Photo of Jadzia Pierce

Jadzia Pierce is an associate in the firm’s Washington, DC office. She is a member of the Data Privacy and Cybersecurity and Communications and Media Practice Groups.

The California legislature recently passed three bills meant to address rapidly-developing technologies including the Internet of Things, artificial intelligence (AI), and chatbots.

Internet of Things. At the end of August, California became the first state to promulgate regulations requiring security features for Internet-connected devices. Senate Bill 327 requires that a manufacturer of a connected device equip the device with “reasonable security features” that are (1) appropriate to the nature and function of the device; (2) appropriate to the information it may collect, contain, or transmit; and (3) designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
Continue Reading IoT and AI Update: California Legislature Passes Bills on Internet of Things, Artificial Intelligence, and Chatbots

In August 2018, the Government of Australia unveiled a new proposed bill that would grant the county’s national security and law enforcement agencies additional powers when confronting encrypted communications and devices. The text of the draft Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (the “Assistance and Access Bill” or the “Bill”) states that the purpose is “to secure critical assistance from the communications industry and enable law enforcement to effectively investigate serious crimes in the digital era.”

The Assistance and Access Bill, if enacted, could affect a wide range of service providers both in and outside of Australia.
Continue Reading Australia Proposes New Encryption Legislation

On July 20, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) published comments it received from a wide array of tech and telecom companies, trade groups, civil society, academia, and others regarding its “international Internet policy priorities for 2018 and beyond.”  NTIA’s Office of International Affairs (“OIA”) had requested comments and recommendations from interested stakeholders in four broad categories: (1) free flow of information and jurisdiction; (2) the multistakeholder approach to Internet governance; (3) privacy and security; and (4) emerging technologies and trends.  NTIA plans to harness the comments it received to help it identify “priority” issues, and to leverage its resources and expertise to effectively address stakeholders’ interests.  
Continue Reading NTIA’s International Internet Policy Priorities for 2018 and Beyond

Earlier this week, the Fourth Circuit Court of Appeals affirmed a lower court decision to dismiss a Telephone Consumer Protection Act (“TCPA”) lawsuit against General Dynamics Information Technology, Inc. (“GDIT”), on the basis that GDIT was immune from suit as a government contractor under what is known as the “Yearsley doctrine.”  Craig Cunningham v. GDIT, No. 17-1592 (Apr. 24, 2018).

GDIT was hired to assist the Centers for Medicare and Medicaid Services (“CMS”), a government agency, by calling individuals using an autodialer and a pre-approved script to provide information about their health insurance options under the Affordable Care Act.  When plaintiff Craig Cunningham received one of these calls, he filed a lawsuit alleging that GDIT had violated the TCPA for failing to obtain his prior consent.

The Fourth Circuit agreed with the lower court finding that GDIT was immune from suit under the Supreme Court’s Yearsley doctrine.  In Yearsley, the Supreme Court held that the doctrine of sovereign immunity that traditionally applies to the U.S. government may be extended to government contractors in instances where (1) the government authorized the contractor’s actions in question; and (2) the government “validly conferred” such authorization.  Yearsley v. W.A. Ross Construction Co., 309 U.S. 18, 20-21 (1940).  More recently, the Supreme Court applied the Yearsley doctrine to the TCPA, holding that contractors may be exempt from TCPA claims so long as they are lawfully acting on behalf of the government.  Campbell-Ewald Co. v. Gomez, 136 S. Ct. 663, 672 (2016).


Continue Reading 4th Circuit Affirms Dismissal of TCPA Suit Based on ‘Derivative Sovereign Immunity’

On the heels of the Federal Trade Commission’s (“FTC”) third annual “PrivacyCon,” the Future of Privacy Forum hosted its eighth annual “Privacy Papers for Policymakers” event on Capitol Hill—a gathering in which academics present their original scholarly works on privacy-related topics to D.C. policy wonks who may have a hand in shaping laws and regulations at the local, federal, and international level. The goal of the event is, in part, to foster academic-industry collaboration in addressing the world’s current and emerging privacy issues.

FTC Commissioner Terrell McSweeny kicked off the program with a reminder of the unique challenge that has always faced the world of tech policy: the rapid acceleration of the Digital Age and the need for consumer rights to catch up. Commissioner McSweeny opined that the challenge may require some solutions that go beyond privacy—such as individual control over personal data, data portability, and governance by design—and pointed out several ways in which the honored papers may help spur the evolution of existing privacy frameworks:
Continue Reading Future of Privacy Forum: Privacy Papers for Policymakers 2018

Last week, U.S. Customs and Border Protection (“CBP”) released a revised Directive governing searches of electronic devices at the border.  These are the first official revisions CBP has made to its guidelines and procedures for devices since its 2009 Directive.  The new Directive is intended to reflect the evolution of technology over the intervening decade, and CBP’s corresponding need to update its investigative techniques.

