Social Media
Subscribe to Social Media's Posts

In with the New, Part III: 2014 Privacy, Advertising and Digital Media Predictions

Boston-based litigation partner Matt Turnell shares his predictions about class action litigation under the Telephone Consumer Protection Act (TCPA) and Electronic Communications Privacy Act (ECPA) in 2014 and Boston-based white-collar criminal defense and government investigations partner David Gacioch shares his predictions about government responses to data breaches.

Class Action Litigation Predictions

2014 is already shaping up to be an explosive year for privacy- and data-security-related class actions.  Last December’s data breach at Target has already led to more than 70 putative class actions being filed against the retailer.  With recently disclosed data breaches at Neiman Marcus and Michaels Stores—and possibly more to come at other major retailers—court dockets will be flooded with these suits this year.  And consumers are not the only ones filing class actions; banks that have incurred extra costs as a result of the data breaches are headed to court as well, with at least two putative class actions on behalf of banks filed so far against Target.

That volume of litigation related to the Target data breaches likely will be matched by a steady stream of class actions filed under the TCPA.  2013 was a busy year for the TCPA docket and I expect that the Federal Communications Commission’s (FCC) stricter rules requiring express prior written consent from the called party, which took effect in October 2013, means that 2014 will be just as busy since the majority of TCPA class actions seek statutory damages for companies’ failure to obtain consent before making autodialed or prerecorded voice calls or sending unsolicited text messages or faxes. 

In 2014, I expect to see key decisions under the ECPA related to social media platforms and email providers capturing and using content from customers’ emails and other messages for targeted advertising or other purposes.  One district court has already denied a motion to dismiss an ECPA claim challenging this conduct and I predict that other decisions are forthcoming this year.  Needless to say, decisions in favor of class-action plaintiffs in this area could have major implications for how social media sites and email providers do business.

Matt Turnell, Partner

Government Responses to Data Breaches

As significant data breaches continue to dominate the news, public awareness of data privacy and security issues will increase, as will their political appeal.  I expect to see in 2014:

  • Record numbers of breach reports to state and federal regulators, as awareness of reporting obligations spreads further and further across data owner, licensee, broker and transmitter groups;
  • More states committing more enforcement resources to data privacy and security, including budget dollars and dedicated attorney general’s office units;
  • More state/federal and multi-state coordination of investigations, leading to increased settlement leverage by enforcement authorities vis-à-vis firms under investigation; and
  • Greater numbers and dollar values of settlements by the Federal Trade Commission (FTC) and state attorneys general than ever before.

Similarly, with the HIPAA Omnibus Final Rule going into effect on September 23, 2013, coupled with the late-2013 Department of Health and Human Services [...]

Continue Reading




read more

Data Privacy Day 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet.  Our panel of speakers discussed significant U.S. data privacy and protection events from 2013 and shared thoughts about what’s ahead for 2014 in U.S. data privacy and protection.  You may download the presentation slides here.

We hope you find our presentation materials informative.   Of course, please do not hesitate to contact any member of the Of Digital Interest editorial team with questions or comments.




read more

LinkedIn Claims Breach of Contract by Bot Users

LinkedIn, the social networking site popular among professionals, recently filed suit in the US District Court for the Northern District of California against unknown users who deployed automated software programs known as “bots” to register thousands of fake LinkedIn profiles and “scrape” LinkedIn’s servers for member data.

The complaint alleges that the bot users scraped LinkedIn’s member data to create a service that would compete with LinkedIn Recruiter, a service used by 16,000 clients and companies, including 90 of the Fortune 100 companies to search for job candidates.  LinkedIn alleges that the fake member profiles damages “the integrity and effectiveness of LinkedIn’s professional network,” including the “accuracy and integrity” of the information contained on the site.  LinkedIn argues that members trust LinkedIn and expect that members’ professional profiles are legitimate.

One of LinkedIn’s claims is that the unknown users who created and deployed the bots users “willfully, repeatedly, and systematically” breached the LinkedIn User Agreement by registering thousands of fake LinkedIn profiles and copying data from many member profile pages.  As is typical of most online services, a LinkedIn user must, as part of creating an account, affirmatively agree to the User Agreement: “By clicking Join LinkedIn, you agree to LinkedIn’s User Agreement, Privacy Policy and Cookie Policy”.  The User Agreement expressly states that it is a “legally binding agreement with LinkedIn Corporation” and includes provisions that specifically bar members from owning multiple accounts, creating false identities or using any “means or processes” to harvest data from LinkedIn’s website and services.  In addition to its presentation on the “Join” webpage, the User Agreement is displayed through a link on LinkedIn’s homepage.

