Describes motivation process for creativity with emphasis on intrinsic motivation by Corey K Katir

On 25 January 2012, the European Commission published a proposed new data protection framework for the E.U. The new framework, unlike the current one, is to provide a consistent and harmonised set of rules for all 27 E.U. member states. One of the main objectives of the new framework is to better ensure that individuals know what is happening to their personal data. To this end, the European Commission is proposing to introduce the ‘right to be forgotten’.

At present, the E.U. Directive 95/46/EC gives individuals rights to access personal data from third parties that hold and control their personal data (such as websites and employers). The new proposal extends the rights of individuals by requiring an organisation that controls personal data about them (a “data controller”) to delete all such data and abstain from further disseminating it, if the individual so requests. This new right is particularly concerned with personal data stored on the internet, including social networking sites. 

At the heart of the right to be forgotten is a requirement for a data controller to delete personal data when requested, and, perhaps more significantly, to take all reasonable steps (including technical measures) to inform third parties of the data subject’s request, where third parties have processed such data. Where the data controller had authorized a third party publication of personal data, the controller shall be considered responsible for that publication. 

A data controller would be required to act on an individual’s request to delete their personal data without delay unless there is a legitimate reason not to do so, for example, if the data controller can show that it has the right to publish the information in order to comply with a legal obligation. The proposed fine for non-compliance is significant (and controversial) – up to 1% of a company’s annual global turnover. 

Individuals who have concerns about their personal privacy would welcome the ‘right to be forgotten’ as it affords internet users with greater control over their personal information. Data controllers are however more sceptical and have concerns. Compliance could be time consuming and costly as organisations would need to have processes, procedures and IT systems in place to be able to delete all personal data held about a specific individual.

Another difficulty that data controllers are grappling with is whether they would be responsible for the republication of personal data by third parties and what their obligations would be to ensure the removal of such published material. It is hoped that this is clarified in the final Regulation. The ‘right to be forgotten’ also raises potentially complex issues about censorship and freedom of speech when the information is posted by third parties. For example, would an individual’s data protection right take precedence over a third party’s right to freedom of speech? 

The ‘right to be forgotten’ is undoubtedly one of the most controversial proposals of the E.U. is proposed new framework. Given the number of issues that are likely to be raised by organizations that will make representations to the European Parliament, it is anticipated (and hoped) that the ‘right to be forgotten’ will be revised and clarified before it is incorporated into the Regulation and made law. Watch this space!

PETA-ANNE BARROW

Earlier this year in United States v. Jones, the United State Supreme Court addressed the privacy implications of Global Positioning Systems (“GPS”), holding that placing a GPS tracking device on a suspect’s car was a “search” under the Fourth Amendment. Though a growing number of employers are using GPS systems to track employee activity on the job, the effect of the Supreme Court’s decision in the private sector remains unclear.

Jones highlights two distinct privacy concerns potentially created by GPS devices. First, Justice Scalia, in the majority opinion, focused on the trespass implicated by placing a GPS device in an individual’s vehicle. Though the holding only applies to government action, courts may find this element of privacy relevant if an employer installs GPS devices in employees’ personal vehicles.

However, just before the Jones decision, a New York court held that installing a GPS device in a public employee’s personal vehicle to investigate misconduct during working hours was reasonable, and lawful, under the circumstances. Similarly, a New Jersey state court held last year that a private investigator did not unlawfully invade the plaintiff’s privacy by placing a GPS device on the plaintiff’s personal car. The New Jersey court reasoned there was no invasion of privacy because the plaintiff did not allege travel to any secluded or private areas where there might be an expectation of privacy.

The concurring opinions in Jones discussed a second aspect of privacy implicated by GPS devices. Justice Sotomayor and Justice Alito, joined by a majority of the Court, focused on reasonable expectations of privacy. Despite an earlier holding that there is no reasonable expectation of privacy in one’s location while traveling on public roads, the concurring opinions argued GPS tracking for an extended period of time (four weeks in this case) went beyond reasonable expectations of privacy under the Fourth Amendment. Justice Sotomayor noted long-term GPS monitoring could reveal a wide range of personal information, including familial, political, professional, religious, and sexual associations. 

