New Media and Technology Law Blog

Reflections on the TechLaw Issues of 2018…and a Look Forward. Will 2019 Be a Year on the Edge, in the Fog, or Maybe Just in the Cloud?

Yes, it’s time for the end-of-year blog post – a look back at interesting issues of 2018 and a look forward to what we see coming down the pike in the new year.

The Look Back

  • In the past year, blockchain buzz was everywhere. Although still early, blockchain has in fact began to show promise as a technology bringing efficiency and cost reduction to many business operations. In 2018, many industries tested the technology and started pilot programs with an eye to replacing or supplementing traditional client-server systems with a distributed ledger-based system. 2019 promises much more in the adoption of blockchain. For continuing coverage of some of the more novel issues that blockchain presents, subscribe to our Blockchain and the Law blog.
  • “Web scraping” (also known as spidering and crawling) remained at the forefront in 2018 as companies used scraping for purposes such as consumer-facing data aggregation, real-time e-commerce analytics (e.g., dynamic pricing strategies), competitive intelligence, user sentiment analysis, etc. 2018 produced many important scraping decisions in the courts, including those about CFAA liability and the intersection of scraping and software licensing, and we await the Ninth Circuit’s decision in the closely-watched hiQ appeal, which will hopefully address a number of important open issues presented by the practice.
  • Privacy and data security continued to be a hot-button boardroom issue this year. The GDPR became effective, and California passed major privacy legislation which will take effect in 2020. The almost daily announcement of data security breaches continues to spawn class action litigation, testing the principles of standing after Spokeo. The federal government has pushed multiple initiatives to improve the nation’s cyber defenses. The wave of litigation under the Illinois biometric privacy law (BIPA) against Illinois employers and businesses persisted in 2018, and the continued viability of such suits may hinge on an upcoming ruling by the Illinois Supreme Court, as well as the outcome in California courts regarding the BIPA actions against social media entities.  See our Privacy Law Blog for more discussion on 2018 privacy and data security developments.

Continue Reading

Locational Tracking on iOS and Android Devices: Check the Platform’s Rules!

This post discusses some of the contractual requirements imposed by Apple and Google regarding the collection and sharing of locational information.  What consents, if any, do Apple and Google require that app publishers obtain before collecting and using locational information?  This is a question that is being asked with increasing frequency.  In fact, a regular beat of media coverage on the issue  (see, e.g., here or here), has reached crescendo levels with a much-discussed article this past week in the New York Times. Coincidentally (or maybe not?), the NYT article was published the day before Google CEO Sundar Pichai testified before the House Judiciary Committee on Google’s privacy and data collection practices, among other things. Continue Reading

FCC Approves Rule That Would Permit Cable Providers to Send More Notices via Email

In an effort to modernize communications, the Federal Communications Commission (“FCC”) decided to allow cable operators to deliver general subscriber notices required under so-called Subpart T rules (47 CFR §§ 76.1601 et seq.) to verified customer email addresses. This decision was announced through a Report and Order on November 15, 2018. This update is part of the greater trend towards using electronic communications and electronic contracting to replace paper as supported by the federal Electronic Signatures in Global and National Commerce Act (“E-Sign Act”) and related state laws. The E-Sign Act allows electronic records to satisfy legal requirements that certain information to be provided in writing if the consumer has affirmatively consented to such use. However, the E-Sign Act allows federal agencies like the FCC to exempt a specified category or type of record from the normally required consent requirements if it makes the agency’s requirements less burdensome and does not harm consumers. In this case, based on an understanding that it would be impractical for cable operators to attempt to receive permission from each individual customer prior to initiating electronic delivery of these general notices, the FCC waived the consent requirement pursuant to their discretion under the E-Sign Act. Continue Reading

“Cyberattack” Campaign That Purportedly Flooded YouTube Channel with “Dislikes” Not a CFAA Violation

A recent dispute between an advertiser AXTS Inc. (“AXTS”) and a video production company GY6vids (“GY6”) produced an interesting issue involving the federal Computer Fraud and Abuse Act (CFAA) – that is, whether an entity that allegedly overloaded another company’s YouTube channel content with a flood of “dislikes” following a contractual dispute is liable under the CFAA for accessing a protected computer “without authorization.”  (AXTS Inc. v. GY6vids LLC, No. 18-00821 (D. Ore. Oct. 24, 2018)).

