Posted on

California CPRA – CCPA 2.0

On Election Day in California, voters will not only be determining choices among candidates standing for election, but they will also be deciding the fate of Proposition 24, referred to as the California Privacy Rights Act (CPRA).  Proposition 24 is intended to build upon the California Consumer Privacy Act (CCPA) that came into force at the beginning of 2020. Among other things, the CPRA would create a California Privacy Protection Agency, a new regulatory agency that would ultimately take over privacy enforcement responsibility from the Office of the California Attorney General.

Among the areas that would be affected by the CPRA would be a clear ban on discrimination against anyone choosing to ask a company to delete their information and opt-out of marketing communications, stronger rights to prevent data sharing by companies (e.g., cross-context behavioral advertising), clearer mechanisms to enable consumers to correct information that is not accurate and a requirement that companies tell consumers how long they plan to retain the information.

Proposition 24 would also legitimize marketing and promotional schemes that offer consumers a discount or access to benefits in exchange for voluntarily disclosing personally identifiable information (e.g., in the context of rewards or loyalty programs).  Privacy and data protection proponents and opponents have long debated whether consumers should have an option to pay for privacy – viewed as a logical consequence of offering benefits in exchange for information that can be used for marketing and promotional purposes.

Since the CCPA came into force, companies have already been scrambling to comply.  If Proposition 24 passes and CCPA 2.0 comes into force, companies will again have to review and likely revamp their policies and practices to deal with the added new compliance obligations. Just as significantly, a separate California Consumer Privacy Agency would likely end up brining many more enforcement actions since protecting the privacy rights of California consumers will be its only mission.  Proponents of Proposition 24 say that may well be a good thing for California consumers, but they also argue that an agency solely focused on data protection will also mean more clarity, consistency and guidance surrounding some of the nuances of the California requirements.

Stay tuned. Election day is only a week away.

Posted on

California Consumer Privacy Act (CCPA)

Although amended twice (September 13th and October 11th of 2018) after its initial passage by the California State Legislature and being signed into law by Governor Jerry Brown in June of 2018, the California Consumer Privacy Act (California Civil Code Section 1798.100) (“CCPA”) becomes effective with the new year (January 1, 2020).

Although it is intended to protect and afford California residents with certain rights (in some areas, greater or somewhat different than the European Union’s General Data Protection Directive 2016/679), it affects non-profit entities that do business in California, and that collect personal information of consumers and either has annual gross revenues over $25 million OR buys or sells personal data of 50,000 or more consumers/households OR earns over half its annual revenue from selling consumer personal information.

If your organization fits into any of those categories, you are required to establish, put into place and maintain reasonable security procedures and practices to protect consumer data and to afford California residents the right to know what personal data is being collected about them; to know whether and to whom the consumer’s personal data is sold or disclosed; to refuse to permit the sale of their personal data; to access their personal information; and to ask you to delete personal information collected from them.  The law also prohibits discrimination against any consumer for exercising any of their privacy rights under the CCPA.

While many business have been busily amending their agreements with suppliers, service providers and likely have been presented updated and revised contracts with “CCPA” amendments in order to ensure those in the chain of collection, storage, handling, distribution and use are in compliance, if you do any business in or with California residents, don’t forget to update your privacy policies and any terms of use that apply to your websites, e-commerce and online/mobile presence generally.  Those sites, even those that do not require any registration or input directly from consumers, almost certainly will be collecting information that is covered by the broad definition of “personal information” under the CCPA.

If you would like to know more about the CCPA or have any questions about this post, don’t hesitate to contact me Joe Rosenbaum, or any of the Rimon lawyers with whom you regularly work.

 

Posted on

Fake News, Troubled Celebrity Endorsements & Social Media

On Tuesday, July 24, 2018, I had the privilege of presenting a live, interactive, video-conference program and course entitled “A Perfect Storm: The Intersection of Fake News, Celebrity Endorsements & Social Media,” sponsored by Lawline.
The course was broadcast live and also recorded at Lawline’s Studio in lower Manhattan and is now available for on-demand viewing at Lawline.com. With permission, I have also posted a PDF of the PowerPoint visuals used during the presentation (although you will not be able to see the embedded videos) and you can view or download a copy for your personal use right here: A Perfect Storm: The Intersection of Fake News, Celebrity Endorsements & Social Media

As always, if you need more information, you can contact me directly (Joe Rosenbaum) or any of the Rimon attorneys with whom you regularly work.

