On March 9, 2022, the President issued an Executive Order (the “E.O.”) that articulates a high-level, wide-ranging national strategy for regulating and fostering innovation in the burgeoning digital assets space. The strategy is intended to encourage innovation yet still provide adequate oversight to control systemic risks and the attendant investor,
The concept of the “metaverse” has garnered much press coverage of late, addressing such topics as the new appetite for metaverse investment opportunities, a recent virtual land boom, or just the promise of it all, where “crypto, gaming and capitalism collide.” The term “metaverse,” which comes from Neal Stephenson’s 1992 science fiction novel “Snow Crash,” is generally used to refer to the development of virtual reality (VR) and augmented reality (AR) technologies, featuring a mashup of massive multiplayer gaming, virtual worlds, virtual workspaces, and remote education to create a decentralized wonderland and collaborative space. The grand concept is that the metaverse will be the next iteration of the mobile internet and a major part of both digital and real life.
Don’t feel like going out tonight in the real world? Why not stay “in” and catch a show or meet people/avatars/smart bots in the metaverse?
As currently conceived, the metaverse, “Web 3.0,” would feature a synchronous environment giving users a seamless experience across different realms, even if such discrete areas of the virtual world are operated by different developers. It would boast its own economy where users and their avatars interact socially and use digital assets based in both virtual and actual reality, a place where commerce would presumably be heavily based in decentralized finance, DeFi. No single company or platform would operate the metaverse, but rather, it would be administered by many entities in a decentralized manner (presumably on some open source metaverse OS) and work across multiple computing platforms. At the outset, the metaverse would look like a virtual world featuring enhanced experiences interfaced via VR headsets, mobile devices, gaming consoles and haptic gear that makes you “feel” virtual things. Later, the contours of the metaverse would be shaped by user preferences, monetary opportunities and incremental innovations by developers building on what came before.
In short, the vision is that multiple companies, developers and creators will come together to create one metaverse (as opposed to proprietary, closed platforms) and have it evolve into an embodied mobile internet, one that is open and interoperable and would include many facets of life (i.e., work, social interactions, entertainment) in one hybrid space.
In order for the metaverse to become a reality – that is, successfully link current gaming and communications platforms with other new technologies into a massive new online destination – many obstacles will have to be overcome, even beyond the hardware, software and integration issues. The legal issues stand out, front and center. Indeed, the concept of the metaverse presents a law school final exam’s worth of legal questions to sort out. Meanwhile, we are still trying to resolve the myriad of legal issues presented by “Web 2.0,” the Internet we know it today. Adding the metaverse to the picture will certainly make things even more complicated.
On January 7, 2019, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced its 2020 examination priorities. In doing so, OCIE identified certain areas of technology-related concern, and in particular, on the issue of alternative data and cybersecurity. [For a more detailed review of OCIE’s…
It is that time of year when we look back to see what tech-law issues took up most of our time this year and look ahead to see what the emerging issues are for 2020.
Data: The Issues of the Year
Data presented a wide variety of challenging legal issues in 2019. Data is solidly entrenched as a key asset in our economy, and as a result, the issues around it demanded a significant level of attention.
- Clearly, privacy and data security-related data issues were dominant in 2019. The GDPR, CCPA and other privacy regulations garnered much consideration and resources, and with GDPR enforcement ongoing and CCPA enforcement right around the corner, the coming year will be an important one to watch. As data generation and collection technologies continued to evolve, privacy issues evolved as well. In 2019, we saw many novel issues involving mobile, biometric and connected cars. Facial recognition technology generated a fair amount of litigation, and presented concerns regarding the possibility of intrusive governmental surveillance (prompting some municipalities, such as San Francisco, to ban its use by government agencies).
- Because data has proven to be so valuable, innovators continue to develop new and sometimes controversial technological approaches to collecting data. The legal issues abound. For example, in the past year, we have been advising on the implications of an ongoing dispute between the City Attorney of Los Angeles and an app operator over geolocation data collection, as well as a settlement between the FTC and a personal email management service over access to “e-receipt” data. We have entertained multiple questions from clients about the unsettled legal terrain surrounding web scraping and have been closely following developments in this area, including the blockbuster hiQ Ninth Circuit ruling from earlier this year. As usual, the pace of technological innovation has outpaced the ability for the law to keep up.
- Data security is now regularly a boardroom and courtroom issue, with data breaches, phishing, ransomware attacks and identity theft (and cyberinsurance) the norm. Meanwhile, consumers are experiencing deeper and deeper “breach fatigue” with every breach notice they receive. While the U.S. government has not yet been able to put into place general national data security legislation, states and certain regulators are acting to compel data collectors to take reasonable measures to protect consumer information (e.g., New York’s newly-enacted SHIELD Act) and IoT device manufacturers to equip connected devices with certain security features appropriate to the nature and function of the devices secure (e.g., California’s IoT security law, which becomes effective January 1, 2020). Class actions over data breaches and security lapses are filed regularly, with mixed results.
- Many organizations have focused on the opportunistic issues associated with new and emerging sources of data. They seek to use “big data” – either sourced externally or generated internally – to advance their operations. They are focused on understanding the sources of the data and their lawful rights to use such data. They are examining new revenue opportunities offered by the data, including the expansion of existing lines, the identification of customer trends or the creation of new businesses (including licensing anonymized data to others).