Notably (and as in previous CBP Directives), the new Directive does not require officials to obtain a warrant before conducting searches of travelers’ devices—even if the traveler being searched is an American—based on CBP’s position that searches and seizures at the border are exempt from the Fourth Amendment’s “probable cause” requirement.  CBP nevertheless acknowledges that its searches must still meet the Fourth Amendment’s “reasonableness” requirement, which the self-imposed restrictions contained in the Directive are meant to achieve. 
Continue Reading CBP Revises Rules for Border Searches of Electronic Devices

Earlier this month, the FTC settled with two social media influencers for failing to provide adequate disclosures in their promotions of their company, and issued 21 warning letters to other influencers it felt continued to violate the FTC Endorsement Guidelines in spite of the educational letters the FTC had sent earlier this year. In addition to the new “FAQ” examples the FTC provided in its guidance materials and this blog post (which contains an instructional video), the FTC hosted a live Twitter chat to directly answer questions regarding its influencer disclosure policies. 
Continue Reading FTC Twitter Chat: Influencers 101

The FTC recently announced that it reached a settlement with two social media influencers, Trevor Martin and Thomas Cassell, for deceptively endorsing their owned and operated online gambling service “CSGO Lotto” without disclosing that they were the owners of the site, as well as paying other well-known social media influencers to promote the site without requiring them to disclose the payments in their posts. In addition, the FTC issued warning letters to 21 out of the 90 social media influencers it had sent educational letters to earlier this year, citing specific social media posts that they felt still failed to “clearly and unambiguously” disclose a material connection between the influencers and the brands or products they were promoting. The letters asked them to respond in writing, by September 30th, advising staff of whether they do, in fact, have a material connection with the brands/products cited in the letters and, if so, describing how they will ensure such relationship is clearly disclosed going forward. Finally, the FTC updated its guidance on its official Endorsement Guidelines with additional examples featuring common social media advertising mechanisms such as Instagram, Snapchat, and Facebook.
Continue Reading FTC Reaches Settlement with Influencers; Issues Updated Guidance

On August 28, 2017, the U.S. Government Accountability Office (“GAO”) publicly released a report regarding consumer privacy issues associated with the rapidly increasing number of cars that are “connected”—i.e., capable of wirelessly monitoring, collecting, and transmitting information about their internal and external environments.  The report examines four key issues: (1) the types of data collected by connected cars and transmitted to selected automakers, and how such automakers use and share such data; (2) the extent to which selected automakers’ privacy policies are in line with established privacy best practices; (3) selected experts’ views on privacy issues related to connected cars; and (4) federal roles and efforts related to consumer privacy and connected cars.

Process

The GAO turned to a variety of resources to explore the four identified issues.  For starters, the GAO conducted a series of interviews with relevant industry associations, organizations that work with consumer privacy issues, and a sample of sixteen automakers (thirteen of which offered connected vehicles) based on their vehicle sales in the U.S.  In addition, the GAO analyzed selected automakers’ privacy policies and compared them to privacy frameworks developed by the Organization for Economic Cooperation and Development (“OECD”) as well as the Federal Trade Commission (“FTC”), the National Highway Traffic Safety Administration (“NHTSA”), and the National Institute of Standards and Technology (“NIST”).  Finally, the GAO consulted relevant sources (e.g., federal statutes, regulations, and reports) and interviewed agency officials, including those from the Department of Transportation (“DOT”), the FTC, and the Department of Commerce.
Continue Reading GAO Releases New Vehicle Data Privacy Report

On August 18, 2017, the Central Bank of Kenya (“CBK”) used its authority under Section 33(4) of the Banking Act to publish a Guidance Note on identifying and mitigating cyber risk.  The Guidance Note directs institutions licensed under the Banking Act (Cap. 488) (“Institutions”) to develop and implement a comprehensive set of program requirements to mitigate cybersecurity risk.

According to a 2016 report by Serianu, a Kenya-based IT services and business consulting firm, Kenya lost approximately $175 million to cybercrime in 2016.  The report identifies the introduction of e-services in both the private and public sector as a major factor behind the dramatic increase in new cyber weaknesses.  Other experts say the interconnectivity of the Kenyan economy and the automation of banking services have further exposed Kenya’s financial sector to risk.  In issuing the Guidance Note, the CBK also recognized the “interconnectedness” of financial Institutions and the need for a coordinated approach and information sharing to maintain “public trust and confidence in the financial system.”

As a result, CBK’s Guidance Note establishes minimum requirements that Institutions should adopt in order to develop effective cybersecurity policies and procedures, but recognizes that it is “not a replacement for and does not supersede the legislation, regulations and guidelines that institutions must comply with as part of their regulatory obligations.”  Among other things, the Guidance Note provides regulatory guidance for the following key areas:
Continue Reading Central Bank of Kenya Issues Guidance Note on Cybersecurity