Posted on

Look! Out the Window! It’s a Peeping Tom! No, It’s Google Street View.

The recorded legal enforcement of privacy dates back to at least 1361, when Justices of the Peace Act in England provided for the arrest of Peeping Toms and eavesdroppers. In the 1760s, English Parliamentarian William Pitt wrote: “The poorest man may in his cottage bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow though it; the storms may enter; the rain may enter – but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement.” Translation: One’s home is one’s castle.

The right to be free from unlawful searches and seizures and intrusions into one’s home is among the earliest expressions of the legal right to privacy. Today, privacy has been woven into the fabric of the laws and regulations of most countries throughout the world. The Preamble to the Australian Constitution states: “A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organizations to intrude on that autonomy. Privacy is a key value which underpins human dignity and other key values such as freedom of association and freedom of speech. Privacy is a basic human right and the reasonable expectation of every person.” The 1948 Universal Declaration of Human Rights may well be the first multi-national, international legal document moving privacy to the level of a legally enforceable principle, noting that no one should be subject to arbitrary interference with privacy, family, home or communication, nor attacks on honor or reputation, and that each individual should have the right to legal protection against such interference or attack. In 1965, the Organization of American States proclaimed the American Declaration of the Rights and Duties of Man, which called for protection of numerous human rights, including the right of privacy.

We’ve come a long way. Today, Google’s Peeping Toms are roving street cars equipped with cameras and are allegedly violating privacy rights left and right as they roam through your neighborhood. If you hadn’t heard, Google reported earlier this year that in the course of its Street View automobiles roaming the streets of cities in more than 30 countries, its picture-capturing vehicles had also accidentally gathered data over unsecured Wi-Fi systems. Oops! Some of Google’s woes stem from mistakenly collecting data it allegedly should not have, although many privacy advocates and some regulators are protesting the actual picture-taking itself – even though the streets are public – not just the inadvertent capture of such data. Google has agreed to delete Wi-Fi data collected accidentally and has apologized (e.g., New Zealand, United Kingdom) for collecting personal data (e.g., personal emails, passwords) from wireless networks.

Although this past October (2010), the FTC in the United States indicated its inquiry into violations of privacy by Google’s Street View cars was ended – noting that Google had made efforts to increase its privacy and security processes and compliance procedures – Google is still facing a slew of questions, objections and government inquiries. Inquiries remain pending from attorneys general in a number of U.S. states, and at last count, about six or seven actual or putative class-action suits were pending.

In Germany, regulators have forced Google to agree to allow individuals to opt out of Street View and, when doing so, there will be computer-generated pixilation of their houses, instead of a photo, effectively blurring detail. Even with Google’s recent actions to bolster its compliance and sensitivity to privacy concerns, German investigators may still pursue investigations and violations. Indeed, investigations are also underway in Australia, France, Ireland, Italy and Spain.

In the “you can’t make this up” category on the subject, Legal Bytes recently saw a report that a woman in Japan is suing Google for about $7,000 for psychological damages because images of her underwear have appeared on the clothes washing/drying line outside her home displayed on Google Maps. Mainichi news service in Japan reports that part of her allegations state: “I was overwhelmed with anxiety that I might be the target of a sex crime. It caused me to lose my job and I had to change my residence.”

When do public photographs become grist for the Peeping Tom mills? What about government surveillance? Satellite photos? Drone imagery? I, for one, am giving up sunbathing on the roof from now on!

Privacy is a dynamic and evolving concept – one not uniformly dealt with or perceived around the world, or even within nations. Privacy is often blurred with identity issues or security principles, in some cases overlapping and in others just emotionally charged rhetoric. Witness the recent FTC and Department of Commerce reports, each ostensibly dealing with “privacy.” You can read about it on blogs posted by our Global Regulatory Enforcement Group, as well as right here on Legal Bytes (see, ‘Tis The Season To Issue Privacy Reports – NTIA Green Paper, Protecting Consumer Privacy – FTC Issues Staff Report and Privacy & Data Security Bills After the Midterm Elections), or search “privacy” in the search box in the left side navigation bar. But there is no substitute for getting the advice, counsel and guidance about your own particular situation from legal representatives who deal with these issues – in the United States and around the globe. So if you do need assistance, call me, Joseph I. (“Joe”) Rosenbaum, global chair of Rimon’s Advertising Technology & Media law practice, or any of the Rimon attorneys with whom you regularly work.

Posted on

Amici Curiae Brief Filed in Viacom v. YouTube Appeal

In August we reported that Viacom intended to appeal the U.S. District Court ruling in favor of YouTube and Google in the billion-dollar copyright infringement case brought by Viacom (Viacom Appeals Google/YouTube Ruling). As you may recall, the federal court decided YouTube is protected against claims of copyright infringement by the safe harbor provisions of the Digital Millennium Copyright Act. If you have not yet read the original text of the District Court decision, you can read and/or download it from Legal Bytes (Federal Court Awards YouTube Summary Judgment in Viacom Copyright Infringement Case).

