Test 4 - Internet Law, Social Media, and Data Privacy

Anticybersquatting Legislation

The Anticybersquatting Protection Act (ACPA) makes cybersquatting illegal when the following are true 1. The domain name is identical or confusingly similar to the trademark of another 2. The one registering, trafficking in, or ussing the domain name has a "bad faith intent" to profit from that trademark

The Children's Online Privacy Protection Act (COPPA) (US FED LAW

The Children's Online Privacy Protection Act (COPPA) mandates that commercial websites,which direct online services to children under 13, or that knowingly collect information from them, inform parents of their information practices, and obtain verifiable parental consent before collecting, using, or disclosing persona linformation from children In addition to posting a privacy policy, these websites must also adhere to enumerated information-sharing restrictions

The Fair Information Principles. In order to conform with the Fair Information Principles, a Privacy Policy generally includes statements regarding the following:

(1) the sources from which personal information is collected (2) specifically how the collected personal information is used;• (3) with whom the collected personal information is shared;• (4) an option allowing consumers to opt out of the disclosure of personal information to third parties;and• (5) the steps taken to protect the collected personal information.

Digital Millenium Copyright Act (DMCA) of 1998

Established civial and criminal penalties for anyone who circumvents encyption software or other technological antipiracy protection prohibits manufacture/sale of devices or services for circumvention

Four Critical Issues with Fair Information Principles (US FED LAW)

The Fair Information Principles. Four criticalissues: (1) notice - information practices must be disclosed before personal information is collected (2) choice - consumers must be given options as to how collected personal information can be used beyond the purpose for which it was provided; (3) access - consumers should be able to check the accuracy and completeness of personal information collected; (4) security - reasonable steps must be taken to assure consumers that the personal information collected is secure from unauthorized use..

Meta Tags

key words that give internet browsers specific information about a web page can be used to increase the likelihood that a site will be included in search engine results, even if the site has nothing to do with the key words using another's trademark in a meta tag without the owner's permission normally constitues as an infringement

Cookie

A small file from a website and stored in a user's Web browse rto track the user's Web browsing activities.

Digital Millennium Copyright Act Allows Fair Use•

Allows Fair Use • The DMCA does not restrict the "fair use" of circumvention methods for educational and other noncommercial purposes, such as to test computer security and to enable parents to monitor their children's use of the Internet. Limits Liability of Internet Service Providers • Under the DMCA, an ISP is not liable for copyright infringement by its customer unless the ISP is aware of the subscriber's violation.• An ISP may be held liable only if it fails to take action to shut down the subscriber after learning of the violation.

Identifying the Author of Online Defamation

Because postings on online forums are anonymous, an initial issue raised by online defamation is simply discovering who is committing it An ISP can disclose personal information about its customers only when ordered to do so by a court.• Consequently, businesses and individuals are increasingly bringing lawsuits against "John Does" (fictitious names used in lawsuits when the identity of a party is not known or when a party wishes to conceal his name for privacy reasons) and using the authority of the courts to order ISPs to divulge the identity of the persons responsible for the defamatory remarks.

Legal Issues Pertaining to Social Media (cont'd)

Criminal Investigations Law enforcement uses social media to detect and prosecute criminals. A surprising number of criminals boast about their illegal activities on social media .Administrative Agency Investigations Federal regulators use social media posts in their investigations into illegal activities.• An administrative law judge can base her or his decision on the content of social media posts. Employers' Social Media Policies Many large corporations have established specific guidelines on using social media in the workplace.• Employees who violate these policies may be disciplined or fired from their job

Data Privacy: State Laws

Data Privacy: State Laws Numerous other states have implemented regulations for Privacy Policies. • Texas requires that "persons who require disclosure of a social security number adopt, make available, and strictly follow a PrivacyPolicy."• Nebraska and Pennsylvania have laws treating misleading statements in Privacy Policies published on Web sites as deceptive or fraudulent business practices. • Other states, such as Virginia, are in process of enacting their own CCPA-like comprehensive data privacy laws.

Other Actions Involving Online Posts

E-mails, tweets, posts, and every sort of online communication can form the basis for almost any type of tort.• In addition to defamation, suits related to online conduct may involve allegations of wrongful interference or infliction of emotional distress.

Data Privacy Policies in the past

For many years, online businesses would create a privacy policy that was very one-sided and typically granted the company a broad range of rights with respect to how and what data they collected, and how they chose to use it. Since these policies were buried in a link somewhere on the site, most users never even read the policy. By using the site and services, the users would effectively have consented to the policy.

Social Media Defined

Forms of communication through which users create and share information, ideas, messages, and other content via the Internet Examples: Facebook, YouTube, Twitter

Liability of Internet Service Providers

General Rule Under Section 230 of the Communications Decency Act (CDA), ISPs usually are treated differently from publishers in print and other media and are not liable for publishing defamatory statements that come from a third party. Exceptions • Although the courts generally have construed the CDA as providing a broad shield to protect ISPs from liability from third party content, some courts have started establishing limits to this immunity.