Posted on

Now That the FCC Has Acted . . . .

In case you missed it (see my previous Legal Bytes post Inter Net Neutrality), the International Law Office was kind enough to post an adapted version of the article in its IT & Internet Newsletter.   If you are not already a subscriber to ILO, you can read a PDF version of my post, Internet Neutrality, right here.  Now that the FCC has rolled back the Obama-era regulations, the battle continues to rage over whether that is good or bad for the Internet, the economy, innovation and each of the groups aligned on one side or the other of this fray.

Note for you historical buffs – the Internet was made available to commercial enterprises in 1981.  By 1984, “.com” had overtaken .gov, .mil and .edu as the largest URL suffix and it wasn’t until recently, during the FCC’s tenure under President Obama, that new regulations regarding neutrality were implemented.  I know, I know, times have changed – but be mindful that someone far wiser than I noted: “Those who cannot remember the past are condemned to repeat it.

Posted on

Inter Net Neutrality

What an interesting play on words.  According to the Merriam-Webster dictionary, “inter” is a verb that means “to deposit (a dead body) in the earth or in a tomb.”

Earlier this week, the Chairman of the U.S. Federal Communications Commission (FCC) outlined plans to bury the Internet rules promulgated under the Obama administration that required providers of Internet services to treat all web traffic equally.  Those rules, among other things, limit the ability of ISPs to favor content or customers, to block or slow down the online services they provide.  Under the proposed changes, ISPs (wired and wireless) would be allowed to offer web-based services at different speeds and differing quality of service.  In addition, they could enable more favorable speed or quality, or both, for websites that paid a fee – as long as that relationship was disclosed.

Over the years, a lively and heated debate over the nature and extent of regulation needed to protect consumers without stifling innovation has continued.  Proponents of eliminating the rules claim that allowing the market to create different financial and performance models will spur investment and the development of technology, while critics argue that consumer prices would increase and so would barriers to entry and start-up costs for new companies.  Critics point to the airline industry (where the FCC net neutrality rules have never been applicable) as an example of the potential for harm – one U.S. air carrier provides easy access to one online video service which has paid the airline for such priority status, while others are not enabled with the same speed or quality.

Under the previous administration, the Internet and ISPs (both wired and wireless) were treated as utilities, virtually excluding them from regulatory oversight by the Federal Trade Commission (FTC), whose fact-based, case-by-case, analytical approach to regulation is generally perceived as more suitable (and friendly) for emerging technology and evolving markets.  Based on Chairman Ajit Pai’s remarks, in another reversal of the prior administration’s approach, it appears the FCC is now willing to share oversight with the FTC and have the FTC be responsible for monitoring ISP disclosures, determining if consumers are being harmed and determining whether these firms are engaging in anti-competitive or unfair trade practices.  The FCC indicated it plans to enact the new rules early in the new year.  Stay tuned.

If you have any questions or want more information about this or any Legal Bytes’ post, don’t hesitate to contact me, Joe Rosenbaum, a New York based partner at Rimon, P.C., or any of the other lawyers at Rimon with whom you regularly work.

 

 

Posted on

The Antitrust Division Finds the Nails

– By Stephen Díaz Gavin

Just yesterday (Monday, November 20th), as Stephen Diaz-Gavin’s article “For Want of a Nail: The AT&T – Time Warner Merger” was posted on Legal Bytes, the Antitrust Division of the U.S. Department of Justice (“DOJ”) filed a lawsuit opposing the merger in the U.S. District Court for the District of Columbia, asking that the proposed merger and related transactions be permanently enjoined.  The lawsuit is a significant departure from U.S. antitrust policy in recent years, which has generally permitted vertical mergers and, as we pointed out in our original post, highlights the problems in not having availed themselves of the FCC’s  public interest review to address the concerns about the merger, publicly.  AT&T  immediately responded that it will defend the merger, but win or lose, one thing is a sure thing – approval of AT&T’s $85.4 billion entry into the content production business — is no longer a sure thing. You can read the full text of the DOJ Complaint and again, if you have any questions feel free to contact Stephen Díaz Gavin directly. Of course, you can always contact me, Joe Rosenbaum, a Partner at Rimon in New York or any of the lawyers at Rimon with whom you regularly work.