We have been closely monitoring the evolving state of the law regarding CFAA liability for certain commercial web scraping and related practices.  The instant case between AXTS and GY6 is a little different in that the claim did not arise from AXTS’s alleged access to video content stored on GY6’s network, but publically-accessible videos stored on a third-party’s (e.g., YouTube) servers.    Continue Reading

Illinois Supreme Court To Decide Scope of Illinois Biometric Privacy Law

On November 20, 2018, the Illinois Supreme Court heard oral argument on whether a company’s technical violation of the Illinois Biometric Information Privacy Act (“BIPA”) is sufficient to confer standing or whether a plaintiff must allege actual harm resulted from the violation. (Rosenbach v. Six Flags Entertainment Corp. et al., No. 123186) (prior decision). The Court’s forthcoming decision will have significant implications for Illinois employers and businesses given the enormous wave of BIPA class actions. [Please see our posts here and here for background on BIPA developments].

Read the full post about the Illinois Supreme Court argument on our Law and the Workplace blog. Continue Reading

Defend Trade Secrets Act Claims Subject to CDA Section 230 Immunity

In what is one of the most recent attempts to circumvent the immunity provided in Section 230 of the Communications Decency Act (“CDA” or “CDA Section 230”), the United States District Court for the District of Massachusetts made it clear that claims brought under the Defend Trade Secrets Act (18 U.S.C. §§ 1836, et seq.) (“DTSA”) are not exempt from the scope of CDA immunity. In Craft Beer Stellar, LLC v. Glassdoor, Inc., No. 18-10510, 2018 U.S. Dist. LEXIS 178960 (D. Mass. Oct. 17, 2018)), the district court found that, as stated in the DTSA itself, the DTSA is not an “intellectual property” law, and is therefore not excluded from the scope of the immunity provisions that protect online service providers from being treated as a publisher or distributor of third-party content. The ruling is a victory for online providers, affirming a robust interpretation of CDA immunity and representing what is likely the first judicial view on how federal trade secret claims should be treated under CDA Section 230.  Continue Reading

WSJ Article on Geolocation Data Highlights Risks for Fund Managers

Last week the WSJ published an article detailing how companies are monetizing smartphone location data by selling it to hedge fund clients.  The data vendor featured in the WSJ article obtains geolocation data from about 1,000 apps that fund managers use to predict trends involving public companies.  However, as we’ve noted, the use of alternative data collection for investment research purposes may give rise to a host of potential issues under relevant laws.

Read the full post on our The Capital Commitment blog.

Continue Reading

Biometric Suits Continue, Including Recent Action Against IoT Company

Last December, we noted the continuing robust wave of Illinois biometric privacy suits.  At that time, dozens of suits had been filed in Illinois state court against Illinois-based employers and other businesses alleging violation of Illinois’s Biometric Information Privacy Act (BIPA), which generally regulates the collection, retention, and disclosure of personal biometric identifiers and biometric information, and encourages businesses that collect such personal data to employ reasonable safeguards.  More and more BIPA actions against employers and businesses based upon alleged violations of the notice and consent provisions of the statute continue to be filed, even as the Illinois Supreme Court considers the appeal of the Rosenbach decision.  In that case, the Illinois Supreme Court will presumably answer the question of whether a person “aggrieved” by a violation of BIPA must allege some injury or harm beyond a procedural violation.  The ruling will certainly have an effect on the pending lawsuits alleging mere procedural BIPA violations. Continue Reading

Illinois Appellate Court Reinstates Biometric Privacy Action, Finding Potential Harm in Alleged Disclosure of Fingerprint to Outside Vendor

Late last month, an Illinois appellate court reversed a lower court’s dismissal of biometric privacy claims against a tanning salon franchisee that had collected the plaintiff’s fingerprint to allow entry in its own salon and any L.A. Tan salon location nationwide.  (Sekura v. Krishna Schaumburg Tan, Inc., 2018 IL App (1st) 180175 (Ill. App. Sept. 28, 2018)).  The plaintiff alleged that the tanning salon violated the Biometric Information Privacy Act (BIPA), which regulates the collection, retention, and disclosure of personal biometric identifiers and biometric information, by collecting her fingerprints without obtaining the required written release and providing the required disclosure concerning its retention policy, and further by disclosing her fingerprints to a third-party vendor. [Note: In 2016, in a separate suit, the same plaintiff settled BIPA claims with L.A. Tan Enterprises, Inc., operator (directly and through franchisees) of L.A. Tan tanning salons]. Continue Reading

Common Software Licensing Language at Issue in IP Dispute

Licensors of software typically utilize software license agreements providing for their ownership of the licensed software and related IP, as well as restrictions barring licensees from reverse engineering the code at issue.  The scope of protection, of course, depends on the final language of the licensing agreement and disputes can arise when licensees decide to develop similar software in-house, or with a third party.  Indeed, a recent case, Ford Motor Co. v. Versata Software Inc., No. 15-10628 (E.D. Mich. Sept. 7, 2018), tackled some of these issues.  Continue Reading

LexBlog