March 09, 2020

Cross-Border Cyber Regulations Subcommittee

The committee met in Phoenix to address several emerging developments and potential program topics.  First, we discussed the issue of varying country-specific rules for consent and capacity based on age.  Even within the U.S., we find conflicts between state-law rules that permit contracts based on reaching the age of majority and consent policies from websites that obtain consent from those 13 and over (presumably based on COPPA).  As a related problem, we have country-specific rules based on content, some of which are based on the age of users.  This presents challenges not only in knowing and understanding the applicable legal framework, but also in determining the identity and the location of the counterparty.  The current state of technology for determining location and identity may provide fruitful topics for future programming. 

Second, the matter of “jurisdictional regimes” – the legal and technological standards applied for regulation and rulemaking – was a topic of lively discussion.  We discussed the effect of trading partner preferences and requirements affect legal standards in the privacy regime.  Query, as GDPR standards spread to Asian markets, whether that framework will emerge in other U.S. jurisdictions with affected companies?  Are the laws and standards for exercising jurisdiction changing enough to require additional programming and scholarly attention?

Third, the jurisprudence of “reasonable security” was another area of discussion.  As litigation grows under the CCPA and administrative law developments continue within the FTC, we have a plethora of different possible sources for reasonable practices.  Those developments will affect cross-border transactions as well as domestic ones.

The ABA publications staff has expressed interest in a book topic dealing with cross-border electronic transactions.  If you have an interest in these or other topics, please email one of us and we will connect with you. 

Ed Morse (morse@creighton.edu)
David Flint (davdflint@creighton.edu)
Andrew Alleyne (aalleyne@fasken.com