Insights at the intersection of digital and mobile technology, innovation and the law
Legal Bytes will soon morph** and undergo a transformation***
Watch For It
* Metamorphosis: A noticeable change in character, appearance, function or condition.
** Morph: To undergo dramatic change in a seamless and barely noticeable fashion.
*** Transformation: A marked change in appearance or character, especially for the better.
The Advocate General of the Court of Justice of the European Union recently announced that it had delivered an opinion in connection with a number of proceedings calling for a preliminary ruling in cases involving Ireland and Austria. In Ireland, the owner of a mobile phone submits that the Irish authorities have unlawfully processed, retained and exercised control over data related to its communications. In Austria, three cases brought by the Province of Carinthia have alleged the Austrian Law on telecommunications is contrary to the Austrian Constitution.
Essentially, the top EU legal advocate is asking the EU court NOT to enforce a bad law so the legislature is afforded a chance to fix it. Seriously? That is like asking the U.S. Supreme Court not to strike down discriminatory laws and give Congress a chance to fix them. Seriously?
Continue reading “Advocate General Asks EU Court of Justice WHAT?”
An Italian company, Almax S.p.A., is selling a mannequin (price tag about $5,000) in a development that is being closely watched – literally – by retailers, consumers and, of course, regulators and privacy gurus. The new product, marketed as the EyeSee Mannequin, contains a camera embedded in the mannequins eyes, and according to the company’s website: “This product will do much more; it would make it possible to ‘observe’ who is attracted by your windows and reveal important details about your customers: age range; gender; race; number of people and time spent.”
In Europe and the United States, the mannequins are making sporadic appearances – perhaps in showrooms and even in street-side display windows, gathering data as people saunter by the store gazing into the windows. According to reports, Almax may also be testing auditory capabilities that would allow a mannequin to not only see, but to hear what customers are saying as well. Hey, did you just call that mannequin a dummy?
(Image from Almax Website)
The EyeSee Mannequin has a camera placed as an “eye” that includes facial recognition technology that records information about passersby, such as their gender and race, and the software guesstimates the approximate age of each person scanned by the camera. Typically, cameras can be used in retail stores for security, but in many jurisdictions the shop owners are required to post signs alerting consumers browsing the aisles that they are subject to being recorded. Now, the EyeSee Mannequin gives retailers the ability to collect and store information for marketing purposes – a commercial purpose that may put the technology squarely under a microscope (these vision puns really must stop), since it collects personal data about individuals without their consent. That said, the current product is only supposed to record information, not any actual photographs or image scans, but . . . it could, couldn’t it?
Need to know more about the legal implications of technology in advertising and marketing? Concerned about your rights (and wrongs) in deploying surveillance equipment and gathering data and information about customers and consumers? Are you up-to-date on the latest privacy and compliance requirements? Not sure? Need to see these issues more clearly? OK, don’t be a dummy (I mean mannequin) and consult your lawyer. Don’t hesitate to contact me, Joseph I. Rosenbaum, or the Rimon lawyer with whom you regularly work. We would be happy to see you, hear you and help you.
In a recent interview with Travis LeBlanc, California’s Special Assistant Attorney General for Technology, Amy Mushahwar and Joshua Marker of Rimon’s Data Privacy, Security & Management practice, obtained some interesting insight on California’s new Privacy Protection and Enforcement Unit. Mr. LeBlanc addresses current and upcoming privacy trends, and the focus of California’s enforcement actions.
You can read the entire discussion and the insights obtained right here: Rimon Attorneys Interview Travis LeBlanc, of California’s New Privacy Protection and Enforcement Unit
As always, if you need help or more information, contact the Rimon lawyers mentioned above; me, Joseph I. Rosenbaum; or any of the Rimon lawyers with whom you regularly work.
On May 10, 2012, I had the privilege of making a presentation at the IAPP Canada Privacy Symposium 2012. The title of my presentation was "Social and Mobile and Clouds, Oh My!" and it addressed some of the emerging issues in privacy, data protection and surveillance that arise as a result of globalizing technology and the convergence of social media, mobile marketing and cloud computing.