California and Texas have statutes addressing GPS tracking devices. In those states, placing a GPS device on a vehicle is unlawful without the owner’s consent. Of course, these statutes pose no bar to installing GPS devices in employer-owned vehicles. Still, because there is little statutory law addressing the use of GPS monitoring in the workplace, judicial determinations of privacy expectations continue to define the boundaries for tracking employee activity with GPS devices. 

To date, few courts have addressed the privacy implications of GPS monitoring in the workplace. Those that have generally permit the practice. In addition to the two state decisions noted above, a Missouri federal court held in 2005 that use of a GPS device on a company vehicle did not constitute an invasion of privacy. Still, the Supreme Court decision in Jones highlights privacy implications of GPS monitoring, so renewed scrutiny of GPS tracking can be expected. Watch this blog for updates as this area of the law develops.

On April 11, 2012, Katharine Parker, a partner in Proskauer’s Labor & Employment Law Department, discussed privacy concerns that arise when an employer demands access to its employees’ social media accounts. Click here for the article.

The smart grid is an advanced metering infrastructure made up of “smart meters” capable of recording detailed and near-real time data on consumer electricity usage.  That data would then be sent to utilities through a wireless communications network.  In recent years, utilities have increased the pace of smart meter deployment—smart meters are expected to be on 65 million homes by 2015.  A smart grid could deliver electricity more efficiently and would enable consumers to track and adjust their energy usage in real time through a home display.  But these new capabilities also implicate new privacy concerns.

While conventional meters only measure a consumer’s total electricity usage, smart meters record detailed electricity usage as often as once every 15 seconds, and the resulting usage profiles make it possible to identify which appliances a consumer is using at a particular time.  Additionally, proprietary business information might be revealed through energy consumption data of non-residential customers.  As the smart meter technology develops and the usage data grows, the data could become valuable to third parties, creating a new market for energy usage data.

The new data-collection capabilities of a smart grid have caught the attention of privacy advocates and the government.  To date, California is the only state with laws directly applicable to data tracked by smart meters.  Investor-owned utilities in California are prohibited from selling usage data for any purpose and from sharing the usage data without the customer’s consent.  In Michigan, utilities are deploying smart meters while the Michigan Public Service Commission simultaneously conducts an investigation into the health, cost, and privacy implications of smart meters.  The Commission plans to develop appropriate recommendations by July 2012.

Application of federal privacy laws to the smart grid is still an open question, but regulatory efforts will likely increase as deployment of smart grid technology continues.  The first legal battleground is in the Fourth Amendment context.  A complaint filed in the Northern District of Illinois late last year alleges a city’s smart meter installation program violates citizens’ Fourth Amendment right to privacy and freedom from unreasonable searches.  The case is ongoing and likely will not be decided for some time, but it will be the first decision by a court on the privacy implications of the smart grid.

While there are no federal statutes or regulations directly applicable to smart grid technologies, the National Institute of Standards and Technology, the Department of Energy, and the Congressional Research Service, have each issued reports on the smart grid.  The reports note that some existing federal statutes may apply to smart grid privacy issues.  If transmitting electric usage data over the smart grid constitutes electronic communications, the Electronic Communications Privacy Act would limit government interception of the communications.  Similarly, the Stored Communications Act would prohibit unauthorized persons from accessing stored electronic communications.  Finally, the Computer Fraud and Abuse Act might apply to prohibit the unauthorized access of computerized information used in interstate commerce.

The federal reports also note that the FTC likely has jurisdiction over investor-owned utilities and could bring enforcement actions for deceptive acts and unfair practices, which include failure to comply with the utility’s own privacy policy and failure to safeguard data from well-known technology threats.

Finaly, the federal reports detail some guidelines that utilities should keep in mind as they deploy smart grid technology:

• Appoint personnel responsible for data security and privacy.
• Regularly audit privacy procedures.
• Establish procedures for law enforcement data requests.
• Provide notice to consumers in advance of collection and use of energy use data.
• Aggregate and anonymize data in a way that personal information or activities cannot be determined.
• Keep personal information only as long as necessary to accomplish the purpose for which it was collected.
• Allow individuals access to their personal energy data to correct inaccuracies.

