Month: April 2015

April 14th, 2015

US Senators Proposes New Privacy Bill to regulate Data brokers

By Luis Camargo

Link: http://www.pcworld.com/article/2893672/lawmakers-target-data-brokers-in-privacy-bill.html

It has been a long time since companies adopted targeted marketing as one of its most important commercial strategies. The idea is simple: the more you know about your client (or prospective client) the better you will be able to market your products and services.

Personal and individualized information have then suddenly become a very valuable asset. And naturally, it became clear that gathering and selling this is personal information could be a very profitable business. In this context, the so-called Data brokers were born.

It is important to note that Data brokers acts very differently than Credit Report companies. The latter are companies that routinely receives data from banks, credit card companies and others sources, and under the rules of the Fair Credit Reporting Act (FCRA), are responsible for the confidentiality and accuracy of the information, and sells the credit reports for specific uses allowed by the law, such as the application for credit, insurance, employment, or renting a home[1].

Data brokers, on the other hand, are companies that operates “collecting, analyzing and packaging some of our most sensitive personal information and selling it as a commodity…to each other, to advertisers, even the government, often without our direct knowledge[2]”.

Even though both credit reporting companies and data brokers basically gathers and sells personal information, the difference is evident: while credit reporting companies are regulated and obligated to grant consumers access and opportunity to dispute inaccurate information[3], data brokers act almost in the obscurity. There is no regulation, and many consumers have absolutely no idea of their existence. There is no clear information about how those companies collect data, what information is collected, and, more importantly, to whom this data is sold.

As already mentioned, the collection of consumer’s data is not something new. Consumers are used to give their names, telephone numbers, and other types of personal information to brick and mortar stores.

However, with the advent of the Internet this scenario became much more critical. It is not only easier to storage, organize and classify personal information contained in electronic files, but it is also easy to collect it from all our online activities.

The more we use Internet the more is likely that we are giving a surprising amount of information about ourselves. Today not only the information that we voluntarily provide in websites that we use is shared, but most importantly, there are countless applications in our cellphones that while we use them to avoid traffic, to order our favorite meal, or even to buy a ticket to watch the next Knicks game, valuable information (and probably the most desirable information for target marketing) is also been collected and gathered by data brokers.

On March 26, 2012 the Federal Trade Commission (“FTC”) issued the FTC Final Commission Report on Protecting Consumer Privacy[4], containing important rules “setting forth best practices for businesses to protect the privacy of American consumers and give them greater control over the collection and use of their personal data[5]”.

As a very important attempt to bring the attention for the necessity of a regulation for Data brokers, the FTC included a recommendation to the Congress to “consider enacting targeted legislation to provide greater transparency for, and control over, the practices of information brokers[6]”. “The proposed framework recommended that companies provide consumers with reasonable access to the data the companies maintain about them”, in a way that it would give more control about what and how information about them is used”[7]. In addition, FTC called on data brokers to make their operations more transparent by creating a centralized website to identify themselves[8].

FTC’s actions didn’t stop with the issuance of the Final Report on Protecting Consumer Privacy. In December 2014, FTC filed a complaint against data broker Leap Lab, for selling “sensitive personal information of … consumers – including Social Security and bank account numbers – to scammers who allegedly debited millions from their accounts[9]”. Even though it was an important way to call the attention of Data brokers that the FTC is actually aware of their practices, it is clear that FTC do not have substantial authority to properly and timely enjoin Data brokers abusive practices.

Therefore, as a response to FTC efforts and concerns about consumer privacy, “[f]our U.S. senators have resurrected legislation that would allow consumers to see and correct personal information held by data brokers and tell those businesses to stop sharing or selling it for marketing purposes”[10].

In a similar bill that failed to pass the Senate in 2014, the Data Broker Accountability and Transparency Act[11] was proposed last March, as a necessary solution for the regulation of data brokers.

