On Monday, the California Attorney General (“AG”) proposed a third set of modifications to the recently enacted California Consumer Privacy Act (“CCPA”) regulations. Interested parties have until October 28 to file comments in response. These proposed modifications are the latest effort in an extensive rulemaking process that has lasted more than a year. Most recently, … Continue Reading
FCC Chairman Pai announced today that the FCC will move forward with a rulemaking to clarify the meaning of Section 230 of the Communications Decency Act (CDA). To date, Section 230 generally has been interpreted to mean that social media companies, ISPs, and other “online intermediaries” have not been subject to liability for their users’ … Continue Reading
On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Multi-State Information Sharing and Analysis Center (“MS-ISAC”) released a joint guide synthesizing best practices to prevent and respond to ransomware. This guide was published the day before OFAC and FinCEN released their coordinated guidance on ransomware attacks that we previously summarized here. … Continue Reading
The Department of Justice has released a draft bill to amend Section 230 of the Communications Decency Act of 1996, joining the chorus of voices seeking to limit the statute’s liability protections (covered here, here, here, and here). The DOJ’s draft bill incorporates recommendations from its June 2020 report analyzing Section 230, as well as … Continue Reading
Last week, the Federal Communications Commission (FCC) issued a notice of proposed rulemaking (NPRM) seeking comment on a proposal to review and potentially revise a number of existing exemptions that the FCC has adopted with respect to certain Telephone Consumer Protection Act (TCPA) requirements. The FCC’s review could end up narrowing or eliminating some of … Continue Reading
Consistent with the U.S. Department of the Treasury’s ongoing focus on cyber-enabled financial crime, on October 1, 2020, two components of the Treasury Department’s Office of Terrorism and Financial Intelligence issued guidance on ransomware-related payments. One, an advisory issued by the Office of Foreign Assets Control (“OFAC”), describes the significant U.S. sanctions risks of facilitating … Continue Reading
In the wake of the Court of Justice of the European Union’s (“ECJ”) Schrems II decision invalidating the EU-U.S. Privacy Shield (“Privacy Shield”) but upholding the validity of standard contractual clauses (“SCCs”), the U.S. government has released a White Paper entitled “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for … Continue Reading
On September 22, 2020, the Federal Trade Commission (“FTC”) hosted “Data to Go,” a virtual workshop on data portability. The workshop convened experts from civil society, academia, and industry to discuss the potential risks as well as consumer and competition benefits of data portability, as well as issues and best practices related to its implementation … Continue Reading
Another week, another proposal concerning Section 230 of the 1996 Communications Decency Act. This week, Senator Lindsey Graham (R-SC) introduced the Online Content Policy Modernization Act, which primarily establishes an alternative dispute resolution program for copyright small claims. Relevant to this blog, however, are the last three pages of the proposal, which limit civil liability … Continue Reading
The FTC recently updated Complying with COPPA: Frequently Asked Questions, the set of FAQs meant to provide informal guidance for complying with the Children’s Online Privacy Protection Act and the Commission-issued COPPA Rule. In an accompanying blog post, the FTC staff emphasized that the revisions to the FAQs “don’t raise new policy issues” and that … Continue Reading
On our fourth episode of our Inside Privacy Audiocast, we are aiming our looking glass at the California Privacy Rights Act, and are joined by guest speaker Jacob Snow, Technology and Civil Liberties Attorney with the American Civil Liberties Union of Northern California. In September 2019, Alastair Mactaggart, Board Chair and Founder of Californians for … Continue Reading
Earlier this week, a group of Republican Senators, including Roger Wicker (R-MS), Lindsey Graham (R-SC), and Marsha Blackburn (R-TN) introduced the Online Freedom and Viewpoint Diversity Act. This proposal seeks to “modify the scope of protection from civil liability for ‘good Samaritan’ blocking and screening of offensive material” under Section 230 of the 1996 Communications … Continue Reading
What guidance has the FTC recently provided on the use of AI and algorithms? Our colleagues, former FTC Commissioner, Terrell McSweeny, and AI Initiative Co-Chair, Lee Tiedrich, explain in The Journal of Robotics, Artificial Intelligence and Law.… Continue Reading
The California legislature has approved a contingency plan to ensure that certain California Consumer Privacy Act (“CCPA”) exemptions will be extended beyond December 2020. Regardless of what happens with the November ballot initiative, businesses will have at least another year before they must comply with all of the CCPA’s provisions when collecting or using certain … Continue Reading
Two developments in the past week will likely have a significant impact on businesses subject to the California Consumer Privacy Act (“CCPA”): the long-awaited CCPA regulations have been finalized and put into immediate effect with modifications, while at the same time it seems increasingly likely that the exemptions for employees’ and business-to-business contacts’ data will … Continue Reading
Today, the California Senate Judiciary Committee will consider AB 1281, which would extend the California Consumer Privacy Act’s (CCPA) business-to-business and employment exemptions until January 1, 2022, in the event that the pending ballot initiative—which also would extend the exemptions—does not pass this November. In addition, the Committee will consider two contact tracing measures, AB … Continue Reading
Senators Jeff Merkley (D-Merkley) and Bernie Sanders (I-Vermont) recently introduced the National Biometric Information Privacy Act (NBIPA), which would require private entities to obtain consumers’ and employees’ written consent prior to collecting their biometric information and expand nationwide individuals’ access rights and rights to request additional information from businesses. The bill also would grant a … Continue Reading
Today, the Supreme Court issued its decision in Barr v. American Association of Political Consultants, which addressed the constitutionality of the Telephone Consumer Protection Act (TCPA). Although the Court splintered in its reasoning—producing four separate opinions—the justices nevertheless coalesced around two core conclusions: (1) the TCPA’s exception for government debt collection calls is unconstitutional, and (2) the … Continue Reading
Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data. The bill would apply to law enforcement efforts to obtain data at rest as well as … Continue Reading
Earlier this week, the Federal Communications Commission’s (FCC’s) Consumer and Government Affairs Bureau released a Declaratory Ruling clarifying the agency’s interpretation of the “Automatic Telephone Dialing System” (an “autodialer” or “ATDS”) definition in the Telephone Consumer Protection (TCPA). The Ruling clarified that, in the context of a call or text message platform, the definition does … Continue Reading
Continuing the flood of recent proposals to amend the scope of Section 230 of the 1996 Communications Decency Act, a bipartisan group of Senators unveiled the Platform Accountability and Consumer Transparency Act (“PACT Act”) last week. Proposed by Senators Brian Schatz (D-HI) and John Thune (R-SD), the PACT Act comes on the heels of legislative … Continue Reading
On June 16, 2020, the First Circuit released its opinion in United States v. Moore-Bush. The issue presented was whether the Government’s warrantless use of a pole camera to continuously record for eight months the front of Defendants’ home, as well as their and their visitors’ comings and goings, infringed on the Defendants’ reasonable expectation … Continue Reading
As consumers rely more and more on the “independent” reviews of their peers in choosing products and services, advertisers need to remain vigilant that their role (if any) in disseminating such reviews is fairly disclosed, accurate and not misleading. The pitfalls in this area were recently illustrated by a pair of enforcement actions brought by … Continue Reading
On Wednesday, two proposals were unveiled that would reform the scope of Section 230 of the Communications Decency Act of 1996. Section 230 immunizes online platforms from civil liability based on third-party content, and provides immunity for acting in “good faith” to restrict or remove content that is “obscene, lewd, lascivious, filthy, excessively violent, harassing, … Continue Reading
