2H 2016 Quick Links, Part 9 (Privacy/Security)
* California AB 691: “Revised Uniform Fiduciary Access to Digital Assets Act.” The key part is the new Probate Code Sec. 873(a):
A user may use an online tool to direct the custodian to disclose to a designated recipient or not disclose some or all of the user’s digital assets, including the content of electronic communications. If the online tool allows the user to modify or delete a direction at all times, a direction regarding disclosure using an online tool overrides a contrary direction by the user in a will, trust, power of attorney, or other record
Background from the Recorder.
* California also passed AB 1687, the anti-IMDb law designed to overturn the Hoang case. The main operative text, codified in Civil Code 1798.83.5:
(b) A commercial online entertainment employment service provider that enters into a contractual agreement to provide employment services to an individual for a subscription payment shall not, upon request by the subscriber, do either of the following: (1) Publish or make public the subscriber’s date of birth or age information in an online profile of the subscriber. (2) Share the subscriber’s date of birth or age information with any Internet Web sites for the purpose of publication.
IMDb is challenging the law in court.
* Matera v. Google, 2016 WL 5339806 (N.D. Cal. Sept. 23, 2016)
many courts since Spokeo have placed dispositive weight on whether a plaintiff alleges the violation of a substantive, rather than procedural, statutory right. If the right created by statute is substantive, courts have generally found that Congress permissibly “elevated [the harm recognized by the statute] to the status of legally cognizable injuries,” and thus that a plaintiff alleging violation of a substantive statutory right has Article III standing….In sum, the Court concludes that the judgment of Congress and the California Legislature indicate that the alleged violations of Plaintiff’s statutory rights under the Wiretap Act and CIPA constitute concrete injury in fact. This conclusion is supported by the historical practice of courts recognizing that the unauthorized interception of communication constitutes cognizable injury.
the Terms of Service analyzed in Gmail stated, “You should look at the terms regularly. We’ll post notice of modifications to these terms on this page….If you do not agree to the modified terms for a Service, you should discontinue your use of that Service.” Applying these principles to the instant case, users of the individual Gmail service agreed to the 2014 TOS upon its posting
Whoa, we have a lot of caselaw rejecting these types of amendment clauses. This favorable amendment ruling still doesn’t help Google because the court says the contract terms didn’t cover the applicable scenarios and didn’t apply retroactively.
Google has tentatively settled this case.
* In re: Facebook Privacy Litigation, 2016 WL 3523850 (N.D. Cal. June 28, 2016). Lawsuit over Facebook’s alleged disclosure of private info in referral URLs is mostly dismissed for lack of Article III standing.
* Luis v. Zang, 2016 WL 4363151 (6th Cir. Aug. 16, 2016). Maker of WebWatcher software cannot shake ECPA claims on motion to dismiss. Prior blog post.
* Carlson v. Gamestop, 2016 WL 4363162 (8th Cir. Aug. 16, 2016):
may include: your name, home address and zip code, telephone number, e-mail address and (for those purchasing products online) credit card or checking account information including billing and shipping addresses and zip codes….
* Opperman v. Path, 2016 WL 4719263 (N.D. Cal. Sept. 8, 2016). Yelp cannot defeat “intrusion into seclusion” claim on summary judgment related to its app’s grabbing and storing users’ contacts.
* Alessandro Acquisti et al, Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online. From the intro:
we review research in relevant fields (such as behavioral decision research, behavioral economics, and experimental psychology) to gain insights into the impact of cognitive and behavioral biases on online security and privacy decision making (Section 2). Then, we review interventions developed in various fields (such as decision research, human-computer interaction, and persuasive technologies) aimed at helping users make “better” online security and privacy decisions, i.e., decisions that minimize adverse outcomes or are less likely to be regretted. We show how this work shares similarities with mechanisms developed to nudge people in a variety of other domains, such as health and retirement planning. We broadly refer to these efforts as “nudging research,” regardless of the originating field of study. We posit that all these efforts can be largely viewed as implementations of soft paternalistic concepts, whereby interventions are intended to gently guide users towards safer practices rather than imposing particular decisions. In doing so, we suggest that prior work on the design of user interface technologies for security and privacy can be examined from a nudging perspective: every design decision potentially nudges users in one direction or another. Furthermore, we point to examples of existing interfaces that nudge individuals either towards more protective behaviors (Section 3) or, sometimes, towards riskier ones (Section 4). We further discuss practical and ethical questions associated with nudging for security and privacy, along with a discussion of design and research challenges in this area (Section 5). Finally, we conclude with a summary of insights identified in this review (Section 6).
* A.G. Schneiderman Announces Results Of “Operation Child Tracker,” Ending Illegal Online Tracking Of Children At Some Of Nation’s Most Popular Kids’ Websites
* NY Times: Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say