Mailing List

Popular Articles

Recent Articles

Follow Us

Archive for 'Internet Legislation'

New Senate Cybersecurity Bill May Expand Government Surveillance Pressures on Cloud Companies

Written by on Friday, March 20th, 2015

Privacy groups are raising alarms in response to the Senate Intelligence Committee’s Introduction of a new cybersecurity bill: the Cybersecurity Information Sharing Act of 2015 (“CISA”).  The text of the current bill has been made available for viewing at this link.

According to a National Journal report discussing the proposed legislation, the bill “is intended to help forestall cyberattacks like the one that crippled Sony Pictures last year.”  The two key features of the bill are data sharing with regard to cybersecurity and liability protections for companies that participate.

As you might expect, the opposition to this bill already being raised is that it imposes new surveillance pressures on companies and provides virtually no protection to the individual.  The Electronic Frontier Foundation (“EFF”) has already posted a scathing statement of opposition to this bill on its website, arguing that the bill grants to companies very broad powers to protect information systems with the sole restriction that no “substantial” harm arises from the action, and that it also authorizes companies to the broad powers to conduct monitoring on information systems which can broadly be used to conduct surveillance of individuals.  The EFF’s position is as follows:

This fatally flawed bill must be stopped.  It’s not cybersecurity, but a surveillance bill.

Wired reports that the concern of other privacy advocates is that the bill would permit the sharing of personal data that goes beyond just stopping cybersecurity threats, but to also allow sharing for the stated purpose of preventing terrorism, the imminent threat of death or serious bodily harm, and even the investigation of crimes having nothing to do with cybersecurity.

After reviewing the text of the proposed bill myself, I would agree with the vocal opposition on this bill that there is a reason that the Senate Intelligence Committee is proposing this type of legislation that has little to do with preventing cyber attacks:  to increase the surveillance powers of the federal government and to encourage broader corporate cooperation and participation in these surveillance activities.  I would also argue that this type of legislation, if enacted, has the potential to disproportionately affect cloud-based software and Internet companies, co-opting them into providing enhanced governmental surveillance of their customers.

I can understand why Silicon Valley’s tech community might be hesitant to take a position in opposition to a bill that California’s own Senator Diane Feinstein has been supporting, but I would argue that this is an issue that the software industry, and particularly, the cloud industry, should step up to the plate on and strongly oppose, given the fact that data collection is such an integral part of the online software business and revenue model.  This type of legislation, if passed, has the potential to put such companies in the undesirable position of conducting what amounts to surveillance activities on its customers on behalf of the government, which is not a position that most Silicon Valley companies would probably like to find themselves in.   It takes the surveillance gathering that has been going on since 9/11 to an entirely new level.

The Silicon Valley Software Law Blog will keep you posted on developments with this legislation as they arise.

Category: Internet Legislation, Software Legislation  |  Comments Off on New Senate Cybersecurity Bill May Expand Government Surveillance Pressures on Cloud Companies

California Governor Signs Bill Prohibiting Nondisparagement Clauses in Consumer Contracts

Written by on Wednesday, September 10th, 2014

California has just added a new type of clause to the list of clauses that violate public policy in the state: the non-disparagement clause.

Governor Jerry Brown has just signed AB 2365, which prohibits companies from including nondisparagement clauses in consumer contracts, including online terms of service.

The bill–nicknamed the “Yelp” bill–prohibits now the inclusion of any clause for the sale or lease of consumer goods and services from which waives the consumer’s right to make a statement about the seller or lessor or its employees and agents, or concerning the goods or services.  The bill also makes it unlawful to “otherwise penalize a consumer for making any statement protected under the bill.”

AB 2365 imposes penalties of $2,500 for the initial violation and $5,000 for each subsequent violation, as well as an additional penalty of $10,000 if the violation was “willful, intentional, or reckless.”  The bill authorizes the affected consumer, the Attorney General, or the district or city attorney to file the claim. 

