chevron-down Created with Sketch Beta.

The Business Lawyer

Winter 2021-2022 | Volume 77, Issue 1

Survey of the Law of Cyberspace: An Introduction

John Rothchild


  • The global COVID-19 pandemic continues to have an impact on e-commerce and cyberlaw.
  • According to federal government statistics, the volume of e-commerce sales remains at an all-time high even as face-to-face shopping gradually returns.
  • Work from home directives from early in the pandemic seem to have permanently elevated the incidence of remote work compared to pre-pandemic levels, and that the increased use of online communication technologies will continue to generate novel legal issues
  • The essays in this survey, which cover developments during the year ending May 2021, touch upon a wide range of legal issues, including: privacy and data security, contracts, electronic payments and financial services, intermediary liability, intellectual property, and consumer law.
Survey of the Law of Cyberspace: An Introduction

Jump to:

The global COVID-19 pandemic, which will soon enter its third year, continues to have an impact on e-commerce and cyberlaw. According to federal government statistics, in the first calendar quarter affected by the pandemic e-commerce sales rose an astounding 43.8 percent from the year-earlier period. As face-to-face shopping gradually returned, the growth of e-commerce has returned to historical rates, but the volume of e-commerce sales remains at an all-time high. Although employers that early in the pandemic instantly directed their employees to work from home are gradually calling them back to centralized workplaces, it seems likely that the incidence of remote work will remain elevated compared to pre-pandemic levels, and that the increased use of online communication technologies will continue to generate novel legal issues.

The essays in this survey, which cover developments during the year ending May 2021, as usual touch upon a wide range of legal issues.

Privacy and data security. David Sella-Villa assesses the impact of the COVID-19 pandemic on privacy. The shift to working remotely has added avenues for collecting personal information that are not available in face-to-face communications. The essay notes that the Zoom teleconferencing platform is the subject of several lawsuits claiming that Zoom violated its users’ privacy. It goes on to discuss the privacy implications of contact-tracing apps, vaccine mandates, and vaccine passports, as well as the impact of privacy protections on the ability of government to implement policies aimed at stemming the pandemic.

Meg Strickler provides an overview of several privacy-related developments. In a discussion of litigation based on misuse of data, she reviews ongoing lawsuits against Zoom and Google. She explains the impact of a decision by the Court of Justice of the European Union that upended the international protocol that has allowed personal information to be transferred from Europe to companies in the United States. She also reviews developments in biometric privacy: court decisions and settlements based on Illinois’ biometric privacy law, proposed laws in other states, and bans on facial recognition technology.

Garylene Javier’s essay looks at developments in state privacy laws. A primary focus is on the evolving landscape in California, which enacted the California Consumer Privacy Act (“CCPA”) in 2018 and amended that law with the California Privacy Rights Act (“CPRA”) in 2020. The essay includes a detailed look at regulations and amended regulations under the CCPA, as well as changes made by CPRA that will be effective in 2023. It also previews the new Virginia privacy law. The remainder of the essay discusses some of the early litigation under the CCPA.

Roland L. Trope discusses the paradigm shifts brought about by the recent occurrence of high-impact, low-frequency events such as the COVID-19 pandemic, enterprise adaptations to it, and a surge in cyberattacks on tech companies and critical infrastructure. He notes that attacks have become so sophisticated that the targeted companies can no longer determine with certitude whether their remediation efforts have succeeded. As a result, companies should henceforth assume that compromised networks remain persistently insecure. His essay reviews recent attacks, a judicial decision on a targeted enterprise’s entitlement to insurance recovery for a ransomware attack, and a U.S. Supreme Court decision that resolved a conflict among the federal appellate courts on the proper construction of the Computer Fraud and Abuse Act.

Contracts. Nancy S. Kim offers a tour through the latest developments in online contracting. As she demonstrates, in recent cases the courts look beyond the point in time when the terms are presented and include in their assessment the totality of the user’s interaction with the company. She also presents several cases dealing with the substance of contract terms, including applicability of the Federal Arbitration Act, drafters of the contracts arguing against the terms that they themselves produced, and companies reeling from the costs of enforcement of the arbitration clauses that they insisted on including in the contract.

Electronic payments and financial services. Stephen T. Middlebrook, Sarah Jane Hughes, Tom Kierner, and Peter Maskow address the complexities of electronic financial services. Their essay includes: disputes between federal and state authorities over the regulation of FinTech entities and virtual currencies; application of a money transmission statute to a virtual currency business; guidance from the Consumer Financial Protection Bureau regarding products that allow employees to obtain access to their salaries before they are paid and a court challenge to the Bureau’s regulations governing prepaid accounts; and a warning from the Federal Trade Commission against using artificial intelligence algorithms that improperly discriminate.

Intermediary liability. Chase J. Edwards brings us up to date on developments relating to liability of online intermediaries. Two courts addressed negligent-design claims against Snapchat for its speed filter, holding Section 230 immunity was unavailable. Another case found Section 230 unavailable to shield Clearview AI from claims under state consumer protection law. Courts reached differing conclusions on whether is liable under state product liability laws for harm caused by products it sells. Several cases addressed the application of FOSTA, an amendment to Section 230 that denies immunity for websites that host content promoting sex trafficking. Finally, the essay considers legislative efforts to limit the applicability of Section 230.

Intellectual property. The essay by John A. Rothchild highlights some important developments in copyright and trademark law. The essay first describes the U.S. Supreme Court’s ruling on fair use in connection with application programming interfaces in a high-profile dispute between Google and Oracle. It then discusses cases involving the volitional-conduct requirement for direct copyright liability and the making-available right. On the trademarks side, the essay examines a U.S. Supreme Court decision on the protectability of a domain name that is built on a term that is generic in the trademark sense, and another case dealing with the liability of the operator of an online marketplace based on infringing items that third parties offer for sale.

Consumer law. In his essay Richik Sarkar covers developments in advertising and consumer protection law. He discusses several cases that reach differing conclusions on the impact of a 2020 decision by the U.S. Supreme Court invalidating a provision of the Telephone Consumer Protection Act (“TCPA”), as well as a new decision by the Supreme Court clarifying what constitutes an automatic telephone dialing system under the TCPA. The essay also reviews cases involving social media accounts, the Computer Fraud and Abuse Act, deceptive online business practices, and cybersecurity.