New Media and Technology Law Blog

Will the Role of Facial Recognition Grow in a Post-COVID-19 World?

An interesting New York Times article last week posited that governments’ use of digital surveillance techniques for the COVID-19 response – such as the tracking of geolocation to gauge quarantine restrictions – would lead to more pervasive digital tracking in the future. On a related note, there have been reports of an increased use of facial recognition technologies as governments use digital tools to respond to the outbreak.

These developments bring to mind some interesting questions:

In the future, given our collective experience with this invisible foe, will there be a move away from contact-based security and access control systems to “germless” and “touchless” processes?

If so, what role will be played by facial recognition and other biometrics-based systems in that shift? Continue Reading

FTC Paid Endorser Settlement Sets Framework for Advertiser Best Practices

Teami, LLC (“Teami”), a marketer of teas and skincare products, agreed to settle FTC charges alleging that its retained social media influencers did not sufficiently disclose that they were being paid to promote Teami’s products. The FTC’s Complaint also included allegations that Teami made unsupported weight-loss and health claims about its products, an issue that is beyond the scope of this blog post. The Stipulated Order for Permanent Injunction and Monetary Judgment was approved by a Florida district on March 17, 2020.

This settlement is significant in that it identifies clear steps that an advertiser can follow in the interest of avoiding similar FTC allegations of deception with respect to paid endorsers. Compliance in this area remains an ongoing concern as the FTC reiterated in a statement accompanying the settlement that: “[T]he Commission is committed to seeking strong remedies against advertisers that deceive consumers because deceptive or inaccurate information online prevents consumers from making informed purchasing decisions….” Continue Reading

Supreme Court Rules That States Cannot Be Sued for Copyright Infringement, For Now…

The U.S. Supreme Court’s busy intellectual property term (with six copyright and trademark cases) rolls on. On March 23, SCOTUS ruled in Allen v. Cooper, 589 U.S. ___, No. 18-877 (Mar. 23, 2020), that states, absent consent, may not be sued for copyright infringement. In particular, SCOTUS held that Congress did not have a sufficient constitutional basis to abrogate states’ sovereign immunity in copyright infringement actions when it passed the Copyright Remedy Clarification Act of 1990 (CRCA). However, the Court noted that, going forward, the ruling would not prohibit Congress from passing a more “tailored” copyright remedy statute if it found a valid basis to suspend sovereign immunity in copyright infringement cases against states. Continue Reading

Online Platforms Sidestep Claims over User Content Decisions and Social App Functions

Despite continued scrutiny over the legal immunity online providers enjoy under Section 230 of the Communications Decency Act (CDA), online platforms continue to successfully invoke its protections. This is illustrated by three recent decisions in which courts dismissed claims that sought to impose liability on providers for hosting or restricting access to user content and for providing a much-discussed social media app filter.

In one case, a California district court dismissed a negligence claim against online real estate database Zillow over a fraudulent posting, holding that any allegation of a duty to monitor new users and prevent false listing information inherently derives from Zillow’s status as a publisher and is therefore barred by the CDA. (924 Bel Air Road LLC v. Zillow Group Inc., No. 19-01368 (C.D. Cal. Feb. 18, 2020)). In the second, the Ninth Circuit, in an important ruling, affirmed the dismissal of claims against YouTube for violations of the First Amendment and the Lanham Act over its decision to restrict access to the plaintiff’s uploaded videos. The Ninth Circuit found that despite YouTube’s ubiquity and its role as a public-facing platform, it is a private forum not subject to judicial scrutiny under the First Amendment. It also found that its statements concerning its content moderation policies could not form a basis of false advertising liability. (Prager Univ. v. Google LLC, No. 18-15712 (9th Cir. Feb. 26, 2020)). And in a third case, the operator of the messaging app Snapchat was granted CDA immunity in a wrongful death suit brought by individuals killed in a high-speed automobile crash where one of the boys in the car had sent a snap using the app’s Speed Filter, which had captured the speed of the car at 123MPH, minutes before the fatal accident. (Lemmon v. Snap, Inc., No. 19-4504 (C.D. Cal. Feb. 25, 2020)).    Continue Reading

Protecting against Cybersecurity Threats when Working from Home

With the spread of the novel coronavirus (COVID-19), many organizations are requiring or permitting employees to work remotely.  This post is intended to remind employers and employees that in the haste to implement widespread work-from-home strategies, data security concerns cannot be forgotten.

