Photo: ShutterstockFacebook May Be the Target, But Now's the Time to Check All Privacy Policies
Facebook is facing scrutiny over alleged deals with Amazon, Microsoft and others that allowed companies to obtain users' data without their consent. It's a reminder to all in-house counsel: privacy policies need to be transparent.
March 15, 2019 at 01:00 AM
3 minute read
The original version of this story was published on Corporate Counsel
Facebook is facing another investigation, reports revealed this week, this time allegedly over deals allowing other companies to access users' data without their consent.
According to reports from The New York Times, the social media platform allowed companies to access users' data regardless of their privacy settings. Facebook didn't outline its partnerships with Microsoft, Amazon or Apple in its privacy policy. The company did not immediately respond to request for comment.
Jim Halpert, a DLA Piper partner and co-chair of the firm's data protection, privacy and security practice, said Facebook's 2011 consent agreement with the U.S. Federal Trade Commission to reduce its data sharing makes the Menlo Park, California-based company a “unique target.”
While other companies may not face as much scrutiny, he said it's still a good idea for in-house counsel to check their privacy policies and ensure they include information about where data is shared, especially as the California Consumer Privacy Act's 2020 implementation approaches. U.S. companies processing European Union residents' data already must comply with the General Data Protection Regulation.
“You need to be transparent about it. But also, preparing for the [CCPA], it will be important to map and understand those information sharing arrangements,” he said. “Under GDPR, there are sharp restrictions on sharing EU subject data with third parties.”
Under some data protection laws, including GDPR, companies are also required to ensure third parties accessing user data are secure and compliant.
Sandra Jeskie, a partner at Duane Morris, said outside of the CCPA, the U.S. still doesn't have many laws limiting companies' ability to share user data or outlining requirements for privacy policies. But that is likely to change, she added, as federal legislators debate a national data protection law. Many states are in the process of creating their own legislation.
“People have seen GDPR, they're now seeing [CCPA], and of course there's been some very significant, high-profile data breaches of information,” Jeskie said. “Certainly, legislators are much more cognizant of the privacy protections, and I think we're starting to see a change in the U.S. consumer version of what information should be protected and not. We're seeing some momentum for a national privacy law.”
To comply with the CCPA and GDPR and keep consumer trust, companies should outline in detail their privacy practices. Jeskie and Halpert said some companies treat privacy policies more like a short media statement than a source of in-depth information for consumers.
As legislators and consumers grow more aware of potential cyber risks, it's important for companies to understand what user data they're collecting, why they're collecting it and how they're sharing and storing it, Jeskie said, so they're able to share that information with users.
She noted privacy policies may change over time as the company launches new products and features. Customers need to be notified when that happens.
“In the [CCPA], in the privacy policy itself it's required that you have to describe the process by which you're going to notify consumers, to the extent that they have material change to the privacy policy,” Jeskie said. “So if you're doing something that is different, sharing additional information … when you have those kinds of changes, you really need to make sure that you present that notification.”
|This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Elon Musk Names Microsoft, Calif. AG to Amended OpenAI Suit
- 2Trump’s Plan to Purge Democracy
- 3Baltimore City Govt., After Winning Opioid Jury Trial, Preparing to Demand an Additional $11B for Abatement Costs
- 4X Joins Legal Attack on California's New Deepfakes Law
- 5Monsanto Wins Latest Philadelphia Roundup Trial
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