The San Francisco Business Times is reporting that that this bill was adopted in direct response to a Utah case of a couple who received a demand of $3500 from retailer that they had criticized online.

As you might expect, Yelp has already publicly responded by applauding the signing of the law bearing its nickname.

This law has widespread implications for virtually any company engaged in business on the Internet, and any business entering into contracts, where the consumer or lessee is based in California.  Thus, if you do business in the U.S., you now have a new constraint on what you can put in any contract or legal document, including Internet document, that your company adopts or signs.

While it goes without saying why Yelp would support the enactment of this kind of legislation, as an technology transactions attorney who drafts and negotiates contracts for a living, I find this level of government intrusion into private contracts absolutely appalling, as its application is going to go far beyond the narrow set of circumstances that the law was enacted to address.  Plus, the impact of the adoption of this bill is going to be very far-reaching and force companies in all 50 states–not just California–to modify their standard contracts, even their service contracts.

Perhaps it is time to take this issue to Congress–at which point we in the business world will then have the opportunity to see just how far the Yelp lobby’s influence actually extends.

Category: Internet Legislation, Software Legislation  |  Comments Off on California Governor Signs Bill Prohibiting Nondisparagement Clauses in Consumer Contracts

President Obama Unveils New Consumer Privacy Initiative: The Consumer Privacy Bill of Rights

Written by on Saturday, February 25th, 2012

President Obama yesterday unveiled his new consumer privacy initiative, as was announced on the White House website.  To view the full text of the initiative, click here.

The purpose of the initiative is to urge Congress to adopt a Consumer Privacy Bill of Rights, which codifies the following:

  1. Individual Control: Companies should give consumers control over the personal data that they share and how companies collect, use, or disclose that data.  They should be given clear and simple choices that enable them to make meaningful decisions about data collection, use and disclosure.  Companies should give consumers the opportunity to limit or withdraw consent that are as easy as the methods for granting initial consent.
  2. Transparency: Consumers have the right to easily understandable and accessible information about companies’ privacy and security practices.  Companies should provide clear descriptions of what data they collect, why they need the data, what they will do with the data, when they will delete or de-identify it from customers, and whether and for what purposes they may share the data with third parties.
  3. Respect for Context: Consumers have the right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context that consumers provide the data.  Important considerations for context are the age and sophistication of customers.  Children and teenages should have greater protections than adults.
  4. Security: Consumers have a right to secure and responsible handling of personal data.  Companies should maintain reasonable safeguards to control risks such as loss, unauthorized access, use, destruction, modification, and improper disclosure.
  5. Access and Accuracy:  Consumers have a right to access and correct personal data in usable formats in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  6. Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.  Companies should collect only the personal data they need to accomplish purposes specified under the context, and they should dispose or de-identify personal data once they no longer need it.
  7. Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to ensure they are adhering to the Consumer Privacy Bill of Rights.  Companies should be accountable to enforcement authorities and to consumers and companies should hold employees responsible for adhering to these principles.  Where appropriate, companies should conduct full audits.  If companies disclose data to third parties, they should ensure at a minimum that the recipients are under contractual obligations to adhere to these principles.

The initiative also asserts that the legislation should provide the FTC and State Attorneys General with the specific authority to enforce the Consumer Privacy Bill of Rights.

My initial reaction to the President’s announcement is mixed.  As a consumer of the Internet who spends 95% of my day online, I am sick and tired of getting tracked all over the Internet.  I find it very annoying to have advertisements pop up for somewhere I have shopped or thought about shopping online, and as soon as another advertisement pops up, I inevitably check all my computer settings and delete cookies and do what I can to stop being tracked.  However, it seems as though nothing works–or at least nothing works for long.  So, I agree that all this Internet tracking is overly intrusive and an annoyance.

