September 01, 2017

MONTH-IN-BRIEF: Internet Law & Cyber-Security

Juliet Moringiello, Sara Beth A.R. Kohut

Cyber-Security

Ninth Circuit Court of Appeals Finds Standing under FCRA in Spokeo

By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP

Following remand from the U.S. Supreme Court, the Ninth Circuit Court of Appeals held in Robins v. Spokeo that plaintiff Thomas Robins had established Article III standing in his lawsuit against Spokeo, Inc. for allegedly violating the Fair Credit Reporting Act.. Robins alleged that Spokeo’s website, which aggregates various data about individuals, had published inaccurate information about Robins’s marital status, age, employment, education, and wealth level, causing harm to his prospects for employment and emotional distress. Previously, the Ninth Circuit had reversed the lower court’s dismissal based on lack of standing, but the U.S. Supreme Court vacated that reversal on the ground that the Court of Appeals had not addressed whether Robins’s alleged injury was sufficiently concrete. On remand, the three-judge panel unanimously concluded that the implicated FCRA procedures were crafted to protect consumers’ concrete interest in accurate credit reporting and that Robins sufficiently alleged he suffered a concrete injury that was not trivial or too speculative.

Uber Reaches Settlement with FTC Over Allegedly Deceptive Privacy and Security Claims

By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP

The Federal Trade Commission recently announced it had reached a settlement with Uber Technologies Inc. with respect to allegations that Uber misrepresented the privacy and security protections it had in place for the personal information of its drivers and consumers. The FTC had filed a complaint against Uber after a 2014 data breach revealed that Uber employees were improperly accessing consumers’ personal information because Uber did not have effective measures in place to protect and monitor access to that information. Under the settlement, Uber does not face a monetary penalty. However, Uber must establish a comprehensive privacy program that ensures the personal information of its consumers is secured, and must undergo biennial audits by an independent third party for the next 20 years to verify implementation of the privacy program.

Data Privacy

FTC Updates COPPA Compliance Plan

By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP

The Federal Trade Commission recently updated its six-step guidance for complying with the Children’s Online Privacy Protection Act. The revisions acknowledge that evolving technology may affect whether a company’s business model or products are subject to COPPA. As an example, the changes clarify that companies providing “connected toys or other Internet of Things devices” are subject to COPPA. In addition, the guidelines now permit obtaining parental consent by asking knowledge-based authentication questions and employing facial recognition technology.

International Law

Amazon Wins gTLD Appeal

By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP

An Independent Review Panel of the International Centre for Dispute Resolution has issued a 2-1 Final Declaration siding with Amazon in its quest for the generic top-level domain (gTLD) “.amazon”. The Internet Corporation for Assigned Names and Numbers (ICANN) denied the applications of Amazon EU S.A.R.L. to use the gTLD based on objections by the countries of Brazil and Peru, which erroneously (and contrary to ICANN’s guidelines) claimed the gTLD was protected as a geographic region. The panel found that ICANN’s board improperly gave complete deference to its Government Advisory Committee (which supported the Amazonian countries but failed to provide procedural fairness to Amazon to challenge their position) without providing a “well-founded and merits-based public policy reason for denying Amazon’s applications” as required by ICANN’s governing documents. Accordingly, the panel recommended that ICANN’s board reevaluate Amazon’s application and awarded Amazon reimbursement of certain expenses for the proceeding in the amount of $163,046.

Juliet Moringiello

Commonwealth Professor of Business Law, Widener University Commonwealth Law School

Juliet Moringiello is the Commonwealth Professor of Business Law at Widener University Commonwealth Law School in Harrisburg, PA, where she teaches Property, Bankruptcy, Secured Transactions, Sales, and a seminar on Cities in Crisis. She earned her B.S.F.S. at Georgetown University, her J.D. at Fordham University School of Law, and her LL.M in Legal Education at Temple University School of Law. Professor Moringiello is Chair of the Pennsylvania Bar Association Business Law Section, a Uniform Law Commissioner for Pennsylvania, and a member of the American Law Institute. She is also a Fellow of the American College of Commercial Finance Lawyers and has held several leadership positions in the American Bar Association Business Law Section.

Sara Beth A.R. Kohut

Co-Chair; Cybersecurity, Privacy, and Data Protection Group; Young Conaway

Sara Beth’s practice focuses on advising legal representatives for future claimants in connection with asbestos mass tort insolvency matters and settlement trusts. She has also represented national and local businesses in cases involving intellectual property, corporate and commercial issues in the federal and state courts in Delaware. Sara Beth has advised clients on strategies for protecting intellectual property rights and complying with obligations governing the privacy and security of sensitive data. She currently co-chairs Young Conaway’s Cybersecurity, Privacy, and Data Protection group.