The Carpenter Decision

The Supreme Court has issued this year’s most important ruling on privacy in Carpenter v. United States. It is a major development in privacy law, laying the foundation for an interpretation of the Fourth Amendment that protects against generalized government surveillance by electronic means. Together with United States v. Jones, it brings Fourth Amendment jurisprudence into the… Read More

Privacy is Everybody’s Business (Or Needs to Be)

It’s been a whirlwind few weeks since GDPR came into effect, and it seems that many people are learning about privacy rights for the first time. Plenty of them are making data subject access or deletion requests, including against the biggest players in the market. Even though there were years’ worth of stories about data… Read More

Why the LabMD Case is So Important

Yesterday, the Eleventh Circuit Court of Appeals issued a long-awaited ruling in a case called LabMD v. FTC.  Followers of the case will tell you that it has been, to put it mildly, an interesting saga, and it hits on the biggest data related issues of the past fifteen years.  The ruling has serious implications for… Read More

Lessons from Facebook and Fortnite

The news just has not been kind to Facebook the last three months. First the Cambridge Analytica scandal breaks, then the company runs those wrong-footed commercials (“Sorry for selling access to your data and, you know, for stuff like Brexit“), and now comes the revelation that the apologies needed to go much deeper. Despite an… Read More

The Three Pillars of GDPR – Consistency (No. 3)

And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive.  The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws.  Now, we’ll all start to learn what the… Read More

The Three Pillars of GDPR – Security (No. 2)

There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday.  We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More

The Three Pillars of GDPR – Transparency (No. 1)

Two years ago, when the European Commission approved the GDPR and set an effective date for May 25, 2018, I thought “that is such a long time to wait.”  It was a choice out of keeping with American legislative methods, where Congress passes a law and maybe gives an effective date of the following January 1, but… Read More

GDPR Countdown – Two Weeks to Go

As we roll into the final two weeks of our countdown, we’re going to take something of a step back and look at issues more broadly. Yesterday, we discussed Google’s AI, and how we’re all going to be living in the Duplex, as it were. I am (clearly) pretty hung up on this, and have… Read More

“OK Google – Is this Legal?”

Machine learning and artificial intelligence are the “it” buzzwords of mid-2018, and even after our short attention spans turn to something else, the concepts behind the words will continue to evolve. Everyone talks about Skynet and the inevitable rise of our robot overlords, and most of the time they’re joking (other than when they show our friends the Boston… Read More