What's Next: Does America Need A Federal Privacy Agency? + Spies in the Valley + California Spills Details
Lawyers are sounding off on the push to create a federal agency to oversee user privacy.
November 13, 2019 at 02:51 PM
8 minute read
Welcome back for another week of What's Next, where we report on the intersection of law and technology. This week, lawyers sound off on the potential for a federal agency overseeing user privacy. Plus, two Silicon Valley tech companies are targeted by international surveillance operations. And California joins the choir of AGs looking into Facebook. Let's chat: Email me at [email protected] and follow me on Twitter at @a_lancaster.
A Privacy Agency is Born?
Lawmakers are turning rage against Big Tech's mishandeling of user data into legislation. Last week, Reps. Anna Eshoo and Zoe Lofgren of California introduced a bill that would create a regulatory body called the Digital Privacy Agency to enforce privacy rights.
Joe Dickinson, a data use and security lawyer at Smith Anderson in Raleigh, North Carolina, said the bill is meant to provide needed federal guidance on user privacy. However, some of the details in it might be a "knee jerk reaction," Dickinson said.
"There's a growing recognition and growing distrust against American companies," he said. "Some are bad actors—they're doing things with your data they told you they wouldn't do."
Yet, legislative mandates in the bill requiring companies to report breaches with the agency and attorneys general within 72 hours "misses the point" when it comes to data breach notification, he said.
"With a lot of breaches, companies don't really know what's going on within 72 hours," he said. "When you force people to provide notice in such a short time frame, I think that leads to misinformation. It leads to individuals being a little bit desensitized, because they can't tell if this is really a problem or is it just another regulatory requirement."
Additionally, Dickinson said the focus on online protection is limited. "The majority of records that are compromised typically come from an electronic or online breach, but there are still more breaches on paper records in terms of numbers," he said. "So, if you're going to a special law to address privacy, it should address more than just online uses of information."
Dickinson said a helpful addition to the bill would be a safe harbor, like in Ohio's Data Protection Act, to shield companies from liability if they're doing all the right things to protect user data.
A regulatory body such as the one proposed in the U.S. House of Representatives' bill is a trend that Jordan Fischer, managing partner of XPAN Law Group, is seeing, especially in Europe. "I think it's something that could provide more consistency in data protection and also ensure that minds who have been trained and focused on this on a daily basis are actually the ones enforcing the [California Consumer Protection Act] and any other regulations," Fischer said.
The challenge for the Federal Trade Commission, the Department of Justice and attorneys general across the United States charged with enforcing privacy regulations is that they are already overworked, under-resourced organizations, who do not have specialized knowledge in this space, she said.
Spycraft in Silicon Valley
A few weeks back, I mentioned a lawsuit from a Saudi activist who sued Twitter for exposing his personal data after the company unknowingly hired an alleged spy from the Kingdom of Saudia Arabia onto its engineering team.
Last week, the alleged spy mentioned in that complaint, Ali Alzabarah, was charged, as well as two other people reportedly involved in the scheme to funnel personal data of users who have criticized the kingdom's rulers and officials.
"The criminal complaint unsealed … alleges that Saudi agents mined Twitter's internal systems for personal information about known Saudi critics and thousands of other Twitter users," said David L. Anderson, the U.S. attorney for the Northern District of California. "U.S. law protects U.S. companies from such an unlawful foreign intrusion. We will not allow U.S. companies or U.S. technology to become tools of foreign repression in violation of U.S. law."
Alongside Alzabarah, Ahmad Abouammo and Ahmed Almutairi are charged with acting as an agent of a foreign government. Abouammo was also charged with obstructing justice by lying to agents and providing a fake invoice.
A Twitter spokesperson said in an email statement that the company recognizes "the lengths bad actors will go to try and undermine our service." The spokesperson added that the company limits "sensitive account information" to employees who have been trained and vetted.