The Bill has important provisions that address several of the problems raised by the FTC, aiming to assure the accuracy of the data collected, and more importantly, giving the right of the consumer to access the data collected and also to stop the Data brokers to share personal information for marketing purposes. Moreover, the bill grant jurisdiction to the FTC to “craft rules for a centralized website for consumers to view a list of data brokers covered by the bill[12]”.

Even though a similar bill had failed in the pass, it seems that it is time to Congress to impose regulation on data brokers to advance consumers’ information and privacy protection.

The article in discussion also brings negative comments about the bill, specially by the Direct Marketing Association (“DMA”), which represents the data broker industry.

The DMA claims that “[t]he legislation isn’t needed”, specially because Data brokers “are continually taking steps on their own to improve transparency to consumers” and arguing that the “kind of transparency is happening every day, in terms of self-regulation in the marketplace”[13].

Even though the alleged self-regulation could be argued as a solution for this industry, it is evident that this was something that the FTC has been promoting without success with the Final Commission Report on Protecting Consumer Privacy. The experience already proved that consumers are not protected without a law that would address the problem of transparency and consumer access of information.

Although there is a good incentive for data brokers to provide the most accurate information possible to its customers, a voluntary implementation of a system that would allow any person to consult and revises, or even block the use of her information could be so costly, that the data broker that legitimately cares about consumer privacy would never be able to compete with careless companies that would not give any importance to consumer privacy rights.

In conclusion, a new data broker data would be a fundamental instrument not only to protect consumer privacy, but also to level the playing field, imposing all the data brokers to give transparency and to allow consumer validation of the information the company is selling.

 

[1] Disputing Errors on Credit Reports [https://www.consumer.ftc.gov/articles/0151-disputing-errors-credit-reports]

[2] The Data brokers: Selling your personal information. [http://www.cbsnews.com/news/data-brokers-selling-personal-information-60-minutes/]

[3] Disputing Errors on Credit Reports. Id.

[4] FTC Issues Final Commission Report on Protecting Consumer Privacy [https://www.ftc.gov/news-events/press-releases/2012/03/ftc-issues-final-commission-report-protecting-consumer-privacy]

[5] Id.

[6] Id.

[7] Protecting Consumer Privacy in an Era of Rapid Change [https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf]

[8] FTC Issues Final Commission Report on Protecting Consumer Privacy. Id.

[9] FTC Charges Data Broker with Facilitating the Theft of Millions of Dollars from Consumers’ Accounts [https://www.ftc.gov/news-events/press-releases/2014/12/ftc-charges-data-broker-facilitating-theft-millions-dollars]

[10] Lawmakers target data brokers in privacy bill [http://www.pcworld.com/article/2893672/lawmakers-target-data-brokers-in-privacy-bill.html]

[11] http://www.markey.senate.gov/imo/media/doc/2015-03-04-Data-Brokers-Bill-Text-Markey%20.pdf

[12] Lawmakers target data brokers in privacy bill. Id.

[13] Lawmakers target data brokers in privacy bill. Id.

April 9th, 2015

Talking Barbie

By: Rugeradh Tungsupakul

According to the recent toy fair in New York City, Mattel, the manufacturer of Barbie dolls, had introduced “Hello Barbie”, a new version of its famous Barbie dolls that can listen and talk back to children.

Basically, Hello Barbie will be functioned by speech recognition and Wi-Fi connection. Whatever your children say to Hello Barbie will be recorded and saved in the cloud. In this way, Barbie is collecting a lot of information about your children and responses to them based on those saved information.

Please follow this link for more information: http://money.cnn.com/2015/03/11/news/companies/creepy-hello-barbie/

In my opinion, Hello Barbie may, at least, encounter the following controversies:

• Parents cannot control what will be recorded and transmitted to the cloud. For instance, children may intentionally or accidentally push a record button anytime. This means any voices or conversation within the house will leak out to the outside world.
• Responses from Barbie are out of the parents’ control. Even it is claimed that Barbie’s responses will be based on information recorded and saved in the cloud, this is not a guarantee that its responses to children will be relevant, appropriate and harmless to either children or parents.