As part of that presentation (and as I have started to do for some time now in other presentations), I raised the issue of how lawyers, the law, legislators and regulators often use words to describe activities – words rooted in tradition or precedent – that are no longer applicable to the activity in today’s world. "Privacy" is such a word, although "not applicable" perhaps is too harsh. Obviously the word has significant applicability in a wide variety of situations. But "invasion of privacy" has become a knee-jerk reaction to virtually every information-gathering activity, even information readily and publicly available and, in some cases, posted, disclosed or distributed by the very individual whose privacy is alleged to have been "invaded."
Please feel free to download a PDF of my presentation, "Social and Mobile and Clouds, Oh My!" [PDF] (Note: Embedded video file sizes are too large to include), and let’s start a conversation about how we use words and how they wind up in laws and regulations. Lawyers work with words. Use them artfully and they provide powerful structures within which society, commerce and all forms of human endeavor function. Use them improperly and they cause confusion, uncertainty, inconsistency and inherently inequitable outcomes.
Seems like I am not the only one to point this out. Take a look at the insightful comments by John Montgomery, COO of GroupM Interaction, North America, as reported in a MediaPost RAW posting on Social Media entitled: If Marketing Terms Could Kill.
Kudos John. I’m with you. Let’s get it right.
FYI, Rimon has teams of lawyers who have experience and follow developments in privacy and data protection, information security and identity theft. If you want to know more, if you need counsel or need help navigating, or if you require legal representation in this or any other area, feel free to call me, Joseph I. ("Joe") Rosenbaum, or any of the Rimon lawyers with whom you regularly work.
Earlier today, Secretary of Commerce John Bryson and Federal Trade Commission Chairman John Liebowitz outlined the Obama administration’s strategy for ensuring “consumers’ trust in the technologies and companies that drive the digital economy.” On the heels of their announcement, and although it is dated January 2012, the Department of Commerce released a long-awaited report entitled “Consumer Data Privacy in a Networked World, A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy,” the administration’s roadmap for privacy legislation and regulation in the years ahead.
The announcement and privacy blueprint envisions a comprehensive and integrated framework for data protection, rather than the current sector-patchwork-quilt approach, and is comprised of four key pillars: (1) a consumer privacy bill of rights; (2) a multi-stakeholder process and approach dealing with how such a bill of rights would apply in a business context; (3) more effective enforcement; and (4) greater commitment to harmonization and cooperation in the international community.
The Report outlines the seven principles of its proposed Consumer Privacy Bill of Rights and, although calling for legislation and regulation to codify and memorialize these rights, also sets out consumer privacy standards that companies are asked to immediately and voluntarily adopt in a cooperative public-private partnership. These seven principles are:
The Report notes that a company’s adherence to the voluntary codes will be viewed favorably by the FTC in any investigation or enforcement action for unfair and deceptive trade practices. By implication, a company that does not adopt and follow these principles might be used as evidence of a violation of Section 5 of the FTC Act, even if federal legislation is not passed on the subject. The FTC is expected to soon release its Final Staff Report on Consumer Privacy that will be consistent with the Obama administration’s proposed Framework Report. The report reinforces the administration’s commitment to international harmonization, and also touches upon the role state attorneys general in the United States can play. While we are still reviewing the details – and more will likely be forthcoming from the administration in the weeks and months ahead – Legal Bytes will keep you on top of these developments as they arise.
You can read the entire report right here: Consumer Data Privacy in a Networked World, A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.
These are developments that affect all businesses, domestic and multi-national, global and local, consumers and regulators. The complexity and challenges of compliance should not be underestimated, nor should the administration’s commitment to follow the roadmap outlined. Rimon has teams of lawyers who have experience and follow developments in privacy and data protection, from prevention and policy to compliance and implementation. If you want to know more, need counsel, need help navigating, or if you require legal representation in this or any other area, feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon lawyers with whom you regularly work.
A few days ago (October 17), the Mobile Marketing Association released its MMA Mobile Application Privacy Policy, which the MMA asserts is the first industry guideline to deal with data protection and privacy specifically related to mobile and wireless applications. The guideline being made available for comment is slated to be finalized sometime after November 18, 2011, when the MMA’s comment period is scheduled to close. The press release notes that there are currently more than 425,000 iPhone/iPad apps available from Apple’s App Store, and more than 200,000 available for Android.
