled a new program last week that is designed to help webusers shield their online travels from advertisers. This technology would allow users to opt-out of online ads that are targeted to them based on their Web-surfing habits. The program aspires to “engender greater trust for targeted advertising by communicating with consumers in a more visible way, and by providing them more information about their choices,” stated Curt Viebranz, president of AOL’s ad platform.

Continue Reading...

Douglas Decision Applies Settled Law Regarding Online Contract Changes

Posted by Randy Gainer

InDouglas v. United States District Court, No. 06-75424, 2007 WL 2069542, at *1-2 (9th Cir. July 18, 2007), the Court held that the terms of a revised online contract were ineffective when a user was not notified of changes when they were made.The Court statedthat the trials court’s decision finding the contract changes were effective “reflects fundamental misapplications of contract law and goes to the heart of petitioner’s claim. . . .” Id.

Although some observers seemed to believe the Douglas decision established new law, it applied long-settled principles, as others recognized. Principles regarding how online agreements may be amended are summarized in Raymond P. Nimmer & Holly K. Towle, Amending or Modifying the Terms, ¶ 8.10[7] The Law of Electronic Commercial Transactions (2007). Among those principles is that, under the common law of contracts, which generally governs service contracts, there must be an offer, acceptance, and consideration to amend a contract. Id. at *1-2. Douglas simply applied the offer and acceptance rule: a party cannot offer an amendment nor the other party accept the amendment without the offeror providing notice of the change. 

Continue Reading...

Amending Terms of Service - Are Website Postings Enforceable?

Posted by Charlene A. Brownlee

In our wired world of texting, email and the Internet, businesses continually communicate with potential and existing customers online. The majority of websites, regardless of content and functionality, post a link to an online agreement, typically referred to as the website “Terms of Use,” “Legal Terms,” “Acceptable Use Policy,” (or something similar). This agreement usually provides that, “We may amend this Agreement at any time by posting the amended terms on this Site.”

Continue Reading...

Internet Adapts to Surveillance by Law Enforcement

Posted by Thomas Jeffry

Monday (May 14th) marked the deadline when all facilities-based broadband Internet access providers and providers of interconnected VoIP (voice over Internet protocol) needed to comply with Section 103 and 105 of the Communications Assistance for Law Enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279. Cable modem companies, satellite internet companies, DSL providers, and broadband over powerline join traditional telecommunications carriers in providing technology that allows law enforcement agencies to tap into email, instant messaging, web browsing logs, and other forms of electronic communications.

Continue Reading...

U.S. SAFE WEB Act of 2006

Posted by Charlene Brownlee

Congress approved S. 1608, the “Undertaking Spam, Spyware, And Fraud Enforcement with Enforcers beyond Borders Act of 2006,” (the US SAFE WEB Act of 2006) on December 9, 2006. The US Safe Web Act amends the Federal Trade Commission Act (FTCA) and improves the Federal Trade Commission (FTC)’s ability to protect consumers from international fraud by: (1) improving the FTC’s ability to gather information and coordinate investigation efforts with foreign counterparts; and (2) enhance the FTC’s ability to obtain monetary consumer redress in cases involving spam, spyware, and Internet fraud and deception.

Continue Reading...

Court Rules Providers of Broadband Internet and VoIP Services Must Make Networks "Wiretap-Friendly"

Posted by Brian Bennett

The U.S. Court of Appeals for the D.C. Circuit recently ruled in American Council on Education v. Federal Communications Commission that providers of broadband Internet access and voice over Internet protocol (VoIP) must make their services “wiretap-friendly” under the Communications Assistance for Law Enforcement Act (CALEA), 47 U.S.C. §§ 1001-1010.

The emergence of new communication technologies, including DSL, cable modems and VoIP, led providers to replace physical copper wires with ethereal and encrypted digital signals, which are harder to intercept using traditional law enforcement methods. Responding to these changes, Congress passed CALEA in 1994, requiring “telecommunications carriers” to ensure that law enforcement officials can access provider networks.

Continue Reading...

Gonzales Continues to Push ISPs to Retain Data

Posted by K.M. Das

On Friday, May 26, 2006, United States Attorney General Alberto Gonzales and FBI Director Robert Mueller met with representatives of several Internet Service Providers (ISPs), including AOL, Comcast, Google, Microsoft and Verizon Communications, to urge them to consider retaining subscriber data for periods as long as two years. Although the initial justification for requiring ISPs to agree to retaining data was to fight child pornographylaw enforcement officials now state that requiring ISPs to retain subscriber data for as long as two years will also help in the fight against terrorism.



Continue Reading...

Whose Internet Is It, Anyway?

Posted by Merrill Baumann

Historically, the Internet has "belonged" to the United States. It traces its origin to a Defense Department project; the authoritative root zone server is physically located here; and ICANN reports to the Department of Commerce. But that doesn't sit well with a growing number of countries and international organizations, including the U.N. and EU. This issue will face an increasingly public battle next month at the upcoming World Summit on the Information Society in Tunisia. And in the US, members of Congress have joined a Senate colleague in introducing legislation that calls for the US to maintain oversight control over the Internet. While creating a broader international management platform is attractive, opponents say that more governmental supervision will lead to increased regulations and bureaucracies that will stifle innovation and further development.

What do you think?