What To Do About CDA Section 230 And ISP Immunity?

Section 230 of the Communications Decency Act (CDA) became law long ago when it comes to internet time, way back in the 1990s. The main thrust of the CDA was an effort by Congress to regulate indecent content posted online. Section 230 was included within the CDA to provide general immunity to Internet service providers with respect to third-party content posted on their sites. While the indecency regulatory aspect of the CDA was struck down by the United States Supreme Court as violating the First Amendment, Section 230 survives to this day and has been the critical legal backbone that has allowed a good part of the Internet to flourish, especially social media. Continue reading What To Do About CDA Section 230 And ISP Immunity?

European Union Seeks to Update and Centralize Internet Law

While issues relating to Brexit and Boris Johnson becoming the Prime Minister of England have tended to dominate the news across the pond, not to be lost in the shuffle are reports that the European Union is in the process of creating a new law that would add further regulation of online content. The new law, titled the Digital Services Act, seeks to replace an older commerce directive from two decades ago with an updated and legally binding law. The law is reported to address a wide array of digital platforms and supposedly would focus on all aspects of tech.

So, what are some of the reported features of the Digital Services Act?

Online Takedown Laws

The new law reportedly would allow unelected European Union officials to censor illegal content on major platforms such as Facebook and Google. Such censorship also could occur with respect to internet service providers, data storage services, and cloud services.

Perhaps most notable about the new law is that European Union nations reportedly no longer would have control of Internet laws enacted by their own governments. Instead, these nations would be under the ruling umbrella of a centralized European committee.

Flowing from this, major social media sites reportedly would be subject to the European Union mandatory notice and take down rules. As a consequence, they would be required to remove any content the EU does not approve of within an hour of notice of take down.

Also, hate speech, which has a broad definition, reportedly would be outlawed and swiftly punished.

In addition, any advertising considered political would be within the ambit of European rules.

What is at work here behind the scenes?

Online Companies, IRL Legal Distinctions

Perhaps the Digital Services Act aims to recapture enforcement powers back to the European Union that were granted to national governments pursuant to the General Data Protection Regulation. This could lead to a centralized tech sector within the European Union with the power to enforce rules. This might provide benefits to European tech companies and possible detriments to major international tech companies. The law also could help EU companies operate across various EU nations but at the sacrifice of national sovereignty when it comes to tech legal requirements.

Notwithstanding other important issues presented in the news, potentially affected businesses and individuals should pay attention with respect to coming developments relating to the Digital Services Act.

Eric Sinrod (@EricSinrod on Twitter) is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him at ejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.

California Consumer Privacy Act (“CCPA”) Amendments One Step Closer to Passage

By Angelica A. Zabanal

When the California Consumer Privacy Act (“CCPA”) was passed last year, it was generally acknowledged that the CCPA would need to be clarified prior to its January 1, 2020, implementation. A variety of CCPA amendments are now one step closer to full passage.

Last month, the California Senate Judiciary Committee passed seven amendment bills to the California Consumer Privacy Act (“CCPA”).  The bills are now headed to the Committee on Appropriations for a vote. Any bills amended by the Senate will need to return to the Assembly for a vote and a possible reconciliation.  Lawmakers have until September 13, 2019 to vote on these CCPA amendments, which are summarized in their current form below:

  • B. 25 (regarding Employee Exception):  Amends the CCPA so that it excludes the collection of personal information (“PI”) from job applicants, employees, business owners, directors, officers, medical staff, or contractors, who would not be considered as “consumers” under the CCPA.  Now amended to weaken the employee exception with a sunset exemption on January 1, 2021 and negating the exemption as it pertains to the CCPA’s notice and data breach liability provisions;
  • B. 846 (regarding Customer Loyalty Programs):  Excludes application of certain prohibitions in the CCPA to loyalty or rewards programs.  Now amended to prohibit a business from selling consumer PI that was collected as part of a loyalty, reward, discount, premium features, or club card program;
  • B. 1202 (regarding Data Brokers):  Requires data brokers to register with the California Attorney General.  Now amended to exclude language that would have provided consumers the right to opt-out of the sale of their personal information by data brokers;
  • B. 1564 (regarding Disclosure Methods):  Requires businesses to provide consumers with two methods for the submission of privacy requests, including a toll-free telephone number at a minimum.  Excludes smaller online companies from the toll-free number and allows these companies to provide an email address for submitting privacy requests;
  • B. 1146 (regarding Warranty and Vehicle Repairs):  Exempts vehicle information retained or shared for purposes of a warranty or recall-related vehicle repair.  Now amended to provide a clearer description of vehicle recalls;
  • B. 874 (regarding “Publicly Available” Information):  Expands definition of “publicly available” to include information that is lawfully made available from federal, state, or local government records.  Amends definition of “personal information” to exclude de-identified or aggregate consumer information.  (Approved by the Judiciary Committee without amendments);
  • B. 1355 (regarding Opt-In Clarification):  Exempts de-identified or aggregate consumer information from the definition of PI.  Also clarifies that consumers over 13 years of age but younger than 16 years of age are required to opt in. Furthermore, parents need to authorize consent only for consumers under 13 years of age. (Approved by the Judiciary Committee without amendments.)

Stay tuned for more updates from Duane Morris LLP regarding the advancement of these CCPA amendments and join us for our CCPA webinar series.

