Internet Law

The California Consumer Privacy Act And Its Unprecedented Protection For User Data

Published on: June 8, 2018 | by Law Offices of Salar Atrizadeh

In our first June blog post, we discussed a bill passed by the State Senate which would provide net neutrality rules for ISPs in the State of California. We continue this week with the theme of internet regulating laws being proposed in our state.

The California Consumer Privacy Act of 2018 (CCPA) is a ballot measure, which would provide unprecedented protection for user data in California. Users would have the ability to prevent companies from selling their data to third parties, as well as demand full disclosure of all data being collected. Consumers would also have the ability to sue companies in violation of the law.

The CCPA was started by Alastair Mactaggart, a real estate developer in the San Francisco area, along with Rick Arney, a finance executive, and Mary Stone Ross, an attorney who has worked on national security matters with the House of Representatives and was a former CIA analyst. The group says they are just three people living in California who want what is best for their kids and the future of Californians. They believe the “bargaining” that occurs between big companies and users regarding consumer privacy, which is basically take-it-or-leave-it is not bargaining at all. With the practical necessity of laptops and cell phones today, they want users to have more choice and power in terms of what information is collected, and how that information is used.

SB 822: California’s Net Neutrality Protection Law

Published on: June 1, 2018 | by Law Offices of Salar Atrizadeh

On May 30, 2018, the California State Senate voted to pass a bill that will ensure net neutrality on the internet in the State of California. With the FCC’s repealing of Obama-era net neutrality rules going into effect on June 11, 2018, California’s bill will provide for continued net neutrality protection. Officially known as Senate Bill 822, the senate passed SB 822 by a vote of 23-12. The bill will next go to the State Assembly to be voted on by the end of August. If the bill passes the Assembly, it must finally be signed by Governor Jerry Brown in order to become law.

If made into law, the bill will prohibit Internet Service Providers (ISPs) from manipulating internet traffic. Net neutrality rules ensure that ISPs cannot slow down or block access to certain websites, or give some websites and content quicker access speeds than others. Preventing willful alteration by ISPs of internet connections between devices and sources of content is the key focus of net neutrality rules. SB 822 will also allow the state to supervise commercial interconnection deals between corporate customers and ISPs to ensure that corporate customers are not taken advantage of by ISPs’ dominant market power. Interconnection arrangements typically occur between content providers such as YouTube and Netflix, and ISPs such as Spectrum or AT&T.

The net neutrality rules would also ban third-party paid prioritization, as well as application-specific differential pricing. Paid prioritization occurs when content providers pay ISPs a fee in order to ensure that users have higher access speeds to their websites than competitors’ websites. ISPs claim that preventing this business model may cause an increase in the price that consumers pay for internet service. Differential pricing is when goods or services are offered at different price points to different consumers. For example, a company such as Microsoft may charge a higher fee to corporate customers for Microsoft Office software than to a personal user who purchases the software for use at home. Differential pricing comes into play in the net neutrality laws with regards to user access to applications, content, and platforms (ACP).

Privacy Rights for California Minors

Published on: December 18, 2017 | by Law Offices of Salar Atrizadeh

Mentioned in passing, in our first December blog post is another potential pitfall for operators of Internet-based services such as websites or applications. This one pitfall in particular comes out of the State of California. However, given the role of the internet as a wide-spread source of information, this is a lesson for any individual pitching to minors online. This law is Business & Professions Code 22580-22582 (“BPC 22580-22582”) otherwise known as “Privacy Rights for California Minors in the Digital World.” What does this law pertain to in general? What kind of entities need to be concerned about California Minors? What are the privacy rights these minors are allowed to enjoy?

What is BPC 22580-22582?

BPC 22580-22582 is a sub-part of the California Business and Professions Code. It applies to operators of Internet websites and services, including, but not limited to, applications that are directed towards children and those same entities where the entities know the websites or services are used or visited by children. Here, “directed to” means it was created mainly for children, and is not intended for a general audience, including, but not limited to, adults. The law states, for children with registered accounts, entities must:

What Is COPPA?

Published on: December 11, 2017 | by Law Offices of Salar Atrizadeh

Last week we discussed smart toys, and we mentioned “COPPA” in that article. As such, some of you may be asking what is COPPA?” In short, COPPA is a federal law specifically tailored towards children, and stands for “Children’s Online Privacy Protection Act.” This law is meant to protect children from over exposure and prohibit businesses from gathering invasive amounts of analytics on children using their products or services. This remains a legitimate concern, attempting to curtail some of the worst aspects of online life. What exactly does COPPA prohibit? Is there any limitation? Does it provide guidelines for a business to follow and ensure compliance?

COPPA Prohibitions

The spirit of COPPA can be summarized as follows: It is unlawful for an operator or a website or online service directed to children or with knowledge that it is collecting or maintaining a child’s information, to violate this federal statute by failing to give notice on the website of what information it collects, how it’s used, and how it’s disclosed, failing to obtain parental consent, providing reasonable means for parents to review or cancel the use of the service or website, to not condition participation in a game, offering of a prize or other activity by disclosing more personal information than is necessary, and failing to establish and maintain procedures to protect the confidentiality, security and integrity of the children’s information.

What Are Smart Toys?

Published on: December 4, 2017 | by Law Offices of Salar Atrizadeh

We have finally reached December, and with it, comes the time for shopping. Of course, some people will focus on the youngest members of their families – i.e., children. However, it needs to be emphasized that even with children, there are special concerns. The law considers juveniles and their decision-making capabilities, and in the age of the “smart toy,” this could have far ranging impacts on businesses and the emerging market. What is a smart toy? How might it differ from an average toy? What would a business need to be aware of? What about a parent?

