Mailing List

Popular Articles

Recent Articles

Follow Us

Archive for February, 2012

President Obama Unveils New Consumer Privacy Initiative: The Consumer Privacy Bill of Rights

Written by on Saturday, February 25th, 2012

President Obama yesterday unveiled his new consumer privacy initiative, as was announced on the White House website.  To view the full text of the initiative, click here.

The purpose of the initiative is to urge Congress to adopt a Consumer Privacy Bill of Rights, which codifies the following:

  1. Individual Control: Companies should give consumers control over the personal data that they share and how companies collect, use, or disclose that data.  They should be given clear and simple choices that enable them to make meaningful decisions about data collection, use and disclosure.  Companies should give consumers the opportunity to limit or withdraw consent that are as easy as the methods for granting initial consent.
  2. Transparency: Consumers have the right to easily understandable and accessible information about companies’ privacy and security practices.  Companies should provide clear descriptions of what data they collect, why they need the data, what they will do with the data, when they will delete or de-identify it from customers, and whether and for what purposes they may share the data with third parties.
  3. Respect for Context: Consumers have the right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context that consumers provide the data.  Important considerations for context are the age and sophistication of customers.  Children and teenages should have greater protections than adults.
  4. Security: Consumers have a right to secure and responsible handling of personal data.  Companies should maintain reasonable safeguards to control risks such as loss, unauthorized access, use, destruction, modification, and improper disclosure.
  5. Access and Accuracy:  Consumers have a right to access and correct personal data in usable formats in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  6. Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.  Companies should collect only the personal data they need to accomplish purposes specified under the context, and they should dispose or de-identify personal data once they no longer need it.
  7. Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to ensure they are adhering to the Consumer Privacy Bill of Rights.  Companies should be accountable to enforcement authorities and to consumers and companies should hold employees responsible for adhering to these principles.  Where appropriate, companies should conduct full audits.  If companies disclose data to third parties, they should ensure at a minimum that the recipients are under contractual obligations to adhere to these principles.

The initiative also asserts that the legislation should provide the FTC and State Attorneys General with the specific authority to enforce the Consumer Privacy Bill of Rights.

My initial reaction to the President’s announcement is mixed.  As a consumer of the Internet who spends 95% of my day online, I am sick and tired of getting tracked all over the Internet.  I find it very annoying to have advertisements pop up for somewhere I have shopped or thought about shopping online, and as soon as another advertisement pops up, I inevitably check all my computer settings and delete cookies and do what I can to stop being tracked.  However, it seems as though nothing works–or at least nothing works for long.  So, I agree that all this Internet tracking is overly intrusive and an annoyance.

At the same time, as an attorney in the Internet and Software space, I am strongly concerned by the fact that the President is proposing more government regulation over the Internet and more enforcement authority over the Internet.  I agree with many of my legal counterparts who believe that the intrusion of more government regulation over the Internet is a hornet’s nest: the Internet has no borders, so if the United States government is allowed to police the Internet to a greater extent than it is currently doing, why shouldn’t other governments be allowed to do the same?  And where do you draw the line?  Philosophically, I think there is a very good argument that the federal government should not be empowered with the ability to step up its regulatory and enforcement authority over the Internet.

Putting aside my general concern over the federal government increasing its regulatory and enforcement powers in the Internet space, my next concern is that we may be imposing a HIPAA like regime over all businesses and not just the ones that handle personal health information.  Is that really a good idea?  Moreover, my understanding is that as a result of The Affordable Care Act, the government is now trying to coerce companies to turn over HIPAA information to the Department of Health and Human Services.   If this is in fact happening, what is to stop the government from doing the same thing with other personal information once they have further regulatory authority?  It’s bad enough that I’m being tracked by businesses all over the Internet, but the idea that Uncle Sam might be doing it is even worse.

And, then there is the concern that this initiative would be duplicating existing laws.  We already have a law to protect children’s personal information on the Internet: the Children’s Online Privacy Protection Act (“COPPA”).  We also have state privacy legislation that presumably this law would supersede.

Finally, as a lawyer for software and Internet companies, you have to be concerned about how this new privacy initiative will impact their existing business models.  Many of my clients rely on the collection of this personal information to drive their revenues, as the websites rely on advertising and the sharing of data to make money.  Will this new initiative have the ultimate effect of putting some Internet and software companies out of business?

Of course, at the moment, these are just my initial reactions to the President’s announcement.  His initiative is merely a proposal to demonstrate to consumers who are likely voters that he is looking out for their well-being in an election year.  Indeed, the initiative does  not even rise to the level of a bill being introduced to Congress.  Moreover,  I would argue that the initiative contains largely “feel-good” language without any real teeth, so for now, my concerns about what happens next are simply speculation on my part about what Congress could do with the initiative, or alternatively,  what the Federal Trade Commission might do on its own accord without any legislation being  passed in Congress.

Still, as much as I personally dislike being tracked all over the Internet, I am troubled by the signals that the President is sending us through his announcement and concerned that expanding consumer privacy protection powers is just the first step to a further expansion of U.S. government regulatory powers over a global Internet.  While at a personal level I would like to draw the proverbial line in the sand on Internet tracking, I worry about what the impact of actually allowing the federal government to draw a line in the sand for us will be on the further development of the Internet.  For those of you who brush off this question, you should remember that the Internet does not have physical borders.  So, where exactly do we draw the line between the U.S. government’s regulation of the Internet and another government’s regulation of the Internet?  I think we need to stop to consider these questions very carefully before we start contemplating the further  expansion of federal powers over the Internet–even if those powers may be directed at reigning in a business practice that many of us find intrusive and annoying.