Employers and employees alike should remain vigilant of increased cybersecurity threats, some of which specifically target remote access strategies.  Unfortunately, as noted in a prior blog post, cybercriminals will not be curtailing their efforts to access valuable data during the outbreak, and in fact, will likely take advantage of some of the confusion and communication issues that might arise under the circumstances to perpetrate their schemes.

Employees working from home may be accessing or transmitting company trade secrets as well as personal information of individuals. Inappropriate exposure of either type of data can lead to significant adverse consequences for a company.  Exposure of trade secrets or confidential business information can potentially cause significant business damage or loss. Exposure of personal information can potentially trigger state or federal data breach notification laws, and result in significant liabilities for a company as well as expanded identity theft issues for individuals.  The threat is not only an online concern – physical security is at issue as well. Unauthorized access to printed copies of sensitive documents could lead to additional exposures. Continue Reading

Coronavirus and the “100% Work-From-Home” Scenario: Review Agreements with Vendors of Remote Access Technology

As part of the response to the outbreak of COVID-19, many organizations are working on contingency and business continuity plans that include an all-employee “work-from-home” scenario.  If it becomes necessary to implement such a plan, all employees of the organization will access the organization’s networks and systems remotely. Unfortunately, many organizations that are testing these plans are discovering that that their remote access technologies may not be able to handle, without significant degradation in performance, the volume of activity this will generate.  Indeed, given the complex host of business applications and collaboration tools that many businesses employ, many entities may not be fully ready for their entire workforce to access their systems remotely without first checking in with their vendors and IT personnel.

This is understandable. Except for the case of those businesses that always operate “virtually” — without any fixed offices — most organizations build their remote access infrastructure (including the related telecommunications, security, videoconferencing, collaboration and other software tools that are involved in remote access) based on an assumption that only a portion of an organization’s employees will use remote access at any given point in time.  For example, contractual service level commitments (in which vendors promise certain levels of performance of their systems) often assume a simultaneous user base being a subset of all employees of the organization.  Further, SaaS-based services that are priced based on a specific number of “simultaneous users” may not anticipate all, or substantially all, of the company’s employees using the service at the same time.

Organizations should be reviewing their agreements with the myriad set of vendors that provide software related to remote access. These reviews should evaluate what commitments, if any, are included in those agreements that may be helpful in what may be this unprecedented “100% work-from-home” effort.  To the extent contractual deficiencies or other issues are identified, early engagement with vendors can be helpful.  For example, in the event service level commitments appear insufficient to meet anticipated demand, an early discussion with the vendor may result in an increased allocation of the vendor’s resources to that customer.  And while some SaaS service agreements priced by the number of simultaneous users may allow customers to exceed simultaneous user limits (with a premium true-up at a later date), others impose hard blocks on usage in excess of contract limitations.  To the extent these issues are identified in an agreement, customers are best served by engaging with the vendor in advance – to avoid premium true-ups or interference in service. Continue Reading

Facebook Brings Suit against Mobile Marketing Firm for Siphoning User Data without Authorization

In continuing its push to enforce its terms and policies against developers that engage in unauthorized collection or scraping of user data, Facebook brought suit last month against mobile marketing and data analytics firm OneAudience LLC. (Facebook, Inc. v. OneAudience LLC, No. 20-01461 (N.D. Cal. Complaint filed Feb. 27, 2020)). Facebook alleges that OneAudience harvested Facebook users’ profile data and device data in contravention of Facebook’s terms and developer policies. OneAudience purportedly gathered this data by paying app developers to bundle OneAudience’s software development kit (SDK) into their apps and then harvesting data for those users that logged into those apps via Facebook credentials. Continue Reading

The Coronavirus and Force Majeure Clauses

Beyond the human toll of the current global health crisis, the coronavirus outbreak is having serious economic repercussions to the global economy and the supply chains on which it depends. Dun & Bradstreet reported, “at least 51,000 (163 Fortune 1000) companies around the world have one or more direct or Tier 1 suppliers in the impacted regions, and at least five million companies (938 Fortune 1000) around the world have one or more Tier 2 suppliers in the impacted region.” Factory closings, transportation restrictions and general concerns about a potential pandemic are causing shortages of critical supplies and employees, and are testing the bounds and obligations of various contracts entered into between vendors and customers.

