Vogel Internet, Information Technology and e-Discovery Blog : Texas Internet, Information Technology, eCommerce & E-Discovery Lawyer & Attorney Peter S. Vogel : Gardere Wynne Sewell Law Firm : Dallas TX

Privacy is a hot topic for users of Facebook, Google, and other Social Media sites, so the White House has proposed the following Bill of Rights for legislative consideration:

1. INDIVIDUAL CONTROL: Consumers have a right to exercise control over what personal
data companies collect from them and how they use it.

2. TRANSPARENCY: Consumers have a right to easily understandable and accessible information about privacy and security practices.

3. RESPECT FOR CONTEXT: Consumers have a right to expect that companies will collect,
use, and disclose personal data in ways that are consistent with the context in which
consumers provide the data.

4. SECURITY: Consumers have a right to secure and responsible handling of personal data.

5. ACCESS AND ACCURACY: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.

6. FOCUSED COLLECTION: Consumers have a right to reasonable limits on the personal data that companies collect and retain.

7. ACCOUNTABILITY: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

In 2011 more adult Social Media users were proactive in protecting their privacy by deleting people from as friends, deleting comments from their profiles, and removing their names from photos tagged to identify them as reported from a recent Pew Research Report entitled “Privacy management on social media.”

Internet Privacy will continue to great interest and concern, but since this is an election year it’s difficult to know how the proposed Bill of Rights will fare on the political arena.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Path confessed that it took users’ address book data without permission when the app loaded and admits it “made a mistake.”  Path's app runs on the iPhone and Android and according to Path's Story:

Path dreamed up and realized the Smart Journal–a journal that’s with you everywhere you go, posts entries without your effort, combines photo, video, music, people, places, and text, and most importantly, includes your loved ones.

As part of its confession Path declared that it deleted all data it illicitedly collected.  On Path’s About page it claims that its app accounts for “two million people sharing life with close friend and family over the world.” Ironically Path makes the following statement about describing “What is Path’s Privacy Policy?”:

At Path, we respect and value our users' right to privacy. We want you to feel safe and secure as you share your life with the people you love.

In spite of Path’s confession that it took users’ address books without permission, if you take the time to review Path’s Privacy Policy does not say that Path takes users' address book data rather states:

We actively collect certain information you voluntarily provide to us, such as when you create an account and profile, send us an email or post information or other content to our site.

No surprise that Path's Terms of Use make no mention of collecting users' address book data.

Actually it’s easy for apps to collection personal information since so few individuals bother to read Terms of Service or Privacy Policies where users might learn how their personal data is used.

Surely Path’s story is not unique and other apps collect information without disclosing their business practices to users. So stay tuned for more government regulation.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Court of Justice of the European Union (CJEU) refused to order a Social Media site to prevent the unlawful use of copyrighted works. In 2010 SABAM (Société Belge des Auteurs, Compositeurs et Editeurs), the Belgian collecting society for music royalties, lost a lawsuit to force Netlog (a Social Media site) to add a filter to block copyrighted works from its 2 million users.

On February 16, 2012 the European Digital Rights (EDRI) announced the result of an appeal of the 2010 decision and that the CJEU ruled that Netlog:

…cannot be obliged to install a general filtering system, covering all its users, in order to prevent the unlawful use of musical and audio-visual work.

This is an important ruling for copyright owners and Social Media sites.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Electronic Privacy Information Center (EPIC) filed a Motion to enjoin Google from implementing new ToS and Privacy Policies on March 1, 2012. On February 8, 2012 EPIC filed a Motion for Temporary relief against the Federal Trade Commission (FTC) to enforce Google’s March 2011 Agreement Containing Consent Order which included the FTC's oversight on Google’s Privacy Policies for 20 years. EPIC’s Motion comes on the heels of the EU’s request that Google slow down the implementation of the new ToS and Privacy Policies.