 

Posted on

For Want of a Nail: The AT&T – Time Warner Merger

– By Stephen Díaz Gavin

In Poor Richard’s Almanack, Benjamin Franklin included his own version of an old proverb : “For the want of a nail the shoe was lost, For the want of a shoe the horse was lost, For the want of a horse the rider was lost, For the want of a rider the battle was lost, For the want of a battle the kingdom was lost, And all for the want of a horseshoe-nail.” In the case of AT&T’s proposed $85.4 billion purchase of Time Warner Communications, for want of the Federal Communications Commission (“FCC”), the battle might now be lost.

When the merger was announced, AT&T confidently predicted that the deal would get the regulatory “green light”, from the FCC and the Antitrust Division of the U.S. Department of Justice (“DOJ”) portraying the deal as a classic “vertical” merger that removed no competitors from any market. Mindful that AT&T was still smarting from its 2011 failure to convince the FCC to permit its acquisition of T-Mobile in a horizontal merger, AT&T wanted to avoid FCC review, if at all possible.  AT&T and Time Warner maintained this situation was different.  They pointed to the fact that both DOJ and FCC had allowed a large vertical merger to proceed in 2011 when Comcast was permitted to acquire NBC Universal from General Electric.  Just this past February, Time Warner reported to the Securities and Exchange Commission (“SEC”) that it did not plan to transfer any of its licenses to AT&T, so FCC approval would not be necessary. Curiously, few questioned AT&T’s suggestion that there was no role for the FCC because the licenses did not themselves provide service to the public, even though the Communications Act applies to all radio licenses, not just those intended to provide direct service to the public. Apparently a sure thing only weeks ago, the acquisition has  run into significant regulatory difficulties and the DOJ has now raised the prospect that AT&T will have to divest either the Turner Broadcasting unit, which includes CNN and other popular channels, or its DirecTV business.

So what is happening now and why? Consider the political landscape for one. There has been considerable bipartisan political opposition to AT&T’s acquisition of Time Warner. Both leading Republican and Democratic members of Congress have spoken skeptically of the merger. Indeed, despite some relatively benign requirements (not including any divestitures), the DOJ approved the Comcast/NBC Universal merger with no divestiture obligations on Comcast. It is no coincidence that opposition to the Comcast acquisition was largely from programmers and public interest groups, but not, as is the case here, politicians as well.

Comcast and AT&T already control 62.3% of U.S. high-speed internet broadband capacity – significant market power and the capability, as internet service providers, to engage in strategies intended to block competitors. Public interest groups and content providers have again raised the concern that like Comcast before it, AT&T will now itself be a programmer with an incentive for anti-competitive behavior. On the programming side, “competitors” like Google, Amazon.com Video, Facebook and others are dependent on ISPs like Comcast and AT&T to reach users. Some officials at DOJ are also apparently frustrated with AT&T trying to circumvent the regulatory process by creating a sense of “inevitability” around approvals and although behavioral safeguards were imposed in the Comcast/NBC approval, there has been growing concern these have not been successful in preventing abuses.

If the AT&T/Time Warner merger fails, it may well be for want of the FCC’s involvement at the very outset. For many reasons, this entire situation might well have been avoided if AT&T had bit the bullet and sought review by the FCC, along with DOJ. Not doing so, bypasses the public notice and comment procedures and disregards the “safety valve” provided by same public airing of the issues. Although impossible to know at this point, perhaps the public interest emphasis of the FCC might even had taken some pressure off the DOJ to look at more drastic alternatives, such as divestitures of key assets. Instead of the FCC that would have considered imposing “public interest” conditions on the merger, AT&T must now deal with a DOJ Antitrust Division head who believes only in structural remedies, such as divestitures.  We may never know if want of the FCC, like the want of a nail, will cause the battle to be lost, but it increasingly looks that way.

