On April 7, 2020, the European Data Protection Board (“EDPB”) announced that it assigned specific mandates to two expert subgroups to prepare guidance on a number of Covid-19 related topics. The list of topics chosen by the EDPB reflects those that have received the closest scrutiny by the national authorities.
Continue Reading EDPB will issue data protection guidance on several topics relating to COVID-19

On Wednesday, the Supreme Court heard oral arguments in Carpenter v.  U. S., a case that involved the collection of 127 days of Petitioner Thomas Carpenter’s cell site location information as part of an investigation into several armed robberies.  We attended the argument to gain any insights into how the Supreme Court may resolve this important case.

The central issue in the appeal is whether the government can access this type and amount of individual location data without a warrant.  But an equally important issue is whether the Supreme Court should reevaluate the “third-party doctrine” exception to the Fourth Amendment’s warrant requirement in light of dramatic changes in the way individuals interact with technology in the digital era.  The “third-party doctrine” provides that individuals have no expectation of privacy in any information that is voluntarily released to a third party—a mobile-phone provider, cloud service provider, and the like.  The Court’s decision will have major implications for technology companies’ ability to protect customer data against warrantless searches by law enforcement officials.

During the 80-minute, extended oral arguments, the Justices broadly acknowledged that technology has changed dramatically in the decades since the Court originally recognized the third-party doctrine.  Each Justice, however, appeared to place varying weight on the import of that change on current legal standards.  Justices Kennedy and Alito focused on the information itself, rather than the technology, asking whether location information should be considered more sensitive than the bank information that United States v. Miller permitted law enforcement to access without a warrant, suggesting that banking information might be considered more sensitive.  
Continue Reading The Supreme Court Arguments in Carpenter Show that It May Be Time to Redefine the “Third-Party Doctrine”

By Hannah Lepow

Yesterday California Attorney General Kamala D. Harris released guidance on how smartphone and tablet users can manage GPS and other location tracking functions on their mobile devices.

The brief information sheet, designed for consumers, details how Android and iOS users can control different types of location information on their devices, including

Following the Guardian’s recent exposé on Whisper’s consumer-privacy practices, alleging that the social-media app that supposedly allows people “to anonymously share [their] thoughts with the world . . . in a community built around trust and honesty,” in fact tracks the geolocation of users who opted out of such data collection, Chairman of the Senate

Yesterday, the FTC announced a settlement with Goldenshores Technologies, a company that makes the most-downloaded flashlight app on the Android platform.  The FTC alleged that Goldenshores violated Section 5 of the FTC Act by failing to disclose to consumers that it shared location data it collected from users’ device with third parties.  Although a list

Last Friday, Rep. Zoe Lofgren (D-CA) introduced the ECPA 2.0 Act, H.R. 6529, which would strengthen the legal standards for law enforcement to gain access to electronic communications and location information.  The Electronic Communications Privacy Act (ECPA) is more than 25 years old and is widely seen as needing modernization to address changes in digital storage, the cloud, and location-based services.  As we’ve previously noted, government access to location information is an ongoing issue for legislators, courts, and government officials.  

Continue Reading Rep. Lofgren Introduces Legislation to Update ECPA

Last week, the California legislature passed one of the nation’s most restrictive bills governing law enforcement’s ability to access location information.  Under the California Location Privacy Act, state and local government agencies would be required to secure search warrants before obtaining historical or current location information for any electronic device.  The California bill would curtail some of the law enforcement practices described in this New York Times article, which noted that cellphone carriers responded to 1.3 million law enforcement demands in 2011 — many of which came in the form of subpoenas, emergency requests, or other demands that can be less legally burdensome to secure than warrants.  

The California bill contains only a few narrow exceptions to the warrant requirement, such as responding to a user’s 911 call; with a user’s informed, affirmative consent; or in emergencies involving immediate danger of death or serious physical injury.  In the final round of amendments, the bill’s sponsors added an immunity provision for providers of location information: the Act is not to be construed “to create a cause of action against any foreign or California corporation, its officers, employees, agents, or other specified persons, for providing location information.”

Continue Reading California Legislature Bans Warrantless Location Tracking

By: Shel Abramson

The United States District Court for the Northern District of California recently dismissed with prejudice most claims asserted by consumer plaintiffs in In re iPhone Application Litigation, including causes of action under the Stored Communications Act (“SCA”), the Wiretap Act, and other federal and state laws.  Plaintiffs asserted that Apple and a group of “Mobile Industry Defendants,” including Google, violated federal and state laws by allowing third party applications for “iDevices”—the iPhone, iPad, and iPod Touch—to collect and use plaintiffs’ personal information without consent.  This personal information included geolocation information, the iPhone’s unique device identifier (UDID), and other consumer information, such as age or gender.  Two separate putative classes of plaintiffs brought claims against Apple—an iDevices Class and a Geolocation Class.  With respect to defendant Apple, Judge Lucy H. Koh dismissed all of plaintiffs’ claims with prejudice, except for two California state law claims.  All claims against the Mobile Industry defendants were dismissed with prejudice.

In rejecting the SCA and Wiretap claims, Judge Koh provided a thorough analysis of why plaintiffs’ theories did not comport with these complex and specific statutes.  If followed by other courts, this precedent could have a far-reaching effect in limiting plaintiffs’ ability to use these federal statutes to pursue alleged harms arising out of online data collection and use.  We examine Judge Koh’s discussion in some detail after the jump.

Continue Reading Key Holdings in the In re iPhone Application Dismissal Order

Government officials must seek a warrant to compel the disclosure of cell phone location data, a federal district court ruled, holding that a federal law allowing the government to obtain some information without a warrant violates the Fourth Amendment.

In a one-page order upholding a magistrate judge’s decision, U.S. District Judge Lynn N. Hughes, of the Southern District of Texas, held Nov. 11 that records showing the “date, time, called number, and location of the telephone when the call was made” are constitutionally protected, and thus the government needs a warrant based on probable cause to compel the disclosure of such data. That standard is higher than the standard required for a court order under the Stored Communications Act, which requires a government entity to demonstrate that there are “specific and articulable facts showing that there are reasonable grounds to believe” the contents of or records about an electronic communication are “relevant and material to an ongoing criminal investigation.”

Continue Reading Federal Court Finds Warrant Required to Obtain Cell-Phone Locations

As we previously noted here and here, locational privacy continues to be an area of ongoing interest.  Yesterday, a New Jersey appeals court ruled that a husband’s privacy rights were not invaded when his wife put a GPS tracking device in his car. 

In Villanova v. Innovative Investigations, Inc., A-0654-10T2 (N.J. Sup. Ct.