In the end, education, outreach, and transparency in this area are key, for a successful smart grid requires consumer participation and cooperation.

On March 26, 2012, the FTC released its final report titled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policymakers.”  The report reflects feedback from the FTC’s privacy roundtables as well as over 450 public comments received in response to its proposed framework released in December 2010.  The framework applies to all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer or other device, with an exemption for entities that collect only non-sensitive data from fewer than 5,000 consumers per year and do not share the data with third parties.

The FTC has called on individual companies, trade associations and self-regulatory bodies to adopt the principles contained in the report, specifically:

• Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services. 
  • Companies should incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention and disposal practices, and data accuracy.
  • Companies should maintain comprehensive data management procedures throughout the life cycle of their products and services.

A copy of the report is available here.  

It may seem obvious to a lay person that employees should refrain from insulting their companies on social media due to the threat of termination for cause; however, there are contradictory legal principles that apply to the use of social media by employees which can be used both for and against employees (i.e. freedom of speech, right to privacy, data protection laws, an employer’s right to take disciplinary action, public insult offense, etc.) As a consequence, there is uncertainty as to whether an employer can use its employees’ postings made on social media websites to sanction them.

As illustrated by the following decisions, French case law remains divided on the issue of an employer’s right to sanction employees for social media postings. In two recent decisions, French courts ruled that employees posting insulting comments about their employers on a social media website could be terminated for fault and also fined for the offense of public insult. One decision was rendered by a Criminal Court and the other by a Labor Court of Appeals. A third decision, however, issued a different ruling under similar facts.

In the first decision, a union member posted a message on the Facebook wall of the union of his company, where he insulted the company and his supervisor. The employer not only decided to suspend his contract but also to file a complaint against him for public insult which is an offense. The Criminal Court of Paris ruled in a decision dated January 17, 2012 that all the elements of the infraction were met and the employee was fined €500, as well as a symbolic €1 of damages to the company and his supervisor. In justifying its decision, the Criminal Court explained that the comments posted exceeded the limits of acceptable criticism, including when they are expressed in a union context.

In the second decision, a company dismissed an employee for posting insulting comments about her company on the social networking “wall” of a former employee’s who had been terminated for fault. The Court of Appeals of Besançon ruled in a decision dated November 15, 2011 that the employer was entitled to use the comments posted by its employee as a basis for dismissal. The court reasoned that on the one hand Facebook’s purpose was to be a social network and on the other hand, the employee had not checked prior to posting if the “wall” of her friend was set to be displayed only to her friends. As a consequence, the comments posted on the social media site could not be considered private conversations or correspondences.

On the same day, however, the Court of Appeal of Rouen held that the dismissal for fault of an employee who posted negative comments about his superiors was without cause because it was not evidenced that the posts could be read by people other than the “friends” of the employee. In other words, the Court ruled that given the privacy settings of the Facebook employee’s account, the content of her “wall” had to be considered private.

In light of these decisions, French employees have some incentive to check their privacy settings prior to posting on social media platforms. Where privacy settings are not set high enough, employers seem to be entitled to consider employees’ posts as not confidential and therefore use them as evidence to justify termination. In any event, given the legal uncertainty which still exists regarding the use of social media by employees, it is necessary for social media users to keep in mind that there is no certainty of privacy on the Web. 

For those of you who are watching the same legal issues in the United States, the National Labor Relations Board has been grappling with the same issues but under a different body of law.  You can find out more here.

On February 22, 2012, California’s Attorney General, Kamala D. Harris, entered into an agreement with several leading providers of mobile devices and app stores to increase consumer privacy protection for mobile applications or “apps.” Under the agreement’s terms, these companies have agreed to redesign their app stores to provide a location for app developers to display their privacy policies.

California has long taken privacy – including technology-related privacy – seriously. Article 1, Section 1 of the California Constitution recognizes privacy as an inalienable right. California’s Online Privacy Protection Act of 2003 (“CalOPPA”) provides substantial consumer privacy protection by requiring any “operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California” to post a conspicuous privacy policy detailing, for example, the categories of personally identifiable information collected from users and the categories of third-parties with whom the information may be shared.