With regard to issue (ii), though Mattel may claim its entitlement to the First Amendment Right, the parents should have the right to select what kind of information should be allowed in their house as well as what kind of message their children can consume. Assuming that children play with their Barbie at home, parents should have the right of a householder to bar any unwanted message sent into their house. (Rowan v. United States Post Office Department)

Another possible argument of Mattel may be that the responses from Barbie are non-commercial speech so it should not subject to a lesser protection as a commercial speech is. Therefore, Hello Barbie’s function should be fine as long as it complies with the Children’s Online Privacy Protection Act[1].

In my personal point of view, messages from Barbie may either be ‘commercial’ or ‘non-commercial’. Due to the lack of detailed information of Hello Barbie, I would like to make a comparison in the following situations:

Scenario 1[2]:

Children: “What should I be when I grow up?”

Barbie: “Well, you told me you like being on stage, so maybe a dancer?”

Scenario 2:

Children: “I feel so lonely, what should I do?”

Barbie: “You are not alone. At least, you have me or you may ask your parents to buy more talking friends!”

Obviously, the answer from Barbie in Scenario 2 should be considered as a commercial speech because it proposes a commercial transaction and relates solely to the economic interests of the speaker and its audience. This might be a big task for Mattel to escape from the stricter scrutiny.

Further, it is interesting to think whether the government would be authorized to regulate the use of Hello Barbie in addition to the Children’s Online Privacy Protection Act. Based on a three-part test of Central Hudson, assuming that the commercial speech is not misleading and relates to lawful activities, it is highly likely that the government can assert protection of both parents and children as a substantial interest to be achieved by the regulation. Children, by nature, can easily be convinced and may be used as a part of hardcore marketing trick. Parents, if cannot control the content of messages sent to their children, may financially suffer because of their children’s deceived demand.

In addition, the regulation must be directly advanced the government interest and narrowly tailored not to restrict more speech than necessary in order to survive Central Hudson. However, these two prongs should be better to discuss after more details of Hello Barbie are available in the marketplace.

Since there is a high possibility that more and more controversies may arise after Hello Barbie hits the store this fall, it is very interesting to keep an eye on how the government and the society will react to this new coming doll.

****************

[1] This is a claim from Mattel’s spokeswoman.

[2] This is a real example from the toy fair.

April 9th, 2015

Court finds Hulu did not “knowingly” disclose PII in violation of VPPA, grants summary judgment[i]

 By: Mariana Cunha e Melo

1. The case

One of the seminal cases on the interpretation of the Video Privacy Protection Act (VPPA) has just come to an end: the In Re Hulu Privacy Litigation. The Northern District Court of California dismissed the case with prejudice on March 31, 2015 on the grounds that Hulu did not “knowingly” disclose plaintiff’s information to third parties.

The case was brought by Hulu’s viewers under the VPPA provision that prohibits any person in the business of providing prerecorded audio visual materials from “knowingly” disclosing “information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider”. Plaintiffs alleged unlawful disclosures of data to two companies: the metrics company comScore and the social media company Facebook.

 

2. Background

On April 28, 2014, the Court dismissed most of the claims based on the finding that the information disclosed to comScore were not “personally identifiable information” in the meaning of the statute. In re Hulu Privacy Litig., 2014 WL 1724344, *12 (N.D. Cal., 2014). The opinion reasoned that sharing unique anonymous identifiers do not violate the VPPA when the context surrounding such disclosure does not reverse this anonymity. 2014 WL 1724344, *11 (N.D. Cal., 2014). And concluded that no evidence suggested the link between users’ identities and their video habits was found in the disclosures to comScore.