This posting was adapted and extracted from a more detailed Client Alert written by Stephen Díaz Gavin, a Partner in Rimon’s Washington, D.C. office and coordinator of Rimon’s Affiliation with Studio Legale Palmieri in Rome, Italy. You can read the entire alert, entitled “AT&T’s Multibillion Dollar Purchase of Time Warner Might Fail for Not Involving FCC,” and if you need more information, feel free to contact Stephen Díaz Gavin directly. As always, if you need any assistance you can always contact me, Joe Rosenbaum, a Partner at Rimon in New York or any of the lawyers at Rimon with whom you regularly work.

Posted on

Global Social Media Handbook

I am proud to be among the 22 legal professionals, including 7 of my colleagues at Rimon, who contributed and co-authored a new book entitled Handbook on Global Social Media Law for Business Lawyers, published by ABA Publishing. This comprehensive work, sponsored by the Business Law Section of the American Bar Association, was co-edited by Valerie Surgenor, a partner in the Glasgow, Scotland, law firm MacRoberts LLP and John Isaza, my friend and partner here at Rimon, P.C.   Although principally focused on the United States, there are contributions from foreign lawyers in key regions around the world, including Canada, the European Union, Australia, Russia and Asia.

The Handbook deals with national and international law principles and emerging issues related to social media law, ethics, compliance and governance, including cybersecurity, cyber terrorism and risk management in a social media environment (e.g., hacking, corporate espionage, data loss and data breach); intellectual property issues in social media;  defamation, “fake news” and social media;  implementation of a social media crisis plan; use of social media as a tool in recruitment of employees and the privacy implications to employers;  promotional, endorsement and social media disclosure guidelines promulgated by the Federal Trade Commission in the US; and recent trends in UK and European social media legislation and regulation.  There is a separate chapter that discusses information and records management within the context of social media.

If you are interested, you can order a copy directly from the ABA (Handbook on Global Social Media Law for Business Lawyers) and of course, if you need more information or want to discuss your particular requirements with knowledgeable and experienced professionals, feel free to reach out to me, Joe Rosenbaum, or to any of the lawyers at Rimon with whom you work with regularly.

 

Posted on

First Joint Consultations May Foreshadow Effectiveness of Privacy Shield

–  Stephen Díaz, Partner, Rimon, P.C. &  Claudio Palmieri, Of  Counsel Rimon, P.C. (Principal, Studio Legale Palmieri –Rimôn Italia)

On October 6, 2015, the Court of Justice of the European Union invalidated the so-called “Safe Harbor” that previously governed data transfers between the U.S. and the EU (Case C-362/14 – Maximillian Schrems v. Data Protection Commissioner, 6 October 2015).

As you already know if you read our Legal Bytes’ posting in May concerning the US-EU Data Transfer Privacy Shield, personal data cannot be transferred to from the EU to a non-European Union/European Economic Area country, unless that country can ensure “adequate levels of protection” for such personal data. While the European Commission had identified a number of countries that met the ‘adequate protection’ test, the United States was not one of them and without the Safe Harbor understandings, transatlantic exchanges of data – both for commercial and national security reasons – were at risk of being non-compliant with EU regulations!  In an attempt to temporarily address the data transfer issues, the EU and the U.S. proposed a new framework for exchanges of personal data for commercial purposes, known as the EU-U.S. Privacy Shield (“Privacy Shield”) which was formally launched on July 12, 2016.

Further complicating matters, a new EU General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.    In furtherance of a formal and more permanent agreement under the Privacy Shield and in contemplation of the new regulations, representatives of the U.S. and the EU have announced they will meet in Washington, DC during the week of September 18, 2017, for the first Annual Review of the Privacy Shield.  In advance of the meeting, the EU’s official Working Group (WP 29) sent the European Commission their recommendations and consistent with previous pronouncements, they believe the meeting should focus on enforcement of rights and obligations, as well as changes in U.S. law since the adoption of the Privacy Shield.  WP29 recommended discussions focus on these issue and that any formal agreement must deal with both commercial, as well as law enforcement and national security access.

These concerns and considerations are explored in more detail in our full Client Alert: No Certainty in Future of Privacy Shield as Transatlantic Consultations Set to Begin and it is clear that the September consultations may well be an indication of whether the Privacy Shield will prove an adequate regulatory regime for the transatlantic transfer of personal data and whether meaningful progress is likely in the current environment.