Regardless of your perspective, this continues to be a closely watched legal battle, with significant implications in the determinations made by the court – not only because of the stature of the parties, but also because the issues implicate so much of the content-related activity on the Internet and the interpretation of the seminal U.S. statute that applies – the Digital Millennium Copyright Act.

Earlier this week, three academic legal scholars filed a brief in support of the Viacom entities, stating that "the central issue in this case are the legal tests for contributory and vicarious liability for copyright infringement from the use of Internet sites – in this instance, the YouTube site – to reproduce and disseminate large amounts of copyrighted material without authorization from copyright owners." The brief presents interesting and thoughtful insights into the law of copyright and protection of intellectual property rights in this age of digital information and content. If you would like to read the brief, you can download your own copy right here: Brief of Amici Curiae Stuart N. Brotman, Ronald A. Cass, and Raymond T. Nimmer In Support of Plaintiffs-Appellants.

Legal Bytes will continue to monitor developments and post significant materials that we hope will stimulate your thinking, and increase your appreciation of the complexity of the issue and the stakes in this intellectual property battle. If you would like further information, feel free to contact me, Joe Rosenbaum, or the Rimon attorney with whom you regularly work.

Posted on

‘Tis The Season To Issue Privacy Reports – NTIA Green Paper

Just a few moments ago, in their own words: "The Commerce Department Office of the Secretary, leveraging the expertise of the National Telecommunications and Information Administration ("NTIA"), the Patent and Trademark Office ("PTO"), the National Institute of Standards and Technology ("NIST"), and the International Trade Administration ("ITA"), has created an Internet Policy Task Force to conduct a comprehensive review of the nexus between privacy policy, copyright, global free flow of information, cybersecurity, and innovation in the Internet economy." That introduction prefaced the release by the NTIA of its "Green Paper" (which you can download and read), Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.  The Federal Register notice of this paper will seek public comments, noting that they will be due on or before January 28, 2011. 

While Legal Bytes and Rimon will digest the report more thoroughly and report to you in the days and weeks ahead, the report at first blush focuses on four major themes:

  • Support for Fair Information Practices Principles (FIPPS), noting the need and importance of greater transparency, consumer control and data security
  • Support for self regulation
  • Creation of a national Privacy Policy Office to coordinate voluntary, enforceable, self-regulatory programs
  • The need for greater harmonization of privacy laws and self regulation internationally

Stay tuned for further information and analysis, but if you want to be part of the conversation; if you feel you should have a voice in the discussion and are considering submitting comments; or if you simply want to better understand the implications, the interplay between this report and the recently released FTC report (see Protecting Consumer Privacy – FTC Issues Staff Report)posted on Legal Bytes December 2, 2010), please don’t hesitate to contact me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Posted on

Protecting Consumer Privacy – FTC Issues Staff Report

This post was written by Paul Bond, Chris Cwalina, Amy Mushahwar and Fred Lah.

The FTC just released its long-awaited Protecting Consumer Privacy in an Era of Rapid Change. This preliminary staff report proposes a major change in U.S. privacy law. The FTC is accepting comments on this report until January 31, 2011, and if you could be affected by these changes and would like to submit comments, or if you are considering submitting comments to the report (or perhaps you aren’t sure if you should), Rimon can help. While we are still reviewing the 123-page report in depth, we wanted to share a few thoughts from an initial reading.

The report proposes a major change in the framework of U.S. privacy law, stating bluntly: “Industry must do better.” The report notes, among other things:

  • Notice-and-consent doesn’t work. People don’t read or understand privacy notices as now written. The Commission’s view is that privacy policies have become “long” and “incomprehensible.”
  • Waiting for harm to consumers isn’t an effective way to enforce privacy norms. Harm has traditionally meant economic or physical harm. Privacy harms include reputational harms and even the emotional harm of having one’s information “out there,” or “fear of being monitored.” The new framework must address and allay these anxieties; however, there is some disagreement among the Commissioners. Commissioner J. Thomas Rosch, in his concurrence, notes “the Commission could overstep its bounds” if it were to begin analyzing these more intangible harms when assessing consumer injury.
  • Industry self-regulation is too little, too late, and has failed to provide adequate and meaningful protection.