As to the alleged unlawful data sharing with Facebook, the Court concluded that the context in which Lulu disclosed users’ data could make more obvious the link between the users’ identity and video views. Hulu’s conduct regarding Facebook consisted in inserting a “Like” button on its watch pages. The Court found that it could cause cookies to be sent to Facebook if a Hulu user happened to have recently logged into Facebook under specific settings. These cookies would reveal the Facebook ID of the visitor of a particular watch page, along with other information that Facebook could link to a specific individual. The opinion then narrowed the remaining issue as to whether Hulu made a “knowingly” disclosure to Facebook, that is, whether the company knew it was transmitting video watching information along with personal identifying information.

The Court then held there was not enough evidence to sustain a summary judgment for the defendant and denied its motion. On August 29, 2014, Hulu filed a new summary judgment motion.

 

3. Latest developments of the case

On March 31, the Court granted the defendant’s motion on the grounds that Hulu did not have “actual knowledge” that the cookies it sent to Facebook contained the users’ Facebook ID or that Facebook would aggregate the information it received separately. The Court found that the occurrence of automatic data sharing and the fact that Facebook tied users’ identity and video views did not implicate Hulu had actual knowledge of what would was happening. Finally, the Court held that the evidence showed Hulu in fact did not have knowledge of the operation of the cookie associated with the Facebook “Like” button. And that Hulu employee’s general knowledge that data sets may me aggregated to identify users did not change the case, since all employee’s communications referred to other functionalities rather than the “Like” button.

 

4. Thoughts on the aftermath

The report on the case indicates that the Court adopted “actual knowledge” as a standard of liability demanding a very high level of fault in identifying individual users to particular video habits. After all, the Court found no liability in the fact that Hulu inserted on its website a functionality that it did not know what consequences could bring to its users’ privacy.

The Court’s ruling in In re Hulu reflects a clear position in favor of innovative data sharing among different services. Considering the importance the April 28, 2014 ruling has gained in the caselaw (see, e.g, the Cartoon Network case), this final decision is also expected to be very influential to future cases interpreting the application of VPPA to new technologies.

[i] By Dominique R. Shelton, Derin B. Dickerson, Elizabeth Broadway Brown and Michael J. Barry, Apr. 03, 2015. Available at: http://www.lexology.com/library/detail.aspx?g=ae277a8c-3a4d-4e79-941d-e60171a6d576.

April 9th, 2015

LinkedIn not linked to First Amendment

By: Diwaagar Radhakrishnan Sitaraman

 https://cases.justia.com/federal/district-courts/california/candce/5:2013cv04303/270092/47/0.pdf?ts=1402647762

This blog is a discussion on the decision of the US District Court for the Northern District of California in the case of Perkins v. LinkedIn Corp. [2014 U.S. Dist. LEXIS 160381].

Facts:

LinkedIn is a famous social networking website. This is dedicated for professional networking and has over 200 million users. The members maintain a profile similar to their resume and connect with other users by creating “connections”. LinkedIn earns revenue through three types of services viz. “Talent Solutions”, “Marketing Solutions” and “Premium Subscriptions”. The revenue of LinkedIn is directly proportional to the number of its users.

The plaintiffs are nine professional and claim to be representing class of LinkedIn users. They allege that LinkedIn collects email-ids of its users’ contacts from their email address during the sign-up process and through “Add connection” feature. It sends an initial invite message to all these contacts to join LinkedIn and also sends reminders at later point in time. These reminder emails are sent without plaintiff’s knowledge or consent. The plaintiff filed complaint before the court alleging: 1. Violation of California’s common law right of publicity; 2. Violation of California’s statutory right of privacy; 3. Violation of California’s UCL. The only basis for federal court’s jurisdiction in this case is the Class Action Fairness Act § 1332 (d). The defendants moved for dismissal of the complaint and this decision was on the same.

Decision:

There were several points raised by the defendants in support of their motion to dismiss. This blog will discuss and analyze only the First Amendment defense of the defendants.