The two-page Joint Statement of Principles, adopted by Harris and the six leading mobile application platform companies – Apple, Amazon.com, Google, Hewlett-Packard, Microsoft, and Research In Motion (the “Companies”) – reflects an agreement to bring the mobile application industry into compliance with the terms of CalOPPA. Specifically, the Joint Statement sets forth the following principles for apps:

• According to the California AG’s interpretation of CalOPPA, applications that collect personal user data must conspicuously post a privacy policy detailing, clearly and completely, how the application collects, uses, and shares personal data.

This blog post was written by Michelle Arnold, associate in our litigation department.

Whether your six year old has hijacked your iPad again to rediscover the inexplicable joy of flinging birds with a finger activated slingshot or to harness her mighty math powers in the origami-paved streets of Umi City, children are tapping into the spring of entertainment and educational value offered by the mobile applications marketplace. Yet, according to a study issued last week by the Federal Trade Commission “Mobile Apps for Kids: Current Privacy Disclosures are DisAPPointing”, the lack of privacy disclosures in these apps may hint at deeper laden privacy pitfalls which members of the kids app ecosystem may soon have to remedy.

Mobile applications have powerful capabilities to automatically capture a broad range of user information, including a user’s geolocation, phone number, contact list, unique device identifiers, and other information on the mobile device. These capabilities can enhance the user experience, such as in the case of mobile gaming apps where the child’s geolocation allows a child to connect with others playing the same game nearby; however, some user information may be collected for other purposes such as targeted in-app advertising which parents may find less palatable.

Additionally, the FTC will be hosting a public workshop this year on how to provide effective online disclosures, including accessible mobile privacy disclosures.

Litigants navigating the conflict between U.S. discovery obligations and foreign data protection laws have a new ally, the American Bar Association (“the ABA”). The ABA recently passed Resolution 103, which “urges” that:

[W]here possible in the context of the proceedings before them, U.S. federal, state, territorial, tribal and local courts consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data sought in discovery in civil litigation.

The full text of the resolution and accompanying report (the “Report”) can be found here.   In supporting its resolution, the ABA noted that “[l]itigants often face a Hobson’s Choice: violate foreign law and expose themselves to enforcement proceedings that have included criminal prosecution, or choose noncompliance with a U.S. discovery order and risk U.S. sanctions ranging from monetary costs to adverse inference jury instructions to default judgments.” Report at p. 2.   As “U.S. law already provides a clear and workable standard for resolving the conflict” the ABA believes that Courts should give more consideration “to the national interests behind the non-U.S. laws” such that the comity factors are weighed and applied “in a manner that demonstrates respect for those laws and the principles of international comity.” Report at p. 17.

The ABA’s involvement with this issue is particularly timely, as it has recently become apparent that new data analytic technologies have weakened the effectiveness and reliability of anonymization, one of the primary mechanisms available to litigants to navigate cross border discovery conflicts. See e.g., The Practice of Law in the Age of Big Data, Nat. L. J., April 11, 2011.

Despite the apparent strength of this Resolution, it is worth noting that the ABA appears to have watered down the original intended language, restricting its statement to data that is “sought,” i.e. affirmatively requested by an opposing litigant, as compared to the original language, which applied broadly to “data that is subject to preservation, disclosure, or discovery.” The intent of this change is unclear, as the ABA continues to acknowledge that preservation related-activities can, by themselves, run afoul of foreign data protection obligations, even in the absence of actual production or cross-border transfer. Report at p. 12. For example, the European Data Protection Directive, defines regulated “processing” to include mere “storage,” and further provides that data shall be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected.” See Directive 95/46/EC, Articles 1 and 6. Such restrictions can be inconsistent with broad U.S. preservation obligations, and non-compliance would seem to present many of the same risks that are a concern when it comes to cross border data transfer.

Regardless of any limited intent, it is hoped that the ABA’s position will be taken to heart by the judiciary, as litigants in possession of protected data should not have to unnecessarily fear litigating in U.S. Courts.