EPIC Motion claims that Google's new ToS and Privacy Policies violate the FTC Consent Order and includes the following claims:

Users will no longer be able to keep personal information they provide to use the Google email service for simply that service; Google will be able to combine the user information provided for email with other Google services, including the Google social network service.

Based on the March 1, 2012 date for the new Google ToS and Privacy Policies, EPIC reported that the court accelerated the briefing schedule so that the FTC must respond on February 17, 2012 and the EPIC file its reply by February 21, 2012. 

As a result of this fast track for EPIC’s Motion it is likely we will have a ruling by the court before March 1, 2012.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Privacy continues to be hot news, just look at Facebook’s S-1 disclosures in its Initial Public Offering (IPO) which among a myriad of “Risk Factors” includes this statement about privacy laws:

Our business is subject to complex and evolving U.S. and foreign laws and regulations regarding privacy, data protection, and other matters. Many of these laws and regulations are subject to change and uncertain interpretation, and could harm our business;

As well, Facebook confessed there is risk for their IPO regarding the privacy of the 845 million users with this statement:

…there are changes in user sentiment about the quality or usefulness of our products or concerns related to PRIVACY and sharing, safety, security, or other factors.

For more discussion about privacy issues, please read my recent eCommerce Times column entitled “GPS, Privacy and the Supreme Court” which expands my blog about the 9-0 ruling from the Supreme Court in Jones v. US.

Privacy issues will continue to be in the headlines, so stay tuned for more blogs.
 

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

EU officials announced that the new Google Privacy Policies may not insure compliance with EU laws and asked Google to halt these changes pending an investigation of the implications of personal data protection. Google’s new Privacy Policies are scheduled to go into effect on March 1, 2012 and the New York Times reported that EU authorities wrote to Larry Page (Google CEO): “call for a pause in the interests of ensuring that there can be no misunderstanding about Google’s commitments to information rights of their users and E.U. citizens.”

In the Meantime – EU Proposes Changes to its 1995 Privacy Law

The current Privacy law went into effect in 1995 and the origins of the law began in 1989 because of social concerns about privacy on mainframes, long before Social Media took off with Facebook, Google, Wikipedia, and the rest. So as you may image in 1989 let along 1995 there was no way the EU could have foreseen the evolution of the Internet and Social Media.

As my good friend Erika Morphy recently reported for eCommerce Times that “Europe appears poised to enact strict new privacy regulations geared to protect consumer data, but the debate is far from over. Representatives of businesses, particularly e-commerce companies, are descending on Brussels to plead their case.” 

In particular Facebook and other Social Media sites are concerned about the EU’s new plans for privacy that restrict Internet sites more strictly than ever before and require the Internet business to assume more responsibilities for protecting individuals. The new EU law includes a new concept referred to as “right to be forgotten” which would surely impact the large Social Media sites.

So was Google trying to change its Privacy Policies before the EU modified its 1995 Privacy laws? What do you think?
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

GPS data about an alleged drug dealer’s location obtained from a GPS device attached to his car without a warrant, violated the defendant’s Fourth Amendment guarantee of privacy. In US v. Jones the US Supreme Court ruled 9-0 that prosecutors could not use the ill-gotten GPS data. However the Court, in its opinion, included a broader reference to GPS data from wireless devices:

… cell phones and other wireless devices now permit wireless carriers to track and record the location of users—and as of June 2011, it has been reported, there were more than 322 million wireless devices in use in the United States.

So even though the Court ruled against using location data obtained without a warrant in a criminal case, it also effectively acknowledged that wireless GPS data may be the next area of privacy concern. 

However when parties voluntarily provide information to Internet sites, their expectation of privacy is different. As Justice Sotomayor stated:

People disclose the phone numbers that they dial or text to their cellular providers, the URLS that they visit and the e-mail addresses with which they correspond to their Internet service providers, and the books, groceries and medications they purchase to online retailers . . . I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year.

So the Supreme Court likely has more to say about privacy protection as it relates to GPS and Internet data.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link