The defendants raised several arguments that stem from First Amendment. Firstly, it argued that the emails were to “facilitate associations among people and therefore concerns matter of public interest” and they are non-commercial speech falling under the First Amendment protection. The reminder emails were not solely for the purpose of advertising so they cannot be commercial speech for the First Amendment purpose. The court rejected this argument relying on the Bolger’s test (Bolger v. Youngs Drug Products., 463 U.S. 60, 66, 103), wherein it was held that pamphlets containing discussions important of public issues were commercial speeches. The LinkedIn court held that the defendant’s reminder emails were sent for advertisements, promoting their service and had economic motivations. It concluded that the Bolger’s three prong test is satisfied. Hence, the reminder emails are commercial speeches.

The plaintiffs also alleged in their complaint that the emails were misleading and does not deserve the First Amendment protection. The emails sent by LinkedIn appeared to have been endorsed by the plaintiffs. This caused reputational damage to them as they have to apologize to several users for spamming them with several emails. The court relied again on Bolger and held that these emails were misleading and First Amendment does not come to rescue of the defendants.

The next argument of the defendants was that the reminder emails were protected by First Amendment as they are “incidental” or “adjunct” to the connection invitation which are protected by First Amendment. They also claimed that reminder emails promote rights of free speech and association. They relied on Page v. Something Weird Video (960 F. Supp. 1438, 1443-44 (C.D. Cal. 1996)) among others. The Court distinguished this case by stating that the defendant in Page used a video of an actress who acted in the video and the same videos were protected by the First Amendment. But, in the current case there is no underlying work that is protected by First Amendment to which the reminder emails would be “incidental” or “adjunct” to. Hence, this argument fails.

The court partially allowed the motion to dismiss with the right to amend the complaint.

Analysis:

The defendant in this case relied on First Amendment protection among others. The court relied on Bolger’s test to hold the defendant’s reminder emails were commercial speeches. Main advantage for the plaintiff was that these two cases have a similar facts. In Bolger’s case the medical informational pamphlets were held to be commercial speech as they were 1. Advertisements; 2. Promoting their product; 3. Had economic motivations. The reminder emails could be compared to that of advertising pamphlets in Bolger. The revenue model of LinkedIn depends on its number of users. Its reason to promote the website is directly linked to the revenue interests. Thus, the court was right in concluding that these reminder emails were commercial speeches because they were advertisements with economic motive. The court was also right in holding that the statements were misleading. All of us get several spams emails or unwanted emails. We reject or delete these emails as they come from an unknown sender. But, those which refer to any of our contacts shall have a different consideration. We may consider them seriously and may also subscribe to them. LinkedIn used this to its advantage and sent emails making its reminder emails appear to have been endorsed by their users who were friends with the targets of these emails. This is definitely added to the reputational damage of the LinkedIn users. It also misled the targets. Hence, the court was right is holding that these were misleading. Applying Central Hudson test where the US Supreme Court, First Amendment does not cover the misleading commercial speech. The defendants lost the First Amendment protection. I am in total agreement with the court’s decision.

 

 

 

 

 

April 9th, 2015

Court blocks VPPA class action: Problems with VPPA definitions of “consumer” and “provider”

By: Amanda Gayer

With widespread concerns emerging about privacy on the internet, many people have become increasingly cautious about which online services they sign up for, what information they provide to theses services, and what the service’s privacy policy says. Subscribers of online video providers, fortunately, receive some protection from the Video Privacy Protection Act (VPPA), which prohibits video services from disclosing most personal information (other than a customer’s name and address) without the customer’s consent.

But, online video viewers shouldn’t breathe a sigh of relief just yet. On Tuesday April 7^th, a New York federal district judge rejected a class action lawsuit under the VPPA because the plaintiff class was not covered by the statute. The named plaintiff, Ethel Austin-Spearman, alleges that when she watched “The Walking Dead” on AMC television network’s online streaming service, AMC collected her personal information and provided it to Facebook without her consent.

Because of the language of the VPPA, only “consumers” are protected. Under the statute, a consumer is defined as “any renter, purchaser, or subscriber of goods or services from a video tape service provider.” 18 USCS §2710(a)(1). Ms. Austin-Spearman argued that “consumer” should be interpreted to include anyone who does more than simply visit a website – including viewing a streamed online video.