Smart Toys

Smart toys, alternatively known as “connected” toys, are those devices that can be used for play, but also connect to the internet or cloud. This concept may sound like the internet of things–and these smart toys are just another part. A good example of this may be something like the “Hello Barbie” dolls from 2015. These dolls were akin to a smart chat program, or a more personable Siri/Cortana/Alexa. While Barbie’s operating system would not allow her to break significantly off a script, she would remember and adapt to a child’s thoughts, concerns, or desires.

Net Neutrality: Why it Matters and What You Need to Know About FCC’s Suggested Changes?

Published on: November 27, 2017 | by Law Offices of Salar Atrizadeh

This is a current update on the principle of net neutrality that is worthy of a discussion. So, how or why is an update necessary? The answer is that net neutrality rules may be changing soon, and various organizations are currently lobbying for their positions. Why does net neutrality matter to businesses or consumers? Is there a way or reason for removing net neutrality? What may you need to consider as a business or consumer after the demise of net neutrality?

Historical Background

For those that have not been following the idea of net neutrality, the idea is simple. No one packet of data can be favored or disfavored by a company that provides internet access. Previous rules would forbid this, and allow entities to sue if there was an intentional slowdown of their service. Indeed, this has allegedly occurred in the past as described in a lawsuit between Time Warner Cable (now Spectrum) and the State of New York. Essentially, Spectrum was intentionally slowing down service, and only improving the service after payment was received by it. Under the Open Internet Rules, this process was prohibited.

Google v. Equustek Solutions, Inc.

Published on: November 20, 2017 | by Law Offices of Salar Atrizadeh

In a current dispute between Google and a Canadian company over de-indexing a competitor, Google is doing everything in its power to avoid the court order. Not necessarily because it believes in the innocence of Datalink, but because to de-index would be removing an important immunity under current U.S. laws. One may be wondering, what was the immunity that prompted Google’s move? Why could it just pick up and go somewhere else? Should other businesses be concerned for this possible loss of immunity, and why might a business support Google here?

Case History

Equustek Solutions, Inc., a Canadian company, engaged in litigation with Datalink due to illicit activities on Datalink’s part (e.g., misappropriation of trade secrets) and using those trade secrets to confuse consumers in the market. Due to the similarities resulting from the alleged misappropriation, Datalink led consumers to believe that they were purchasing Equustek’s products. Equustek then sued in Canadian courts, resulting in various court orders against Datalink. However, Datalink managed to evade enforcement by fleeing the country and setting up shop somewhere else.

First Annual Review of EU-US Privacy Shield

Published on: November 13, 2017 | by Law Offices of Salar Atrizadeh

The European Commission released its first annual review of the current EU-US Privacy Shield in order to determine what may or may not need changes as a matter of policy. As it currently stands, the Privacy Shield creates enforceable protections for European Union residents regarding the use of their personal data. The US-based entities that wish to participate will have to conform to greater transparency standards in how the data is used, as well as submitting to strong oversight to ensure adherence, and increased cooperation with Data Protection Authorities (“DPAs”). So, what changes are suggested in this new report? How might this affect businesses in the United States? What consequences, if any, may be added to the new changes?

What is the review?

It was conducted by the Commission to the European Parliament, which in essence reviewed the function of the Privacy Shield and gathered input from publicly-available sources. These sources combined press releases as well as legal cases that were available to the Commission; although, neither source was cited specifically within the seven-page report. The Commission is composed of both European and American representatives, such as the European Data Protection Supervisor and Federal Trade Commission.

Internet Commerce and GDPR

Published on: November 6, 2017 | by Law Offices of Salar Atrizadeh

In general, internet commerce transpires on the national and international levels. Naturally, data protection is an important concern for private and public agencies. The European Union’s remaining members are currently in the process of another process to protect data with the “General Data Protection Regulation” (GDPR) set to take effect next year. This differs from the previous Privacy Shield in some respects, as it is broader, and expands beyond the European Union and deals with any individual that may have a shred of a connection to the European Union. So, what is GDPR? What does it require? Also, what are the consequences for non-compliance?

What is the GDPR?

The GDPR grants the following as rights to a data subject (i.e., a user): breach notification; right to access a copy of personal data free of charge in electronic format; right to be forgotten; data portability, allowing transmission to another provider; privacy by design for systems; and data protection officers in cases where constant monitoring of data subjects on a large scale may occur, or for special categories of data regarding criminal convictions.

Artificial Intelligence and Copyright Laws

Published on: October 2, 2017 | by Law Offices of Salar Atrizadeh

A question for you to consider: Imagine a world where music is created by a random set of numbers. Who owns the music? Is it the programmer? Is it the user who gave specifications for the music? It’s certainly an odd question to ask, and unsurprisingly, one without a clear answer. The question has been mostly unlitigated, although programs such as the Artificial Intelligence (“AI”) made by DeepMind can produce music by listening to it. For example, some programs can restore or create mimics of Rembrandt. One might wonder: With the increasing role of technology, what are the limits to copyright laws? Who is a creator, and hasn’t this issue already been settled in courts?

Previous Litigation

To determine the possibility of authorship to AI, it’s important to simplify things. Technology is a little complex. What about monkeys, animals, or something that occurs naturally?