As a result of this disruption, many businesses are assessing their contracts to understand the extent of their rights, remedies and obligations with respect to their business partners. Suppliers of goods and services unable to deliver on contractual obligations are looking to see what provisions, if any, may protect them from a default. And in turn, recipients encountering delays from suppliers unable to deliver goods and services in a timely manner (or at all) are also looking to their agreements to see what rights, obligations, and remedies they may have in these circumstances. Continue Reading

EU Releases “A European Strategy for Data”

As 2019 came to a close, we looked ahead into 2020 and noted that data would continue to be a huge issue for the digital economy.  We have not been disappointed. On February 19, 2020, the European Commission (the “Commission”) released its 35-page document entitled “A European strategy for data,” becoming just the latest of many developments in that area.

The document lays out a vision as to how – through legislation, technical standards and public-private initiatives – the EU can become a future leader in data and create a more permissive data economy.

The Commission’s goal is to create a single European data space – “a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint.” The Commission envisions common European rules to ensure:

  • data can flow within the EU and across sectors;
  • European rules and values, in particular personal data protection, consumer protection legislation and competition law, are fully respected;
  • rules for access to and use of data are fair, practical and clear, and there are clear and trustworthy data governance mechanisms in place;
  • there is an open, but assertive approach to international data flows, based on European values.

The strategy document lays out a number of concerns, problems and obstacles to achieving its vision. One theme that runs throughout is the need to create common interoperable data platforms offering small and medium enterprises (SMEs) access to a host of cloud services and advanced data processing capabilities. As the Commission sees the current state of the data environment as dominated by the big tech companies, it noted that such a high degree of market power can “enable large players to set the rules on the platform and unilaterally impose conditions for access and use of data.”  But what incentives would exist for companies to share certain data to an EU platform?  The Commission states that organizations contributing data “would get a return in the form of increased access to data of other contributors, analytical results from the data pool, services such as predictive maintenance services, or licence fees.”

Generally speaking, the Commission’s data strategy includes a number of elements:

  • A cross-sectoral governance framework for data access and use. The Commission’s proposal for legislation would include a framework for a common European data space that would “support decisions on what data can be used in which situations, facilitate cross-border data use, and prioritise interoperability requirements and standards within and across sectors.”   This would also include facilitating decisions on “which data can be used, how and by whom for scientific research purposes in a manner compliant with the GDPR.”
  • The opening of key public sector data sets. The Commission would work on making more high-quality public sector data available for reuse, in particular in view of its potential for SMEs.
  • Legislative action on issues that affect relations between actors in the data-agile economy. The Commission would seek legislative solutions to provide incentives for horizontal data sharing across sectors, in particular “addressing issues related to usage rights for co-generated data (such as IoT data in industrial settings), typically laid down in private contracts.”  Notably, the Commission stated it would also seek to identify and address “any undue existing hurdles hindering data sharing and to clarify rules for the responsible use of data (such as legal liability).”
  • Legislation regarding limited circumstances where access to data should be made compulsory.

Ultimately, it appears that a number of forces will be concurrently seeking to reshape the future of the global digital economy.  In the EU, the efforts described above, as well as the EU’s proposed Digital Services Act, which will impact content on digital platforms, and continuing GDPR enforcement will be influential in this area. In the U.S., regulators are considering antitrust enforcement efforts in the technology sector, legislators are calling for major changes to the immunities under Section 230 of the Communications Decency Act, and privacy and data security legislation and enforcement are impacting data-oriented businesses.  Other global initiatives are ongoing as well, such as a sweeping personal data privacy bill recently introduced in India and the prior passage of Brazil’s general data protection law which is set to go into effect later this year. In the meantime, investment in “big data” is growing at double digit rates. With all these ingredients placed into the pressure cooker of the global economy, what will be the result? Stay tuned!

LexBlog