However, Judge Buchwald rejected this argument and blocked the class action suit. According to her, the plaintiff’s interpretation of “consumer” is too broad. The word implies a relationship greater than unregistered use of the site’s streaming services. This means that anyone who has not signed up for or paid for a video service is not protected by the VPPA. This outcome seems to be consistent with a recent California case against Hulu, another online video provider. In that case, the plaintiff’s success turned in part on the subscription relationship between the plaintiff and Hulu.

Although the judge dismissed the complaint, she gave the plaintiff leave to amend the complaint to include a fact that she had failed to include – that she had provided AMC with personal information when she registered for the company’s Walking Dead newsletter. Judge Buchwald expressed skepticism that this would alter the outcome. Should it?

Under the VPPA, a consumer is “any renter, purchaser, or subscriber of goods or services from a video tape service provider.” If the plaintiff provided personal information by registering for a service (the newsletter) from the provider (AMC), then based on a literal reading of the statute, the plaintiff should be covered.

However, the Judge’s reluctance to acknowledge the validity of such a claim may stem from the fact that the newsletter and the video streaming are two separate services. Although they are services from the same provider, the Judge seems to be reading the statute to mean that the information must be given in relation to the specific service in question – not just any service provided by the provider.

Should the VPPA be read literally, or should it be read to consider AMC’s video streaming and AMC’s newsletter as two distinct providers?

It seems that online consumers, when providing information to a company, assume that that information will be used by the company as a whole, not used by a distinct subdivision (like the newsletter). If consumers understand that they are providing the company as a whole with information, perhaps that information should be protected regardless of which service it was provided for. This reading is supported by a literal reading of the test, and would provide protection that consumers reasonably expect based on the structure of a website like AMC’s.

Despite the judge’s skepticism and the plaintiff’s procedural blunders, this point remains to be argued and decided. Stay tuned.

Full article available at (may need to register to view article):

http://www.law360.com/newyork/articles/640338/amc-viewer-not-covered-by-video-privacy-law-judge-rules

 

April 3rd, 2015

Verizon’s Mobile ‘Supercookies’ Seen as Threat to Privacy[1]

By: Christian Díaz Ordóñez

The issue of advertisement campaigns targeted at specific sectors of the consumer base will remain a controversial issue. Despite growing regulation and stronger position from governmental and judicial entities around the world, technology seems to be winning the battle in the struggle to obtain more information in a cheaper, faster, and more complete manner.

In the article above quoted, the authors discuss the need of stronger regulation for internet services. Perhaps this regulatory approach needs to be complemented by having better enforcement mechanisms targeted at each of the participants in the internet (i.e. not exclusively to companies as Google, but also to service providers), especially aimed at protecting privacy rights of all its users.

The article highlights a most troubling reality, as users are witnessing how their privacy rights are diminishing, and their alternatives to protect themselves only keep reducing. Users may no longer be “safe” by eliminating cookies from their browsers, but now they have to face the fact that there are super-cookies that simply cannot be eliminated. Big Brother 2.0.

Internet providers are getting an economic benefit by selling its users’ searching history, tendencies and information about their activities. Even if the question of privacy was left aside, from a strictly legal perspective, these companies are getting income with no consideration from their counterparties. The situation is challenging, to say the least, from every single legal perspective.

Even more troubling is the fact that Internet providers are also subject to hackers and other attack sources, thus leaving users’ information at high risk of being accessed by unscrupulous third parties. In addition, history has proven that these services providers are very prone to providing information to governmental entities without major questioning.

As a matter of principle, one must assume that governmental requests are made in pursuit of the greater good of security, and that government officials will refrain from incurring in the excessive use of power. Even if this was not the case, then the judicial “system” must be so thoroughly aligned so as to prevent, punish and deter the occurrence of such breaches.