General Data Protection Regulation (GDPR)

Governments have made data privacy a priority in recent years. The paramount example of the this is seen in "General Data Protection Regulation 2016/679",commonly known as "GDPR", which was enacted by the European Union (EU) just a few years ago. At the time it was adopted, the EU's GDPR established the most comprehensive and consumer-friendly privacy laws in the world.

GDPR key aspects

Key aspects of the GDPR include:• Lawfulness, fairness and transparency —Data processing must be lawful, fair, and transparent to the data subject Purpose limitation — Ecommerce companies must process data for the legitimate purposes specified explicitly to the data subject when you collected it Data minimization — Ecommerce companies should collect and process only as much data as absolutely necessary for the purposes specified. Accuracy — Ecommerce companies must keep personal data accurate and up to date.

Privacy

Major social media and Internet sites have been accused of violating users' privacy rights. • The right to privacy is guaranteed implicitly by the Supreme Court's interpretation of the Bill of Rights and explicitly by some state constitutions.

Data Privacy Now

Old approach will no longer work Consumers are more sensitive than ever to how their data is collected and used by the sites they visit and have been pushing back on Ecommerce businesses and demanding more transparency and control of their data.• Government regulators and legislators have enacted a host of data privacy laws to govern the collection and use of user data. These new rules require more than a one-sided privacy policy granting broad privileges to the Ecommerce providers.• Ecommerce businesses must disclose in clear language how and what data they collect, provide the ability for users to review the data that has been collected, and must give users the right to have data deleted upon request

Privacy Policy Overall Considerations

Privacy Policies• Overall Considerations• What type of information is collected and from whatsources?• Do you use cookies or beacons?• Are you in compliance with COPPA?• Specifically, how is the collected information used?• Is the collected information shared with third partiesand with whom?• What steps are taken to ensure the security ofcollected information

Data Privacy and Related Concerns

Privacy concerns arise in any situation where personal information is collected and stored No single definition for what constitutes "personally identifying information", typically covers any information that could possibly identify a person or information about them. Ecommerce businesses that collect financial information such as bank accounts, credit cards or social security numbers must be hyper-protective of this data. For Ecommerce businesses, data privacy and security are critical aspects of operations Failure can subject companies to regulatory penalties, lawsuits, as well as loss of business associated with their site being deemed "unsafe"

Cybersquatting

Registering a domain name that is the same as, or confusingly similar to, the trademark of another and then offering to sell that domain name back to the trademark owner.

GDPR key aspects con'ed

Storage limitation — Ecommerce companie smay only store personally identifying data for as long as necessary for the specified purpose Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).• Accountability — The data controller is responsible for being able to demonstrate GDPR compliance.

The Health Insurance Portability and Accountability Act (HIPAA) (US FED LAW)

The Health Insurance Portability and Accountability Act (HIPAA) requires notice in writing of the privacy practices of health care services.• HIPPA protect how an individual's health information is used by organizations and disclosed to others.• All health care providers, insurance companies,employer-sponsored health plans and HMOs are the covered entities, which must comply with this privacy rule's guidelines. The covered entities of HIPAA are one of the most extensively regulated niches, regarding information privacy.

Legal Issues Pertaining to Social Media

The emergence of social networking sites has created a number of legal and ethical issues for businesses.• The content of social media may play a role in various parts of the legal process. Impact on Litigation Social media posts are routinely included in discovery in litigation because they can provide damaging information that establishes a person's intent or what she or knew at a particular time. Social media posts can be used to reduce damages awards. Impact on Settlement Agreements Social media posts have been used to invalidate settlement agreements that contain confidentiality clauses.

Frequent Changes in Domain Name Ownership Faciliate Cybersquatting

The speed at which domain names change hands and the difficulty in tracking mass automated registrations have created an environment in which cybersquatting can flourish.

Reasonable expectation of privacy

To maintain a suit for the invasion of privacy, a person must have a reasonable expectation of privacy in the particular situation. People clearly have a reasonable expectation of privacy when they enter personal financial information online.• People also have a reasonable expectation of privacy that online companies will follow their own privacy policies. • But it is probably not reasonable to expect privacy when making statements or posting photos on social media sites.

US and EU Data Privacy Crossover

U.S. companies should also be particularly cautious with ecommerce because the EU has far stricter privacy regulations, which can affec tU.S. companies to the extent US Companies interact with EU companies or individuals. • Maximum penalties for violations of up to 4% ofa company's global annual revenues

Data Collection and Cookies

Whenever a consumer purchases items online from a retailer, the retailer collects information about the consumer. Cookies provide detailed information to marketers about an individual's online behavior and preferences, which is then used to personalize online services. Many people feel that the use of cookies and data collecting by retailers violate consumers' rights to privacy.

Data Privacy: US Federal Laws

• Not a single, nationwide privacy law in the United States Examples of federal laws that govern certain elements of Privacy Policies: The Fair Information Principles• published by the Federal Trade Commission, provides a set of non-binding governing principles for the commercial use of personal information. These principles offer guidance to draft policies that encompass existing privacy concerns.