Category: Internet Legislation, Software Legislation  |  Comments Off on President Obama Unveils New Consumer Privacy Initiative: The Consumer Privacy Bill of Rights

Is the OPEN Act a More Viable Alternative to SOPA?

Written by on Wednesday, February 22nd, 2012

Now that SOPA and its companion bill PIPA have been tabled thanks in no small part to the statement made by the online community in organizing the SOPA blackout, the focus shifts to the Online Protection and Enforcement of the Digital Trade Act (the “OPEN Act”), H.R. 3782, which was introduced by Rep. Darrell Issa (R-California) on the same day as the SOPA blackout as an alternative to SOPA and PIPA. As PC World reported, supporters of the OPEN Act include Google, Facebook, LinkedIn, and Twitter, but as you might expect, the Motion Picture Association of America opposes the bill as being too easy on internet piracy.

What are the key provisions of the OPEN Act? Well, unlike in SOPA, the OPEN Act gives the International Trade Commission (“ITC”) enforcement action and focuses on foreign-based websites that willfully promote the violation of copyright law. If the ITC finds that a website is “primarily and willfully” promoting the violation of copyright law, the OPEN Act allows the ITC to issue a cease and desist order against the website and to render the infringing site unable to make a profit off of the infringing activities. Congressman Issa has set up an interactive website, where you can read the full text of the bill and comment on the provisions. Also, he has provided a summary and explanation of the bill, which you can read here.

Obviously, the OPEN Act provides a far less drachonian approach to dealing with infringing foreign websites than what was contemplated by SOPA, which would have allowed full websites to be completely “erased” from the Internet. Instead, the OPEN Act’s approach goes to the heart of the problem: cutting off the ability of infringers to make a profit off of their infringement. So, in that respect, the OPEN Act is definitely improvement over SOPA. Also, there is an argument that the ITC is a more appropriate body to hear these kinds of disputes, since the agency already has been tasked with the job of addressing unfair import disputes, where intellectual property violations are involved. Furthermore, this bill focuses on the problem of infringement by foreign websites, so it targets the real source of concern over infringement as opposed to usurping existing methods of dealing with domestic infringers.

On the other hand, you certainly can argue that the process of pursuing an ITC hearing may be too cumbersome for some U.S. businesses to pursue, where they are being infringed by a foreign website. And, of course, it fails to address the issue of how to deal with infringement by foreign websites where those websites are not openly profiting off the infringement. Furthermore, it’s not clear yet exactly how this new solution for dealing with infringement would interplay with the existing methods of dealing with infringers.

All in all, however, I think the OPEN Act is a much more palatable proposal for dealing with infringers, and that this bill is a far better working document than what we had on the table with SOPA and PIPA.  At the same time, I  think that the whole concept of adopting new legislation to deal with online infringers is still a work in progress  warranting further consideration before any new legislation is adopted.  I personally am still not overly happy with the Digital Millenium Copyright Act (“DMCA”) and would have liked to have seen more consideration given to that bill before it was adopted.  I would argue that we need to stop and give further consideration to the whole body of copyright infringement law before we start adopting new legislation to deal with the same problems that the prior legislation attempted to deal with.

My colleague Professor Eric Goldman of Santa Clara School of Law reviewed this proposed legislation back in December, and had some very interesting comments to add to the discussion, which were republished by Ars Technica.   His overall assessment was that the OPEN Act was an improvement over SOPA and PIPA and should be the working document for a new bill, but that it still required significant work before adoption.

I think it is safe to say that there is a general feeling out there that current copyright law does not provide enough protection against offshore infringers.  As a practitioner in this space, I regularly have to tell clients what their options are to deal with offshore infringement and inevitably they are less than satisfied with the options available to them to deal with this type of problem.  I think the question for us all is how best to fill in the gaps in existing law that make stopping offshore infringement out of reach for so many domestic copyright owners.  I would agree with Professor Goldman that we aren’t quite there in coming up with a workable solution to these issues.

Category: Software Legislation  |  Comments Off on Is the OPEN Act a More Viable Alternative to SOPA?

Copyright 2008-2017 The Prinz Law Office.

The Prinz Law Office | Silicon Valley, CA | Los Angeles, CA | Orange County, CA | San Diego, CA | Atlanta, GA | Tel: 1.800.884.2124

Mailing Address: 117 Bernal Rd., Suite 70-110, San Jose, CA 95119. Silicon Valley Office: 2033 Gateway Place, Suite 500, San Jose, CA 95110 (408) 884-2854. Los Angeles Office: 3110 Main St., Building C, Santa Monica, CA 90405. (310) 907-9218. Orange County Office: 100 Spectrum Center Drive, 9th Floor, Irvine, CA 92618. (949)236-6777. San Diego Office: 4455 Murphy Canyon Road, Suite 100, San Diego, CA 92123. (619)354-2727. Atlanta Office: 1000 Parkwood Circle, Suite 900 Atlanta, Georgia 30339. (404)479-2470

Serving Silicon Valley, San Jose, San Francisco, Santa Cruz, Los Angeles, Irvine, Anaheim, Orange County, Santa Monica, Silicon Beach, Santa Barbara, San Diego, Sacramento, Atlanta. Licensed in California & Georgia.