While the facts of the complaint seem to clearly indicate that the bot creators violated LinkedIn’s User Agreement, we are interested to see how the court treats the breach of contract claim because it may shed light on how businesses can help to ensure the enforceability of their online agreements.  We will further explore the enforceability of online agreements in future posts.




read more

Privacy and Data Protection: 2013 Year in Review

Privacy and data protection continue to be an exploding area of focus for regulators in the United States and beyond. This report gives in-house counsel and others responsible for privacy and data protection an overview of some of the major developments in this area in 2013 around the globe, as well as a prediction of what is to come in 2014.

Read the full report here.




read more

Welcome to McDermott’s Of Digital Interest Blog

Welcome to McDermott’s Of Digital Interest blog!

The global digital economy continues to rapidly expand and we can only imagine where technological innovation will take us next.  Every day companies are developing new and exciting ways to leverage the Internet and digital connectivity to make businesses more efficient, improve individual outcomes, facilitate customer engagement and maximize the power and value of data.

At the same time, privacy, data security, digital advertising and online consumer protection continue to be among the fastest growing areas of the law around the globe.  In the digital realm, jurisdictional lines can be crossed in nanoseconds, and this compounds compliance challenges.  With more than 50 attorneys in our group around the world, McDermott’s international, multi-disciplinary team of lawyers work hard to keep abreast of important developments and trends so we can help our clients meet those challenges.

This blog is the natural extension of those efforts and it is designed to provide legal professionals and risk managers with practical insights into regulatory developments, industry trends and current issues impacting the digital environment.  From major developments in privacy and data security, to new strategies for legitimizing cross-border data transfers, to coverage of hot topics like user tracking and geolocation, and the latest trends in the specialized field of online advertising, internet promotions and beyond, we expect that this blog will serve as a trusted resource for professionals who are responsible for managing data and compliance in the digital age.

We hope you find Of Digital Interest to be both interesting and helpful and we welcome your feedback.  If you have questions or topic suggestions, please let us know via the “Contact Us” form or feel free to reach out to one of the editors directly.

Heather Egan Sussman and Rohan Massey
Co-chairs, McDermott’s Privacy and Data Protection Practice




read more

Consumer Data Privacy Update for Marketers, Part 1: Children’s Online Privacy Protection Act Amendments

New technologies enable marketers to collect and analyze more — and more specific— data than ever before.  Marketers can track consumers across the internet and mobile applications, and can deliver advertising based on consumers’ interests inferred from the collected data.  In theory, consumer tracking enables marketers to present advertising to consumers who are predisposed to a specific product or service, producing a higher purchase rate and transaction price, and a greater return on investment in marketing activities.

While these new technologies make advertising and marketing more targeted and efficient, they also present new challenges for marketers.  Although a majority of consumers understand the “pay with data” model through which websites, mobile applications and other digital services are made available at no cost, they do not want advertisers to track them or to aggregate the tracking data into so-called “big data” databases.  Consequently, consumer digital privacy has been the subject of many recent news articles – from lawsuits filed by consumers against email service providers and social media platforms for undisclosed data mining to senatorial requests to data brokers for transparency.

In this four-part series, we will highlight of some recent developments in consumer data privacy law and suggested steps for marketers on how to address them.

Children’s Online Privacy Protection Act Amendments

The Children’s Online Privacy Protection Act (COPPA) is a federal statute enacted in 1998 that requires operators of commercial digital services to provide parental notification and obtain verifiable parental consent prior to collecting personal information from children under 13.  To implement COPPA, the Federal Trade Commission (FTC) issued a set of regulations known as the Children’s Online Privacy Protection Rule (COPPA Rule).  On December 19, 2012, the FTC released amendments to the COPPA Rule which became effective July 1, 2013.

The amended COPPA Rule enhances online privacy protection for children and makes digital services’ operators more accountable for data collection activities involving children under age 13.  Notable for marketers is a new liability standard for third-party service providers.  Specifically, effective July 1, 2013:

  • The operator of “children-directed” (i.e., intended for children under age 13) online or mobile websites and services is strictly liable for actions of independent third parties – including social media plug-ins – on/through its website and mobile services if the third party is acting as its agent or service provider or if the operator benefits by allowing the third party information collection; and
  • A software plug-in, ad network or similar party that collects information on or through a third-party’s online or mobile website or service now is liable under COPPA if that party has actual knowledge it is collecting personal information on a children-directed platform.

The amended COPPA Rule makes several other key changes to the original COPPA Rule, including:

  • An expanded definition of personal information to include geo-location information, a child’s photo or audio or video file, screen or user names, and persistent identifiers, such as information held in a cookie, an IP address, a mobile device [...]

    Continue Reading



read more

To Track or Not to Track

October 21, 2013 Digital advertising based on tracking users’ interests and related privacy concerns have been the subject of many recent news articles. What does this mean for businesses?  Evolving industry practices and new legislation relating to online privacy and user tracking likely require changes to online privacy practices and policies.

To read the full article, click here.




read more

STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law