If you would like more information, a better understanding or need guidance regarding compliance with these regulations, contact Stephen Díaz Gavin, a Rimon Law Partner based in Washington, DC or Claudio Palmieri is of counsel to Rimon, P.C. and the principal of Studio Legale Palmieri –Rimôn Italia in Rome, Italy. Of course you can always contact me, Joe Rosenbaum, or any of the lawyers at Rimon with whom you regularly work.

 

Posted on

Net Neutrality: Is the Cease Fire Over?

By Stephen Díaz Gavin  *

The way the U.S. Government regulates the Internet is back in play again. The outcome of the long running battle over “net neutrality” and regulation of the Internet – now more than 15 years old — is still uncertain. However, it is clear that the Federal Communications Commission (FCC) is stepping back from the stronger supervision of Internet Service Providers (ISPs) adopted in March 2015 under former FCC Chairman Tom Wheeler at the insistence of former President Obama.
On May 18, 2017, the FCC voted to release a Notice of Proposed Rulemaking (NPRM) to step back from the agency’s controversial March 2015 decision to treat ISPs as “common carriers” under Title II of the Communications Act. Instead, the “proposed rule,” will revert to classifying ISPs as providers of an “information service” and return jurisdiction over ISPs privacy practices to the Federal Trade Commission (FTC) – a clear indication of the direction the FCC will take under the current administration.
Law professor Tim Wu coined the term “net neutrality” in 2003.  As the FCC’s current Chairman Pai recently noted in an interview in the Wall Street Journal, the term “[i]s one of the more seductive marketing slogans that’s ever been attached to a public policy issue”.  Who can be against “leaving the Internet alone?” (“Why ‘Net Neutrality’ Drives the Left Crazy,” Wall Street Journal).   Apparently, many believe that it should not be left alone: the FCC received nearly 1.25 million comments submitted via the Internet in the three weeks following FCC Chairman Pai’s announcement that he intended to reconsider the Title II rules; nearly all opposing the proposal.
At the core of the dispute is the tension between the ISPs on the one hand, and streaming content providers like Netflix and Amazon, as well as Internet giants like Google and Facebook on the other.
Consumers fear a slowdown in service. The ISPs maintain the March 2015 common carrier regulation decision will stifle investments and ultimately produce what consumers fear:  a slower Internet.  Indeed, in the NPRM the FCC cited a decline in investment since the March 2015 Order in support of changing the rules.  The clash of interests highlights how outdated the old ways of government oversight of telecommunications have become. The Communications Act of 1934, was originally enacted to monitor the monopoly telephone provider at the time (ATT), based on the model of regulating railroad service and freight rates under the Interstate Commerce Act of 1887 – hardly a relevant basis for overseeing the backbone of 21st century technology.
The common carrier regulatory model prohibits additional charges for streaming content providers, which could be viewed as discriminatory. However, such a regulatory structure does not account for how ISPs pay for upgrades to maintain service quality as consumer demand increases for such content streaming.  Video content producers that stream large volumes of data, slow up Internet connections. Although the largest ISPs have agreed voluntarily not to charge the Netflix and Amazons of the world for doing so, where must the money come from in order to continue to upgrade capacity to maintain high speed download?  Retail consumers are concerned about higher rates, surcharges or deliberate “slowing” of service, yet these same consumers are customers of over-the-top online video gaming and streaming services that consume huge amounts of capacity.  Consumers always want more and faster service and they want it at the lowest price.
Given the current Republican majority, the FCC will likely eliminate Title II regulation of ISPs as it has proposed.  However, the decision can and will again be challenged in the courts (as has every prior rule on net neutrality).  Even if upheld by the courts, only Congress can define ‘net neutrality’ once and for all and give some degree of regulatory certainty to the regulations (which can be changed by a Democratic majority just as easily as the current Republican controlled FCC has done to the Obama era rules).
Net neutrality is now a hot political issue and despite current Republican majorities in both the House and Senate, it is uncertain whether a working majority in both exists that can adopt legislation to guide the FCC.  No matter who you are, in the debate over net neutrality, clearly nobody is neutral. Until Congress acts to give some greater definition to the term, successive FCC Chairmen will be able to reinterpret net neutrality as they see fit.

* This post was derived and adapted from a Rimon Law Client Alert “No Peace in Sight for Net Neutrality” by Stephen Díaz Gavin, who you can contact directly for more information.