US-EU Safe Harbor Deadline Passes Without A New Data Transfer Deal

According to The New York Times, United States (US) and European Union (EU) officials were unable to reach an agreement on an updated International Safe Harbor agreement before the January 31st deadline. The agreement covered how digital data (i.e. social media content, financial data, etc..) could be transferred between the continents.

The Safe Harbor Agreement that was implemented in 2000 between the US and EU contained principles that allowed companies (i.e. tech companies and other multi-national companies) to comply with EU data protection laws when moving data from Europe to the United States.  US companies that process and/or store individuals' data may self certify that they adhere to 7 principles that comply with the EU's data protection laws.

The 7 principles include:  notice, choice, onward transfer, security, data integrity, access, and enforcement.  The initial Safe Harbor agreement was meant to be an interim agreement; however, it lasted approximately 15 years.  A couple of years ago, EU and US regulators began negotiating an updated agreement to take into account how technology has changed over the years. Last October, before a new agreement was finalized, the current one was invalidated by the European Court of Justice via a compliant from Austrian privacy advocate Max Schrems.  Mr. Schrems gained publicity several years ago for his privacy advocacy that was highlighted in the documentary Terms and Conditions May Apply when he demonstrated how much data Facebook was collecting about each of its EU users.  

Now that the deadline has passed, what comes next?  According to The New York Times, the sides still have a lot of details to work out. Therefore, until a formal announcement is made it is premature to speculate on the next step.  As I told LAW360 the other day, businesses need certainty regarding transatlantic data transfers and if an agreement is not forthcoming companies will need a Plan B. 

If consumer groups file complaints as The New York Times indicated may occur, these issues may need to be adjudicated via the courts. At this point, uncertainty is the status quo and this may create unintended service disruptions for companies that transfer digital data between the continents. My hope is that an agreement is reached sooner rather than later that is flexible enough to account for future technology changes.  

Copyright 2016 by The Law Office of Bradley S. Shear, LLC All rights reserved.

How Much Is Your Data Worth To Facebook?

Facebook recently released its fourth quarter 2015 earnings and it demonstrated that the social media giant is hitting its stride.  It made an average of $3.73 off each of its users around the world.  However, in the United States and Canada, it made an average of $13.54 off each of its users.

What do these figures mean exactly?  Well, it demonstrates that there is value in the information you provide to Facebook in exchange to utilize their service.  Therefore, every time you provide Facebook information about your personal life (i.e. date of birth, marital status, kids, etc...), upload a photo, "like" a corporate page, etc...that is data that may be sold to data brokers, advertisers, and others.  There is tremendous value in your personal information.

Due to Facebook's very troubling privacy policy and data usage practices, I don't trust the platform with my personal data and/or my family's information.  I have limited personal information on my Facebook account with intentionally misleading content to protect my family's personal privacy and safety.  Your Facebook account may create tremendous legal problems for yourself and put you and your family's personal safety at risk so the value of your data should be a wake up call.

If someone wants to get in touch with me they can call me or email me.  Those who want to say hello know that poking me via Facebook will not get my attention.  It never has and never will.

Copyright 2016 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Ex-St. Louis Cardinals Scouting Director To Plead Guilty To Hacking

Accessing the digital accounts of others without their authorization may destroy your career and lead to prison.  Last year, the FBI began investigating the St. Louis Cardinals because it was alleged that one or more of their employees may have hacked into the Houston Astros internal computer network. 

According to The Wall Street Journal, Chris Correa, the former director of scouting at the St. Louis Cardinals plans to plead guilty to 5 of 12 hacking charges.  Soon after the investigation became public, Correa's employment with the Cardinals was terminated.  Why did Crorrea illegally access the Houston Astros internal network?  It appears that it was done for competitive reasons (i.e. money-winning the World Series can be very lucrative for an organization and its employees). 

Computer crimes is a growing industry and it will only increase as companies put their intellectual "crown jewels" in the cloud.  Therefore, it is imperative for companies to train their employees about cbyersecurity, cybercrime, and privacy to ensure their employees understand what they can and cannot do online.  Ignorance may lead to personal criminal penalties and corporate legal and financial liability. 

Copyright 2016 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Will Twitter's New Rules Lead To An NRA Account Suspension?

In order to post to most websites and social media platforms you click "I agree" to their terms of service.  In many instances the terms provide platform owners great flexibility on how to deal with visitors to their websites.  In other words, if you want to play in their sandbox you need to agree to their rules.

Earlier this week, The Washington Post reported that Twitter changed its rules at the end of last year in an attempt to limit harassment.  In particular, Twitter's new rules state:     

Any accounts and related accounts engaging in the activities specified below may be temporarily locked and/or subject to permanent suspension.

• Violent threats (direct or indirect): You may not make threats of violence or promote violence, including threatening or promoting terrorism.
• Harassment: You may not incite or engage in the targeted abuse or harassment of others. Some of the factors that we may consider when evaluating abusive behavior include:
• if a primary purpose of the reported account is to harass or send abusive messages to others;
• if the reported behavior is one-sided or includes threats;
• if the reported account is inciting others to harass another account; and
• if the reported account is sending harassing messages to an account from multiple accounts.
• Hateful conduct: You may not promote violence against or directly attack or threaten other people on the basis of race, ethnicity, national origin, sexual orientation, gender, gender identity, religious affiliation, age, disability, or disease. We also do not allow accounts whose primary purpose is inciting harm towards others on the basis of these categories.

Earlier today, The New York Daily News reported that an NRA controlled Twitter account tweeted a message with the photos of two Brooklyn state lawmakers with bullets next to their photos.  This Tweet appears to have been in reaction to new legislation announced that would limit ammo purchases in the state of New York.  Does the Tweet referenced in The New York Daily News violate Twitter's new rules? 

Last year, the U.S. Supreme Court in Elonis v. United States stated that mens rea (intent) was required to be proven under 18 U.S.C. § 875(c) of the U.S. Code (federal law).  While the Elonis case focused on criminal prosecutions, it doesn't affect whether Twitter or other websites can make their own rules on how people may interact on their platforms.  Therefore, Twitter may at its own discretion decide to suspend the referenced account.

Copyright 2016 by The Law Office of Bradley S. Shear, LLC All rights reserved.