Category: Privacy News

How Could the Ninth Circuit’s Decision in a Facebook Facial Recognition Lawsuit Affect California?

A new decision out of the Ninth Circuit Court of Appeals could be a bellwether for future privacy cases under the California Consumer Privacy Act. On Thursday, the Ninth Circuit held that the plaintiffs in a class-action lawsuit against Facebook alleging violation of an Illinois biometrics law had standing, allowing the case to move forward.

Given the similarities between the Illinois law and the relevant portions of the CCPA, the Ninth Circuit’s decision may dramatically expand standing in future cases under the CCPA for similar biometric violations.

Read More

Facebook Lawsuit: Q&A With Plaintiffs’ Attorney S. Clinton Woods

Privacy advocates won a major victory on Monday when a lawsuit against Facebook for the Cambridge Analytica scandal was allowed to move forward. The San Mateo Superior Court judge, in what the plaintiffs believe to be a significant step for privacy, held that the plaintiffs have adequately pled an injury and have standing for the case to continue.

As has been previously discussed on this blog, the plaintiffs alleged causes of action in violation of California’s Unfair Competition Law (UCL) and False Advertising Law (FAL) due to the unauthorized acquisition of Facebook profile data by political consulting firm Cambridge Analytica. Facebook demurred, arguing that the plaintiffs had not been injured solely as a result of unauthorized access to data and as a result lacked standing under California’s Proposition 64. On Monday, the judge overruled Facebook’s demurrer and allowed the case to proceed.

We are lucky to have S. Clinton Woods, senior associate at Audet & Partners and the lead counsel for the plaintiffs in this action (and a fellow Hastings alum), here to discuss the lawsuit and the path forward.

Read More

Would the California Consumer Privacy Act Have Protected Us From FaceApp?

The privacy scandal du jour revolves around FaceApp, an app for iOS and Android that allows users to automatically digitally alter their photographs to look older, younger, change hairstyles, facial hair, glasses, or more. In order to make FaceApp work, users had to grant the app access to their photos, either from their devices’ camera roll or social media account. Then the magic happens, multiplied by the 100 million or so people who have downloaded the app so far.

I would love to look this good when I’m 100 years old

However, recent examinations into FaceApp’s policies raise new and troubling questions about what FaceApp can and will do with our photos, and whether there’s anything we can do to stop them. Well, these questions may be troubling but they aren’t new: FaceApp first went viral back in 2017, before the Internet forgot it exists just like everything else.

This most recent freakout comes amid the realization that FaceApp is owned by a Russian company and that their terms of use essentially grant FaceApp the right to access and use our photos, as well as the “perpetual, irrevocable” right to use any photos that they processed for us. This, paired with the fact that FaceApp uploads the photos being processed to their server, sparked fear and outrage just as quickly as the old-age photos dominated social media.

Read More

What the Lawsuit Against Facebook for the Cambridge Analytica Breach Could Change About Privacy Suits

Facebook made international news recently when it was revealed that Cambridge Analytica, a political consulting firm, used the personal data of tens of millions of people it got from Facebook to assist Donald Trump’s presidential campaign. A recent lawsuit against Facebook alleges that Facebook violated California law in culling and selling the data to Cambridge Analytica. Now, a new development in the case could fundamentally change how we think about the viability of such data-related lawsuits.

For those unfamiliar with Cambridge Analytica, the alleged story, in a nutshell, is the following: a Russian professor named Aleksandr Kogan released a personality test app called This Is Your Digital Life. However, TIYDL did more than store the survey results. The app reached into the Facebook profiles of the more than 300,000 users who granted Kogan consent, as well as the profiles of all of those users’ Facebook friends (who did not grant consent, obviously). According to Mark Zuckerberg, TIYDL might have accessed as many as 87 million accounts, though even Facebook is not quite sure how many or whose information was taken. Kogan then sold the data to Cambridge Analytica’s parent company, who used the data to assist the Trump campaign.

Read More

How the Schrems II Decision Could Affect International Data Transfers

Californians with an ear to the privacy ground have probably seen mention of the Schrems II case working its way through European courts. While we wait for what could be a groundbreaking decision, let’s take a look back at the history of this case and why it is so important to the international privacy community.

The story of Schrems II begins, unsurprisingly, with Schrems I. Long story short, the Data Protection Directive, the predecessor to the General Data Protection Regulation (GDPR), the European Union’s recent privacy law, put strict regulations regarding data collection, retention, and use, on European Economic Area (EEA) companies and companies processing the data of people in the EEA.

Read More

Will the California Consumer Privacy Act Survive Big Tech?

It should come as no surprise that many in the tech industry are not happy about the California Consumer Privacy Act. As we speed toward January 1, 2020, industry lobbyists and business-geared legislators are pushing a number of amendments that could severely limit the effectiveness and reach of the CCPA.

Todd Weaver and Brendan Eich recently wrote an op-ed in the Mercury News about the generational shift in tech companies’ approach to privacy: while new, smaller tech companies see the appeal and necessity of privacy regulation, Big Tech is digging in its heels.

Read More

Potential Amendments to the California Consumer Privacy Act – AB 25 and AB 1564

With the California Consumer Privacy Act just six months from implementation, the California legislature is hard at work refining and amending the CCPA. While some of the proposed amendments seek to clarify ambiguous terms, others would limit or expand the reach of the law, representing the divide between privacy advocates and the tech industry.

Note: this post was updated following the June 28, 2019 changes to AB 25.

Over the course of the next several months, this blog will detail several of the most interesting and impactful debates surrounding the CCPA. Today, let’s discuss AB-25 and AB-1564.

Read More