The report challenges a number of privacy and security assumptions. The report:

  • Casts severe doubt on claims that de-identified information need not be protected, citing multiple instances and methods by which personally identifiable information (PII) can be culled from “non-name” information (e.g., IP addresses, other unique identifiers). The distinction between PII and non-PII is, the report says, “of decreasing relevance.” Consequently, the scope of the report is very broad and applies to “all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer or other device.
  • Purports to apply in the online and offline world, and not only to companies that work directly with consumers.
  • Suggests that consumers must be made aware of and consent to onward transfers of information to non-affiliates no matter what the industry, universalizing the consumer notice requirements that previously only applied to certain highly regulated industries (e.g., telecommunications, education, health care, financial services), or certain types of sensitive data (e.g., credit data, bank accounts, medical records).
  • Distinguishes between “commonly accepted data practices” and all other data practices. Borrowing from GLBA and HIPAA, using data to aid law enforcement, or in response to judicial process or to prevent fraud, would not require notice to or consent of consumers, but ALL other data practices (e.g., behavioral advertising and deep packet inspection that are explicitly named as not commonly accepted data practices) would require notice and consent in a form easy to read and understand, ideally provided to the consumer when the consumer enters his or her personal data. The report suggests opt-in consent be obtained prior to implementing any material changes to company policy that would apply to data collected under a prior privacy policy.
  • Suggests that to promote a free and competitive market, the privacy practices of companies need to be more transparent to consumers, and that consumers be given “reasonable access” to their data.
  • Notes that appropriate data-retention periods should be a legal requirement. The report sites geolocation data as especially important to phase out.
  • Endorses a “Do Not Track” mechanism, recognizing that such a mechanism would be far more complex than the National Do Not Call registry. The FTC supports either legislation or self-regulatory efforts to develop a system whereby a consumer could opt not to be “tracked.” The FTC has expressed a distinction between “tracking” and “interest-based” advertising. And, in later discussions regarding the report, the FTC has stated that it will treat first-party advertising more favorably than third-party ad servers. The FTC has not decided on the technical mechanism for creating such a registry, but it recognizes a browser-based solution – similar to the privacy plug-in on the Firefox browser or incognito mode in Google Chrome. The FTC has not indicated if opt-in or opt-out would be the default browser setting for any browser privacy technology deployed.

So what should businesses do?

First, companies should carefully review the report and all the questions made open for public comment. These are listed in Appendix A to the report, but additional questions are posed in the Commissioner dissent statements.

Second, companies should strongly consider commenting on the report. In our experience, the FTC will listen and often address business concerns. But you must be heard. Trade associations are a good place to start, but individual company voices are important, especially if you have unique issues that should be addressed.

Third, now is a good time for you to pull back and consider your privacy policies, practices and programs, and the extent to which privacy is incorporated into your everyday business practices. The report suggests every company should adopt “privacy by design,” “building privacy protections into everyday business practices,” “assigning personnel to oversee privacy issues, training employees on privacy issues, and conducting privacy reviews when developing new products and services.”

You can read and obtain a copy of the FTC’s full report here.

If you need help, want more information, want to comment, or simply require some guidance – whether counsel or representation – in an area that is of critical importance to businesses and consumers, please don’t hesitate to contact Paul Bond, Chris Cwalina, Amy Mushahwar, Fred Lah or me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Posted on

Advertising Across the Pond – In Case You Missed It

In case you missed Rimon’s Columbus Day seminar, presented by Rimon partner Marina Palomba, you can read and download a copy of the presentation right here: “A Global View on Advertising Law from the Other Side of the Pond.” The presentation covered four main areas: green claims, on-line behavioural and location-based advertising, the extension of self regulation of advertising to promotional messages on the Internet, and ambush marketing and the 2012 Olympics. Need to know more? Want to appreciate how regulation and the legal framework apply to any or all of these areas in your business? Feel free to contact Marina Palomba directly or the Rimon lawyer with whom you regularly work.

Posted on

Advertising Across the Pond – Don’t Miss This

If you haven’t already, please register for “A Global View on Advertising Law from the Other Side of the Pond” presented by Rimon partner Marina Palomba with an introduction from Doug Wood. Don’t miss this exciting and timely presentation. Follow this link to obtain more information and register: http://guest.cvent.com/d/vdqvn3/4W.

You won’t want to lose the opportunity to gain valuable insights; besides, if the economy continues to deflate the U.S. dollar and inflate the value of British Pound Sterling, Marina has intimated that the United Kingdom may attempt to simply buy the United States and make it a colony again.

Hope to see you at the seminar.

Posted on

Internet Communications – Encryption Is Not Enough

Most of us have come to enjoy the convenience of secure communications over the Internet, enabling us to feel comfortable that a broad range of commercial transactions, and remote access through virtual private networks (VPNs), as well as the transmission and retrieval of data from the Cloud, are secure – at least reasonably so. However, such communications may be less secure than people think. It has recently come to light that the processes used to authenticate the identity of the party (or organization) with whom one is communicating may actually be deeply flawed. In almost all cases, businesses and individuals alike unwittingly trust a large number of “certificate authorities” (so-called “CAs”) to essentially authenticate or vouch for the identity of the endpoints of secure communications over the Internet.