"We understand the incredible risks faced by many who use Twitter to share their perspectives with the world and to hold those in power accountable," the spokesperson said. "We have tools in place to protect their privacy and their ability to do their vital work. We're committed to protecting those who use our service to advocate for equality, individual freedoms, and human rights."
However, Twitter isn't the only social networking website whose activist community has been targeted. LegalTech News' Victoria Hudgins reports that Facebook filed a civil suit against NSO Group, an Israeli surveillance company that sells hacking tools to governments. The complaint filed in the U.S. District Court for the Northern District of California claims the NSO Group infiltrated the company's WhatsApp servers through malware sent to activists, lawyers and journalists in the messaging app.
"What's unusual about this NSO and the other affiliated company [Q Cyber Technologies] named as defendants in the case … [is that] most hacking is obviously done by non-incorporated companies or corporations," Howard Fischer, a Moses & Singer partner and former senior trial counsel at the U.S. Securities and Exchange Commission, told Hudgins.
California Speaks Out on Facebook Investigation
Last week, California's attorney general gave us a few crumbs on the state's investigation of Facebook's privacy procedures after months of sidestepping questions about the inquiry.
California began its probe in June 2018 after Cambridge Analytica and Facebook took a full year to respond to the AG's questions and document requests. Since then, the company has failed to respond to a June 2019 request for answers to 19 interrogatories, six documents requests and communications from senior executives, including Mark Zuckerberg and Sheryl Sandberg. As a result, lawyers from Attorney General Xavier Becerra's office filed a petition in San Francisco Superior Court to compel Facebook to turn over the information.
"We will act when we must," Becerra said. "Today we make this information public, because we have no choice."
When asked about why California decided to take on Facebook alone while other AGs have teamed up over alleged user data infractions, Becerra said, "How do you know we are not teaming up with others?"
Google's Cooling-Off Period for Consultants Google has petitioned for tighter controls over which third-parties have access to sensitive information in an ongoing antitrust investigation led by Texas AG Ken Paxton, as well as a "cooling-off" period before those consultants can work for a Google competitor. Google specifically pointed to concerns about two consultants involved in the probe: a lawyer who repped Microsoft in antitrust cases, and a company that has worked with Russian search engine Yandex. If Google's requests are approved, some experts say consultants might drop out of the investigation without clarity on how long the cooling-off period might last. Read more from Frank Ready here.
Data Dump In a post-Cambridge Analytica world, some companies are adopting the credo that less data is more. More than half of surveyed organizations say they have a company policy to minimize personal data collection and retention, according to a report from the Coalition of Technology Resources for Lawyers (CTRL) in partnership with Osterman Research and Relativity. About 70% of respondents reported that those efforts included "stopping the collection of data that isn't necessary to the fulfillment of specific business objectives, and 64% said they were no longer storing excess data in the first place. CTRL founder and executive director Dean Gonsowski said a shift away from unbridled Big Data could indicate a deeper understanding of the regulatory risks. Read more from Victoria Hudgins here.
Just Bitcoin Me Quinn Emanuel Urquhart & Sullivan now accepts Bitcoin and other cryptocurrencies as payment. With its first client paying in Bitcoin via payment service BitPay earlier this month, the company joins a handful of firms that accept the tech-forward currency. John Quinn said the "easy and secure" payment method helps the company remain flexible with its tech sector clients. Read more from Samantha Stokes here.
Thanks for reading. We will be back next week with more What's Next.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
What's Next: Judge to Quash Twitter Subpoena | SCOTUS Won't Review Trial Ban
4 minute read
Law Firms Mentioned
Trending Stories
- 1Judge Denies Sean Combs Third Bail Bid, Citing Community Safety
- 2Republican FTC Commissioner: 'The Time for Rulemaking by the Biden-Harris FTC Is Over'
- 3NY Appellate Panel Cites Student's Disciplinary History While Sending Negligence Claim Against School District to Trial
- 4A Meta DIG and Its Nvidia Implications
- 5Deception or Coercion? California Supreme Court Grants Review in Jailhouse Confession Case
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
