Virginia Governor Signs Comprehensive Data Privacy Law

Image Credit: Kjrstie from Pixabay.

Following hot on the footsteps of the California Privacy Rights Act, Virginia Gov. Ralph Northam (D) signed the Consumer Data Protection Act on Tuesday, making Virginia the second state in the U.S. to pass a comprehensive data privacy law. Below, please see our comparison of the the California Consumer Privacy Act and the Virginia Consumer Data Protection Act.

person entering emoticons in smartphone.

Facebook, Patents, and Privacy: Social Media Innovations to Mine Personal Data

[©2016. Published in GPSOLO, Vol. 37, No. 5, September/October 2020, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder]

* Updated November 25 to include references to CPRA/ Prop24.

The episode “Nosedive” of the television series Black Mirror envisions a society built on social credit scores. In this dystopia, all social media networks have converged into one platform—think Facebook, TikTok, Yelp, and Equifax combined.

This umbrella social platform allows users to rate each other on a five-point scale after each social interaction. Those with a high score gain access to job opportunities, favorable zip codes, and even high-status relationships. Those with a low score have the social ladder kicked out from under them, leading to a downward cycle of estrangement—and in the case of Black Mirror’s protagonist, jail time.

While the society in “Nosedive” seems far-fetched, is the technology behind it plausible?

Facebook Patents That Impact Privacy

According to Facebook’s patents, the answer is a resounding “yes.”

In a series of filings spanning almost a decade, Facebook has obtained several patents that allow social media platforms to track, identify, and classify individuals in new and innovative ways. Below are just few.

Tracking individuals via dust. U.S. Patent No. 9485423B2, “associating cameras with users and objects in a social networking system” (filed September 16, 2010, patented June 25, 2013), allows social media networks to identify an individual’s friends and relationships by correlating users across the same camera. To do so, an algorithm analyzes the metadata of a photo to find a camera’s “signature.”

Continue Reading Facebook, Patents, and Privacy: Social Media Innovations to Mine Personal Data
File folders with a small lock in the corner

Will the CCPA and Other State Privacy Laws Face Constitutional Attack?

Image Credit: Pettycon from Pixabay

This article is Part 2 of 3 in a series exploring proposed federal privacy laws and constitutional concerns of privacy laws in the United States. Part 3 will discuss the constitutional challenges facing a proposed federal privacy law. 

In the first part of this series, we examined several federal privacy bills proposed this year, as Congress eagerly tries to pass a single harmonizing federal law. The issue of preemption continues to divide Republican and Democrat lawmakers, however, with the former in favor of an express provision allowing preemption stricter state privacy laws such as the CCPA and the latter largely against such a provision. 

Regardless of whether a federal law passes, with an express preemption provision, state privacy laws are still at risk of constitutional attacks. There are two primary ways that a state privacy law may be challenged: (1) invalidation under the Dormant Commerce Clause, and (2) invalidation under First Amendment grounds. State legislators contemplating the passage of their own privacy laws will need to consider these constitutional issues in the drafting phase, or risk facing opposition on constitutional grounds.

Continue Reading Will the CCPA and Other State Privacy Laws Face Constitutional Attack?
Pole with sign saying "future".

Privacy Law Forecast for 2019

Image Credit: ID 23689850 © Steve Ball | Dreamstime.com

This past year was quite a whirlwind for privacy and cybersecurity watchers. Just to sum up a few of the top events of last year:

  • Facebook’s Cambridge Analytica scandal rocked political headlines
  • Europe introduced the GDPR, the most comprehensive data protection legislation to date in the world
  • California enacted the California Consumer Privacy Act, becoming the first US state to create GDPR-style rules
  • Google came under fire for allowing app developers to read your email, and track your location (even with location tracking off!)
  • Marriott’s guest reservation system was hacked, exposing the personal information of up to 500 million guests, including passport numbers and payment numbers for some of those hacked

What will happen in 2019? Here are our top 5 predictions:

Continue Reading Privacy Law Forecast for 2019

Image of gears directing arrows to shield.

California Consumer Privacy Act vs GDPR – How to Maximize Your Privacy Compliance Program

California’s recent passage of the Consumer Privacy Act of 2018 now places the world’s fifth-largest economy under European style data protection rules. Given the new law, US businesses that were previously hesitant to implement GDPR are now reconsidering their position.

Luckily, the GDPR and the California Consumer Privacy Act (CCPA or CaCPA) share some similarities. Both provide for consumer-facing privacy notices, data access rights, and data portability. As businesses automate their GDPR compliance processes, they should also leverage those same processes under the CaCPA to save significant time and expense.

Below, we have listed five common operational steps that all businesses should take in their GDPR and CaCPA privacy compliance programs:
Continue Reading California Consumer Privacy Act vs GDPR – How to Maximize Your Privacy Compliance Program

1 2