- Moreover, data was a key asset in many corporate transactions in 2019. Across the board in M&A, private equity, capital markets, finance and some real estate transactions, data was the subject of key deal points, sometimes intensive diligence, and often difficult negotiations. Consumer data has even become a national security issue, as the Committee on Foreign Investment in the United States (CFIUS), expanded under a 2018 law, began to scrutinize more and more technology deals involving foreign investment, including those involving sensitive personal data.
- For more information about developments over the past year on data-related issues, and to keep abreast on new developments in the future, you may want to subscribe to Proskauer’s privacy blog, privacylaw.proskauer.com. You may also want to review our Practical Law article “Trends in Privacy and Data Security:2018” and get a hold of our update that will publish in winter 2020.
I am not going out on a limb in saying that 2020 and beyond promise many interesting developments in “big data,” privacy and data security.
Yes, it’s time for the end-of-year blog post – a look back at interesting issues of 2018 and a look forward to what we see coming down the pike in the new year.
The Look Back
- In the past year, blockchain buzz was everywhere. Although still early, blockchain has in fact began to show promise as a technology bringing efficiency and cost reduction to many business operations. In 2018, many industries tested the technology and started pilot programs with an eye to replacing or supplementing traditional client-server systems with a distributed ledger-based system. 2019 promises much more in the adoption of blockchain. For continuing coverage of some of the more novel issues that blockchain presents, subscribe to our Blockchain and the Law blog.
- “Web scraping” (also known as spidering and crawling) remained at the forefront in 2018 as companies used scraping for purposes such as consumer-facing data aggregation, real-time e-commerce analytics (e.g., dynamic pricing strategies), competitive intelligence, user sentiment analysis, etc. 2018 produced many important scraping decisions in the courts, including those about CFAA liability and the intersection of scraping and software licensing, and we await the Ninth Circuit’s decision in the closely-watched hiQ appeal, which will hopefully address a number of important open issues presented by the practice.
- Privacy and data security continued to be a hot-button boardroom issue this year. The GDPR became effective, and California passed major privacy legislation which will take effect in 2020. The almost daily announcement of data security breaches continues to spawn class action litigation, testing the principles of standing after Spokeo. The federal government has pushed multiple initiatives to improve the nation’s cyber defenses. The wave of litigation under the Illinois biometric privacy law (BIPA) against Illinois employers and businesses persisted in 2018, and the continued viability of such suits may hinge on an upcoming ruling by the Illinois Supreme Court, as well as the outcome in California courts regarding the BIPA actions against social media entities. See our Privacy Law Blog for more discussion on 2018 privacy and data security developments.
As we approach the end of 2017, it is a time to reflect on the dizzying pace of technology evolution this year, and the amazing array of legal issues it presented. Similarly, it is a time to look forward and anticipate what technology-related issues we will be thinking about in the coming year.
For 2017, the list is long and varied.
This year, the true potential of blockchain was recognized by many in the commercial sector. While recent blockchain-related headlines have focused on the rise (and regulation) of cryptocurrencies, a great deal of the blockchain action has been in back office applications in financial services, supply chain and other areas. Industry wide consortia have been formed, trials and proof of concepts have been run, and, as evidenced by the recent announcement by the Australian Stock Exchange to replace its clearing and settlement system with a blockchain based system, we are moving into full production implementations of blockchain systems.
Cybersecurity garnered major attention in 2017. Unfortunately, data breaches continued to be a constant headline item, as were related class action litigation. As a result, cybersecurity was a “top of the agenda” item for state and federal agencies, state legislatures, regulators, corporate boards, GCs and plaintiffs’ lawyers.
As a related matter, privacy issues were also front and center this year. In particular, we saw increased activity in some of the cutting edge areas of privacy law, including biometrics-related litigation (particularly under the Illinois Biometric Information Privacy Act (known as BIPA)), video streaming privacy (particularly under the Video Privacy Protection Act, or the VPPA)) and mobile-related privacy issues.
There are many other issues that occupied our minds this year, including artificial intelligence, virtual and augmented reality, online copyright liability (including application of the DMCA in online contexts), and publisher/distributor liability for third party content online (under Section 230 of the Communications Decency Act). Additionally, parties involved in agreements of all types have been increasingly focused on technology-related legal risk, and were more intent on addressing and shifting technology-related risks with very specific contractual provisions.
I am pleased to announce that Proskauer has recently launched a new blog focused exclusively on the use of blockchain in business. The blog will be wide ranging in nature, covering the legal issues associated with blockchain as applied to financial services, health care, real estate, supply chain management, media…
For the third time this month, the Tezos blockchain project is the subject of a class action complaint for claims arising from their $232 million July initial coin offering (“ICO”). Consistent with both prior lawsuits, the plaintiffs allege that the Tezos ICO constituted the unregistered, non-exempt offer and sale of…
In his remarks at a recent Practicing Law Institute program on securities regulation, Securities and Exchange Commission Chairman Jay Clayton once again addressed Initial Coin Offerings, or ICOs. Mr. Clayton highlighted several issues in particular, including that in his view there is a lack of information about many online platforms that list and trade virtual coins or tokens offered and sold in ICOs, and that trading of tokens on these platforms is susceptible to price manipulation and other fraudulent trading practices.
On July 21st, Delaware Governor John Carney Jr. signed SB 69 into law. SB 69 amends the Delaware General Corporation Law (“DGCL”) to explicitly authorize the use of distributed ledger technology in the administration of Delaware corporate records, including stock ledgers.
Distributed ledger (or “blockchain”) technology-based platforms enable peer-to-peer transactions and eliminate the need for a trusted intermediary to verify and process the transactions. The potential applications of such technology in the administration of corporate records, and stock ledgers in particular, are tremendous.