Tag:

Privacy & Security

Are Tech Companies Doing Enough to Combat Social Media’s Harmful Effects?

Today, we have entire generations of people who do not know life without the internet. Social medial plays a central role in the lives of these individuals. Originally created to serve a purely social function, social media platforms have changed. Many consumers even use sites like Twitter, Snapchat, and Instagram as their primary source of news. In addition, social media is an integral marketing tool for many businesses. No matter its function, no one can deny the presence of social media in our everyday lives. The impact of social media is so profound that it is worth considering its negative effects. In particular, social media companies must be cognizant to their platform’s impact on adolescents. Many Americans, mainly parents, feel social media companies are not doing enough. But are they required to do more? Should the government become involved, similar to their involvement in the Facebook privacy controversy?

CCPA Updates—Draft Guidance

The California Consumer Privacy Act (CCPA) has been the first step away from the sectoral approach that United States’ privacy laws have followed for many years. While it is set to take effect on January 1, 2020—only recently was the first draft guidance published. Set forth by California’s Attorney General, Xavier Becerra, it states how the CCPA will be enforced. As is standard in notice and rulemaking standard in administrative law, a public consultation period is now in effect and will remain open for comments and hearings until December 6, 2019.

A US Data Privacy Law That Bites, Hopefully

Despite industry groups’ and tech companies’ numerous efforts over the past few months to water down and ultimately halt the first-ever U.S. data privacy law, the California Consumer Privacy Act of 2018 (“CCPA” or “the Act”), the CCPA now has its final language set on September 13, 2019, the end of California’s legislative calendar, and will go into effect on January 1, 2020. The goal is to give California residents control of their personal information collected and processed by companies.

HIPAA Simplification Compliance Review Now Underway

The Health Insurance Portability and Accountability Act (HIPAA) and the Patient Protection and Affordable Care Act (ACA) jointly create national standards for electronic transactions, code sets, and unique identifiers. The ACA introduced Administrative Simplification provisions in 2010 and now the Centers for Medicaid and Medicare Services (CMS) has launched a Compliance Review Program to ensure that HIPAA covered entities are abiding by the Administrative Simplification rules.

Exploring COPPA through the FTC’s Complaint against TikTok

The Children’s Online Privacy Protection Act (“COPPA”) prohibits unfair or deceptive collection, use, and disclosure of the personal information of children on the internet. COPPA covers both website operators and app developers, and prevents collection of personal information without verified, written consent of parents. On February 27, 2019, the Federal Trade Commission (“FTC”) filed a complaint in U.S. District Court against TikTok, previously known as Music.ly. The complaint alleged that Music.ly knowingly violated COPPA when it collected data from children without written consent of parents. Music.ly settled for $5,700,000.00, the largest civil penalty obtained by the FTC for violations of COPPA.

FCPA Establishes Corporate Regulation of Text Messaging Apps

On March 12, 2019, the Department of Justice (“DOJ”) announced revisions of the Corporate Enforcement Policy in the Foreign Corrupt Practices Act. The changes now require company oversight of ephemeral messaging apps used by any employee, stock holder, or agent who discusses business records via the messaging platform. Publicly traded companies must now establish internal compliance policies to review use of ephemeral messaging services, provide ongoing oversight of the messaging services, and may want to completely prohibit the use of such messaging apps for business purposes.

Data Privacy Rules Step Up to the Next Level

The Federal Trade Commission (“FTC”) recently proposed two amendments to the Privacy Rule and Safeguards Rule under the Gramm-Leach-Bliley Act (“GLBA”). The Safeguards Rule requires financial institutions to develop, implement, and maintain a comprehensive information security system. This rule went into effect in 2003. The Privacy Rule requires financial institutions to inform customers about its information-sharing practices and allows customers to opt out of having their information shared with certain third parties. This rule went into effect in 2000. The recent amendments to these two rules are intended to further protect consumers’ data from third parties. However, the changes could also adversely affect businesses. 

Rush University Medical Center’s 2019 Privacy Breach Incident

In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.

The Value of Privacy: How Facebook Paid for Access to the Personal Data of Teens and Adults

On January 29, 2019, TechCrunch released an investigation finding that Facebook had been paying users as young as 13 for unlimited access to their data. Facebook marketed the application, not available through the iOS app store, to users aged 13-to-35 by offering to pay $20 per month plus referral fees for downloading and using a “Facebook Research” app. The app, once downloaded, provided Facebook with unrestricted access to all private data on the users iPhone including messages, photos and videos, and website usage. This was not the first app launched by Facebook to track user’s data, Apple removed a similar app called Onavo from the app store in 2018. This app is a clear violation of the 2011 consent decree Facebook signed with the Federal Trade Commission.

Facebook’s Watching… For Now

Ever since the Facebook and Cambridge Analytica scandal, concerns surrounding data privacy and protection have been growing. Both government agencies and individual users have particularly been concerned on how their data is being collected and used on social media websites such as Facebook. Germany has taken action in response to such concerns and recently took a step against Facebook’s collection of data in a decision that outlawed Facebook’s entire advertisement regime.