CAs hail from across the globe. Some are private entities while others are associated with, or operated by, governments – in some cases perhaps a government one may not wish to trust. Still other CAs may simply be incompetent. No matter which is the case, it is clear that these CAs have the power to facilitate man-in-the-middle wiretap exploits and “phishing” through imposter servers. Isn’t it time for general counsel and IT to work together to shore up the authentication processes, because Encryption is Not Enough

If you aren’t sure your communications are secure, or if you simply don’t know enough to determine the right questions to ask, contact Steven B. Roosa directly, or the Rimon attorney with whom you regularly work.

Posted on

Spanish Court Dismisses Copyright Action Against YouTube

In June, Legal Bytes reported [Federal Court Awards YouTube Summary Judgment in Viacom Copyright Infringement Case]that a United States federal court ruled in favor of YouTube and Google in the billion-dollar case brought by Viacom on a summary judgment motion. Just last month, we again reported that Viacom had filed notice of its intention to appeal that ruling [Viacom Appeals Google/YouTube Ruling], and a companion article written by Joseph I. (“Joe”) Rosenbaum [Viacom Appeals YouTube Copyright Ruling] has been posted on the Media & Entertainment Newsletter of the International Law Office.

Now in Spain, the Spanish Federal Court sitting in Madrid has dismissed charges brought by the Spanish broadcasting company Telecinco (Gestevision Telecinco SA), alleging that YouTube was liable for copyright infringement resulting from users uploading content and material that infringed the copyright of others. Mediaset, the Italian company that is the majority shareholder of Telecinco, is also involved in a copyright infringement action involving such video uploads, although no ruling has yet issued in that case. The ruling from the Spanish Federal Court comes on the heels of a ruling at the end of last year in France that found Google guilty of copyright infringement, but in that case, books were being scanned and excerpts put online without first obtaining permission or consent from the copyright owner. That said, earlier this month, a court in Germany ruled against Google, holding it liable for videos that were subject to the copyright of others and uploaded on YouTube.

The Spanish court essentially agreed with YouTube’s argument that it is a content-hosting platform, not directly responsible for content uploaded or posted by others. Without appearing flippant, Legal Bytes notes that, similar to Viacom’s decision to appeal the ruling in the United States, everyone who is on the losing side of these battles is (or has indicated an intention of) appealing the ruling against them.

Need to understand user-generated content, uploading videos or other content, rights of authors, and creators of content, and understand them in multiple jurisdictions around the world?  Contact Joseph I. (“Joe”) Rosenbaum, or the Rimon attorney with whom you regularly work. We can help.

Posted on

Viacom Appeals YouTube Copyright Ruling

The U.S. Media & Entertainment Newsletter of the International Law Office (ILO) has published an adaptation of the original Legal Bytes posting by Joseph I. (“Joe”) Rosenbaum discussing the appeal by Viacom of the ruling in favor of YouTube and Google in the billion-dollar case brought by Viacom. You can download or view a copy of the ILO publication, "Viacom appeals Google/YouTube ruling", and you can view the original Legal Bytes posting, Viacom Appeals Google/YouTube Ruling.

Posted on

Transcending the Cloud – Tying Up Cloud Antitrust Issues in a Bow

As you know, we have been updating our Cloud Computing initiative with a consistent stream of information – new chapters and white papers intended to provoke thought, stimulate ideas and, most of all, demonstrate the thought leadership Rimon attorneys bring to bear when new and important trends and initiatives in the commercial world give rise to new and interesting legal issues. Often, especially when words like “privacy” and “security” are thrown about, it becomes easy to overlook some of the other issues lurking in the background.

So here, from Jeremy D. Feinstein, is a glimpse at some antitrust issues. This next chapter in Rimon’s on-going series, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing,” is titled “Tying Up the Cloud,” and seeks to give you some insights into the potential antitrust and competitive issues that even customers should be aware of, if not concerned with, when considering entering the cloud.

As we continue to do, we have updated the entire work so that, along with the single chapter on “Tying Up the Cloud” applicable to antitrust, you can now access and download the PDF of our complete “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” compendium, up to date and including all the previous chapters in one document.

Feel free to contact Jeremy D. Feinstein directly if you have any questions or require legal counsel or assistance related to competition or antitrust. Make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with our latest information. Of course, if you ever have questions, you can contact me, Joseph I. (“Joe”) Rosenbaum, or Adam Snukal, or any Rimon attorney with whom you regularly work.