Certainly, individual citizens may be afraid of an ever-intruding service providing entities, which may just store information of individuals for no apparently legal (or even ethical?) reasons. That fear has motivated revolutions and different constitutional and judicial changes that strive to protect one’s privacy. Individuals may fear that they may be discriminated against for race, sex, religion, political convictions, or otherwise, once the government has enough information to do so.

Nevertheless, this fear should, ideally, be non-existent in a well-functioning democracy. This fear should be non-existent in a democracy where institutions prevail over temporary shocks or crisis situations. This fear should be non-existent in a democracy where powers are properly balanced. The inherent worry still remains open and ever present.

 

[1] By NATASHA SINGER and BRIAN X. CHENJAN. 25, 2015. Available online at: http://www.nytimes.com/2015/01/26/technology/verizons-mobile-supercookies-seen-as-threat-to-privacy.html?_r=0

April 3rd, 2015

‘Eavesdropping’ WiFi Barbie is Seriously Creepy

By: Andrea Carlon

This fall, Mattel is expected to launch ‘Hello Barbie’, a doll that incorporates a voice-recognition technology, which captures the child’s speech. The recorded data is transferred via WiFi to TalkToy´s (company that has developed the technology) cloud servers. As a result of the processing and analysis of the data, over time, the ‘talking Barbie’ will be capable of learning information about the child and will be able to reproduce such information.

Internet-connected toys hold out the tantalizing promise of personalized services and also, the risk of privacy perils. First and foremost, the data which is being collected, pertains to minors. Even though, according to TalkToy, parental consent shall be required to activate the voice recognition feature, it remains controversial to what extent are parents protecting the minor’s privacy when allowing a company to record them and hand in all the information

Second, concerns as to what sort of information is exactly being collected are unclear. For instance, will the companies be able to track the location of children? Furthermore, neither Mattel nor TalkToy have disclosed what the privacy policy provisions will include. Also, in terms of the purpose of the data, will Mattel be allowed to share this data with third party advertisers? Given the company’s deteriorated economic situation, is there a heightened risk of them selling the data?

Third, advocates for privacy have expressed their unrest to the launching of this product. For instance, the CCFC (Campaign for a Commercial-Free Childhood) has questioned the use and purposes of the data collected. Furthermore, Professor Campbell from Georgetown University, Center on Privacy and Technology, has raised the issue as to the value for marketers of the information of what a child can say to their toys, and the potential unfairness towards children.

Fourth, the privacy issues this article contemplates should be contextualized within the recent and rising phenomenon of the Internet Of Things (IOT), making every day objects into technological devices connected to internet and transmitting data continuously can be concerning in many ways.

While it seems that many questions remain unresolved today, the Hello Barbie is expected to be available to consumers by the end of this year. We will have to wait to see how courts deal with privacy concerns derived from IOT, which surely and probably in a short period of time will arise.

Links to articles:

• Privacy advocates try to keep ‘creepy,’ ‘eavesdropping’ Hello Barbie from hitting shelves: http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/11/privacy-advocates-try-to-keep-creepy-eavesdropping-hello-barbie-from-hitting-shelves/
• Campaign for a Commercial-Free Childhood: http://commercialfreechildhood.org/action/shut-down-hello-barbie

 

April 3rd, 2015

Facebook (again) struggles with Privacy

By: Fernanda Echavarría

http://www.wsj.com/articles/facebook-confronts-european-probes-1427975994

http://www.technewstoday.com/22579-facebook-probed-in-europe-over-privacy-issues/

http://www.cnet.com/news/facebook-privacy-probes-ramp-up-in-europe/

http://www.chicagotribune.com/news/local/breaking/ct-facebook-facial-recognition-lawsuit-met-story.html

Privacy regulators from Spain, France and Italy have recently joined Dutch, Germany and Belgium authorities in the investigations of Facebook privacy practices. In particular, the group of European regulators would be investigating the use of the worldwide famous “Like” feature to track user’s habits, as well as the collection techniques and aggregation of data for the purposes of targeted advertisement.