The document is intended to deal with some of the basic privacy principles and text that developers should consider incorporating into mobile apps to let consumers know how their data is collected and used, as well as information regarding confidentiality and the security of information that becomes available when a consumer installs and uses a mobile app. Obviously, legal disclaimers and disclosures and issues related to privacy and data protection are quite jurisdiction-specific, and compliance will always require consultation with legal counsel to be sure mobile, and all other online and other applications and processes, conform to the legal requirements of each jurisdiction that applies to consumers for that application or process.
Rimon’s offices around the world are open, coordinating with our Advertising Technology & Media law practice group, ensuring that lawyers knowledgeable in data protection and privacy, as well as in mobile technology and marketing, are available to help you. As always, if you want to know more about how lawyers who understand can help your business, feel free to contact me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.
Someone in the payment instrument, payment processing, or payment systems environment must be living under a rock if he or she has not heard of or been affected by the Data Security Standards (DSS), or “PCI-DSS” as it has been referred to in the industry, promulgated and released by the Security Standards Council of the Payment Card Industry Association (PCI). Although the original impetus for the credit-card-driven security standards was combating identity theft and credit card fraud in the wake of the data breaches and compromised (or potentially compromised) databases containing sensitive consumer payment account information, the standards have become the de facto starting point for any compliance security standard in the payment industry.
Last week, the PCI Security Standards Council released new comprehensive guidelines for PCI compliance in virtual card holder data environments dealing with consumer payment system and payment transaction security in a virtual environment. Rimon lawyers who work in this area consistently and who have a wealth of experience with information security and financial services, have put together a client alert entitled: "Is the PCI Security Standards Counsel Preparing for Cloudy Weather?"
Credit, debit and prepaid cards; smart cards and chip cards; gift cards and stored value cards; co-branded cards and loyalty rewards programs; corporate cards, fleet cards and purchasing cards; data protection and privacy; information security, identity theft and data breaches; micro, digital and virtual payment systems – E Commerce; The Fair Credit Reporting Act; Regulation E; Regulation Z; Credit Card Act of 2009 (see Credit Card Act of 2009: Act I, Scene 1 or just search the Legal Bytes blog)! Do any of these terms apply to you? Talk to us. It’s what we do. Contact any of the lawyers listed in the Alert, contact me, or contact the lawyer at Rimon with whom you routinely work, and we will make sure we help you or connect you to someone at Rimon who will be happy to do so.
Sens. John Kerry (D-Mass.) and John McCain (R–Ariz.) have introduced a bill in Congress to legislatively enable a statutory bill of rights for consumers with respect to commercial privacy. You can read the full text of the Commercial Privacy Bill of Rights Act of 2011 (PDF), and Rimon will have a more complete analysis for your reading enjoyment soon; but the bill clearly intends to require that as little data about an individual is collected as possible, and give individuals a right to know how their information is being used. At first reading, the bill does not provide a private right of action, but does contemplate a self-regulatory program, perhaps a nod to the industry initiative that is highlighted in a recent Legal Bytes posting “OBA Self-Regulatory Initiative Gets Boost from Yahoo! & Google.” You can search for privacy, behavioral advertising and/or self-regulatory on our site and you will find more about this on the Legal Bytes blog.
It may be too early to tell just how much faith Congress has in the industry initiative. That said, it would seem somewhat foolish – given that the FTC and many Congressional leaders have argued for and applauded industry self-regulatory measures – not to afford an industry-sponsored, dynamic, self-regulatory program, a chance to work. As we’ve seen so many times before, along with the technology, consumers’ expectations of privacy, their tastes, commercial needs and sensitivities often change rapidly.
As always, if you need guidance for your advertising and marketing efforts, or privacy and data-protection counsel from lawyers who have experience and resources aligned to deal with these issues every day, feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work.
In connection with an announcement by the Mobile Marketing Association, Joe Rosenbaum was interviewed by London-based, Rita Di Antonio, Journalist and Editor of DataGuidance (and Managing Editor of Data Protection Law & Policy), a publication of Cecile Park Publishing Ltd. You can read the article online “MMA to discuss ‘comprehensive mobile privacy guidelines’ during January forum”, or download your own copy in PDF Format.