At the same time, as an attorney in the Internet and Software space, I am strongly concerned by the fact that the President is proposing more government regulation over the Internet and more enforcement authority over the Internet.  I agree with many of my legal counterparts who believe that the intrusion of more government regulation over the Internet is a hornet’s nest: the Internet has no borders, so if the United States government is allowed to police the Internet to a greater extent than it is currently doing, why shouldn’t other governments be allowed to do the same?  And where do you draw the line?  Philosophically, I think there is a very good argument that the federal government should not be empowered with the ability to step up its regulatory and enforcement authority over the Internet.

Putting aside my general concern over the federal government increasing its regulatory and enforcement powers in the Internet space, my next concern is that we may be imposing a HIPAA like regime over all businesses and not just the ones that handle personal health information.  Is that really a good idea?  Moreover, my understanding is that as a result of The Affordable Care Act, the government is now trying to coerce companies to turn over HIPAA information to the Department of Health and Human Services.   If this is in fact happening, what is to stop the government from doing the same thing with other personal information once they have further regulatory authority?  It’s bad enough that I’m being tracked by businesses all over the Internet, but the idea that Uncle Sam might be doing it is even worse.

And, then there is the concern that this initiative would be duplicating existing laws.  We already have a law to protect children’s personal information on the Internet: the Children’s Online Privacy Protection Act (“COPPA”).  We also have state privacy legislation that presumably this law would supersede.

Finally, as a lawyer for software and Internet companies, you have to be concerned about how this new privacy initiative will impact their existing business models.  Many of my clients rely on the collection of this personal information to drive their revenues, as the websites rely on advertising and the sharing of data to make money.  Will this new initiative have the ultimate effect of putting some Internet and software companies out of business?

Of course, at the moment, these are just my initial reactions to the President’s announcement.  His initiative is merely a proposal to demonstrate to consumers who are likely voters that he is looking out for their well-being in an election year.  Indeed, the initiative does  not even rise to the level of a bill being introduced to Congress.  Moreover,  I would argue that the initiative contains largely “feel-good” language without any real teeth, so for now, my concerns about what happens next are simply speculation on my part about what Congress could do with the initiative, or alternatively,  what the Federal Trade Commission might do on its own accord without any legislation being  passed in Congress.

Still, as much as I personally dislike being tracked all over the Internet, I am troubled by the signals that the President is sending us through his announcement and concerned that expanding consumer privacy protection powers is just the first step to a further expansion of U.S. government regulatory powers over a global Internet.  While at a personal level I would like to draw the proverbial line in the sand on Internet tracking, I worry about what the impact of actually allowing the federal government to draw a line in the sand for us will be on the further development of the Internet.  For those of you who brush off this question, you should remember that the Internet does not have physical borders.  So, where exactly do we draw the line between the U.S. government’s regulation of the Internet and another government’s regulation of the Internet?  I think we need to stop to consider these questions very carefully before we start contemplating the further  expansion of federal powers over the Internet–even if those powers may be directed at reigning in a business practice that many of us find intrusive and annoying.

Category: Internet Legislation, Software Legislation  |  Comments Off on President Obama Unveils New Consumer Privacy Initiative: The Consumer Privacy Bill of Rights

Copyright 2008-2017 The Prinz Law Office.

The Prinz Law Office | Silicon Valley | Los Angeles | Orange County | San Diego | Atlanta | Tel: 1.800.884.2124

Silicon Valley Office: 2033 Gateway Place, Suite 500, San Jose, CA 95110 (408) 884-2854. Los Angeles Office: 3110 Main St., Building C, Santa Monica, CA 90405. (310) 907-9218. Orange County Office: 100 Spectrum Center Drive, 9th Floor, Irvine, CA 92618. (949)236-6777. San Diego Office: 4455 Murphy Canyon Road, Suite 100, San Diego, CA 92123. (619)354-2727. Atlanta Office: 1000 Parkwood Circle, Suite 900 Atlanta, Georgia 30339. (404)479-2470

Serving Silicon Valley, San Jose, San Francisco, Los Angeles, Santa Monica, Silicon Beach, Irvine, Anaheim, Orange County, San Diego, Atlanta. Licensed in California & Georgia.