Facebook is not the only U.S. located company under examination by European authorities (see Google, Apple and Amazon). The differences between U.S. and E.U. Privacy Law have created an increasing tension that is screaming for legislative harmonization action. Previous attempts in this regard, such as the Safe Harbor Agreement, have proven not enough in the data protection current state of affairs. Notwithstanding how difficult it may seem to achieve, an organized set of rules promoting proper balance between privacy rights and development of new businesses in the U.S. and Europe, should be a primary concern of the authorities at both sides of the Atlantic. Countries outside Europe and the U.S. usually follow one or the other approach, so the lack of a uniformed legislation will have effects all around the world.

As for the current investigation, and notwithstanding Facebook’s allegation of lack of jurisdiction from the group of European privacy regulators, we will have to see if Facebook will wait for an official resolution of such group or, as we have seen in previous occasions, e.g. Belgium investigations and introduction by Facebook of the timeline feature, if it will attempt to avoid possible fines by adapting its practices to comply with the concerns of the European watchdogs.

But European privacy issues are not the only privacy related problems faced by the social network company. This week a man sued Facebook in the U.S. claiming that the facial recognition system used to tag persons in photos would be illegal under Illinois Privacy Law. Considering the allegations, the problem appears to be that there is no option to delete the information collected by Facebook when a person is tagged to a photo. Even if the person is no longer tagged, after the user takes the relevant steps in that sense on its privacy settings, Facebook still has that data and the user cannot erase it.

The multiple uses and features and the constant development of Facebook, and social media in general, will continue to raise privacy issues as the ones mentioned here. It is to be expected that the relevant authorities will face these new challenges on time and properly balancing all interest at play.

 

 

 

April 2nd, 2015

Robert Durst case; is there a privacy concern on his alleged confession?

By: Tomás Kubick

Panel 4

Robert Durst, a real state businessman and millionaire, is being charged with the murder of his friend Susan Berman. Those facts alone do not have special signification for privacy law. The twist on this case is that as the press has stated one key clue that led to Durst’s detention is an audio recording on which he allegedly confesses the murder. There may be a privacy concern of how that record.

HBO was filming the documentary “The Jinx: The life and Deaths of Robert Dusts” which investigated Durst’s life and his relation with three murders, included Susan Berman’s. On one interviewed conducted to prepare the documentary, Durst was faced with evidence that supposedly incriminated him, evidence that he denied. Shortly after, he went to the bathroom and on solitude he stated, “What the hell did I do? Killed them all, of course”.

Durst’s lawyers have announced that he will declare himself innocent and surely will try to exclude HBO’s recording from trial. One strategy to do so could involve raising privacy concerns issues. Defendant could argue a breach of his fourth amendments rights. To do so, they should characterize the recording as a search and somehow link it with a governmental investigation regarding with this case, which is unlikely to happen.

Notwithstanding, defense can argue that the recording breaches The Wiretap Act (18 U.S.C. §§ 2510-2522). In case that the recording was obtained with breach to the act, there is an exclusionary rule. The Wiretap Act does not apply if one of the parties of the communications consented. Under this premise defendant will try to argue that he consented to be recorded on the set but not outside of it, even though he agreed that any record of him could be used as HBO deemed reasonable. This issue will be the key issue because if it is found that his consent was just for “on stage”. If this is believed this way, it may be sustained that every person has a reasonable expectation of privacy if he is alone in a bathroom.

On the other side, it may be hard to argue that a person voluntarily wearing a microphone did not gave consent to be recorded. Even in such situation The Wiretap Act may not apply. For a communication to be deemed oral, the person involved on it must “[exhibit] an expectation that such communication is not subject to interception”. It can be sustained that a person wearing a microphone does not exhibit such expectancy.

As exposed, there are serious privacy law question on Mr. Durst’s case with arguments balancing on each side of the dispute. It will be the task of courts to answer them and to continue shaping the reaches of this topic on criminal procedures.