Privacy and data security issues have become well-recognized concerns for every industry. They are now key issues for every client and attorneys should be familiar with the general privacy principles and laws that apply in order to properly guide clients in any industry. In addition,mobile products and services are more and more prevalent and relied upon by businesses and users. This session will provide an overview of the hottest issues in privacy and security law, including mobile services,…

You know the basics, but you could benefit from discussion of some of the thornier issues in software law practice. How does the America Invents Act impact software? How do you take your client’s software global? Are you up-to-date on the impact privacy law and social media are having on the software business? The faculty first review trends and recent case law, and examine emerging cutting-edge issues. The faculty then discuss some of the classic thorny issues in software licensing and their…

Attorney John H. Lacey of The McCormack Firm will discuss the shifting landscape of pending federal data breach notification legislation. In April, Sony announced that a massive data breach had compromised approximately 100 million customers’ personal information. Notification of these losses to those individuals, and overall response to the data breach, involved a patchwork of at least 46 different state privacy and data breach laws. Congress seems intent on standardizing the notification pr…

This panel will review the 10 hottest topics on internet and privacy law and provide commentary on what an attorney can expect.  Topics covered are:

1. Data breaches
2. Cyber-insurance
3. Privacy developments
4. Mobile devices / geo-location
5. Advertising / marketing developments
6. Social media developments 
7. National Labor Relations Board / employment issues on Facebook, Twitter, and LinkedIn 
8. ICANN expansion of domain names
9. New …

This panel will review the 10 hottest topics on internet and privacy law and provide commentary on what an attorney can expect.  Topics covered are:

1. Data breaches
2. Cyber-insurance
3. Privacy developments
4. Mobile devices / geo-location
5. Advertising / marketing developments
6. Social media developments 
7. National Labor Relations Board / employment issues on Facebook, Twitter, and LinkedIn 
8. ICANN expansion of domain names
9. New …

Privacy laws and regulations are playing an increasingly important role in many kinds of companies and other entities.  Attend this program to hear from the privacy officers at Citizens Bank, TD Banknorth, Oracle America, Iron Mountain, BJs Wholesale Club, Staples, CVS, MIT, and Mass. General Hospital to understand the challenges they face, and how their organizations have addressed them.

The panel of experts will explain how their organizations address privacy law and regulatio…

On June 23rd, the Supreme Court issued an opinion in the case Sorrell v. IMS Health in which the Justices voted 6-3 that a Vermont law restricting the ability of pharmaceutical companies to analyze reports on prescriber behavior and use that information to market branded drugs to doctors violated the First Amendment.

The Vermont prescription drug cost containment provisions (commonly known as the Prescription Confidentiality Law) sought to restrict the ability of firms known as “deta…

Our lives are online.  A lot of what we consider important is online.  What are the legal developments behind our digitized world?  Hear perspectives from both the US and the EU.

Topics:

Jurisdictional   

• Application of EU law to US online company and vice-versa

No matter what industry your clients are in, privacy and data security issues have become well-recognized concerns. They are now key concerns of every client and attorneys need to be familiar with the general privacy principles and laws that apply in order to properly guide clients in any industry. In addition, as the cost and complexity of managing the ever increasing volume of data increases, many companies are considering migrating their services to “the cloud.” This session will provide a…

Virtually all companies are using numerous promotional tools in their marketing, from sweepstakes and skill contests to gift cards, forms of social media and the like. Meanwhile, rapidly changing technologies and related laws have brought about a whole new arena of laws, regulations, as well as cases. Privacy issues are also becoming more complex and require more detailed compliance and close attention to review of marketing materials. Experts in this field will focus on critical issues arisi…

With legislative proposals circulated by Rep. Boucher in May of this year, and Rep. Rush this week, Congress is considering enacting comprehensive privacy legislation that would fundamentally change privacy law in the United States. The impetus for legislation has been rooted in online privacy concerns; however, Congress is considering language that would have a far broader reach, with significant implications for most enterprises that collect, use or disclose personally identifiable informat…

Personal Injury Lawyer Los Angeles – FREE CONSULTATION by Personal Injury Attorney Los Angeles – Legal Defenders, Los Angeles Personal Injury Lawyers – Law Offices of Burg and Brock, who have won over $100 million in verdicts and settlements for clients

Page took 3 seconds to load.