What Trends Are Shaping Blockchain In The Legal Industry? 7 Experts Share Their Insights

Photo of attorney Daniel Tarr
Daniel Tarr

Nobody should feel smarter than their lawyer. Whether you’re on death row or in a corporate boardroom, legal counsel should provide you with peace of mind. This becomes impossible with one sniff of incompetence or uselessness.

The need for relevancy will drive blockchain adoption in the legal industry. As customers learn how blockchain (and smart contracts in particular) improve security, they may seek out lawyers who understand it too.

[…]

“The biggest trend that will shape blockchain use and adoption in the legal industry is the increased use of artificial intelligence in the legal industry.  The rise of AI solutions and products to assist in contract drafting, litigation, and other legal services will require the use of secure tracking and storage systems that can be directly integrated with the AI solutions. Blockchain is well positioned to fulfill that requirement.”

To read the full text of this article quoting Duane Morris attorney Daniel Tarr, please visit the Disruptor Daily website.

 

FBI Warns of Cybercrimes Targeting Seniors

World Elder Abuse Awareness Day took place last week on June 15. This Awareness Day highlights how older populations are vulnerable to various forms of fraud and seeks to promote education and strategies to prevent the elderly from being victims of deception.

At the federal level here in the United States, the Elder Abuse Prevention and Prosecution Act was enacted in 2017, and the Department of Justice brought forth the Elder Justice Initiative. The purpose of the Initiative is to provide a platform for the DOJ “to combat elder abuse, neglect and financial fraud and scams that target our nation’s seniors,” according to an FBI press release. As a consequence, the FBI “has prioritized [its] efforts to address elder fraud.”

Regional initiatives to protect the elderly have been introduced in the United States as well. For example, the Phoenix Field Office of the FBI is seeking to create greater knowledge about “cyber scams targeting the elderly in Arizona” in recognition of World Elder Abuse Day, as stated in the FBI press release.

Top Crimes Against Seniors

As part of creating greater awareness, the press release points out that residents over the age of 60 make up most of the cybercrime victims in Arizona in 2018 and accounted for the majority of adjusted losses in that year, citing statistics from the FBI Internet Crime Complaint Center. Continue reading FBI Warns of Cybercrimes Targeting Seniors

Another State Passes Law to Protect Consumer Data

States are taking online consumer protection into their own hands given a perceived lack of sufficient protection at the federal level. Maine now has jumped in.

Indeed, Janet Mills, the Governor of Maine, just signed into law arguably one of the strongest privacy bills in the country. This law, called the Act to Protect the Privacy of Online Consumer Information and which goes into effect on July 1, prohibits internet service providers from using, selling, or distributing data from consumers without obtaining their consent. And, according to The Hill, this new state law bars internet service providers from refusing to serve consumers, penalizing consumers or offering them discounts to seek to gain their permission to sell their data.

Consumer Affairs and Privacy

This bold step by Maine follows in the footsteps of California, a state which passed a complicated online privacy law last year. That law has been both applauded by privacy activists and criticized in certain respects by the tech industry.

At first blush, the new Maine law may be even more robust than the California law. The Maine law is opt-in in nature, requiring explicit consent from consumers before internet service providers can sell their data. The California law is opt-out in effect, making consumers affirmatively request that their data not be sold. Continue reading Another State Passes Law to Protect Consumer Data

Social Media Companies Seek Government Content Regulation?

Long ago in internet time, way back in the 1990s, Congress passed the Communications Decency Act (CDA). A key feature of the CDA is Section 230 of the statute. In essence, Section 230 generally creates immunity for internet service providers (ISPs) with respect to third-party content posted on their sites. Congress desired a strong and robust commercial internet that would be good for the economy. Congress did not believe that the commercial internet would thrive if ISPs were saddled with the incredible cost and burden of monitoring the content on their sites and having the tremendous task of deciding content that could remain and content that should be removed from their sites. Continue reading Social Media Companies Seek Government Content Regulation?

Executive Order Addresses Foreign Threats to U.S. Information and Communications Technology and Services Systems

On May 15, 2019, President Donald Trump signed Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain” (Federal Register Vol. 84. No. 96, page 22689-92).

Supported by various laws and regulations, the president determined that the United States’ information communication technology systems are increasingly under threat from “foreign adversaries,” defined as “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.” These systems and services are targets for “malicious cyber-enabled actions, including economic and industrial espionage” as they “store and communicate vast amounts of sensitive information, facilitate the digital economy, and support critical infrastructure and vital emergency services.”

To read the full text of this Duane Morris Alert, please visit the firm website.

The Federal Government Seeks to Get Hip to Artificial Intelligence

Are the robots going to take over the world?! There is no question that artificial intelligence is finding its way into our everyday lives. Some people love interacting with Alexa as part of their daily activities. Others worry about the loss of autonomy and privacy that accompanies the burgeoning AI world, and some dread that someday humans may become secondary to the artificial intelligence we have created. The AI train already is leaving the station, and before it gets too far down the tracks, what is the federal government doing in terms of potential regulation?

In a time of deep partisan divide in which Republicans and Democrats in Congress disagree on practically everything, a bipartisan group of legislators has reintroduced a bill to accelerate the adoption of artificial intelligence in the federal government. Continue reading The Federal Government Seeks to Get Hip to Artificial Intelligence