While most of the country was thinking about the Memorial Day weekend, the U.S. Department of Justice released its policy guidance on domestic use of unmanned aircraft systems. According to The Hill, the new DOJ policy is based upon a presidential memorandum that outlined some of the civil liberty issues inherent with drone usage.
Drones and other new and exciting technologies are here to stay. However, there are significant privacy, surveillance, and other civil liberty issues that must be balanced when utilizing these new tools. My hope is that we have a robust national conversation on these issues and create sound public policy, and when needed draft the proper regulations and/or enact well-balanced laws to ensure that we can effectively deal with the societal consequences.
Drones have many positive uses in our society; however, we must understand the legal and public policy challenges inherent with their deployment. The DOJ's policy guidance is a starting point for this conversation.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Sunday, May 24, 2015
Saturday, May 23, 2015
Instagram Photos Show Slip and Fall Lawsuit Against NYC Is Frivolous
Taking photos and sharing them digitally is so easy. However, just because it is, that doesn't mean you should do so. In Silicon Valley, the term "frictionless sharing" was coined to describe the ability to make it as simple as possible to share your personal content with others via the Internet and apps.
Technology companies make billions of dollars per year in advertising revenue due to frictionless sharing. This capability is so important to the monetary viability of many digital companies that some of them recently spent millions of dollars lobbying Congress to weaken the Video Privacy Protection Act to make it easier for consumers to share their video viewing habits with others. While Silicon Valley may promote this change as providing more "consumer choice", others may believe this revision has diminished important privacy protections.
Just because you have the ability to take a photo or a video doesn't mean you should do so and share it digitally. Having the skills to understand when not to share is very important in the Social Media Age. In general, I advise many clients not share their personal content digitally unless it is in furtherance of their professional career.
The latest person who has not mastered the skill of when not to share appears to be Rev. Al Sharpton's daughter Dominique Sharpton. According to The New York Post's analysis of Ms. Sharpton's personal Instagram account she has "a lot of explaining to do." Ms. Sharpton is suing the City of New York for $5 million dollars because she allegedly injured her angle on a Soho sidewalk. I am highly skeptical of this claim because it appears that on her personal Instagram account she has posted photos of herself climbing mountains in the U.S. and overseas.
Ms. Sharpton's Instagram account photos do not appear to demonstrate that she has a $5 million dollar claim against the New York City. According to The New York Post, New York City has ordered Ms. Sharpton to preserve her photos because they appear to contradict the claims in her complaint against the City. If the photos on Ms. Sharpton's Instagram account are authenticated, the City of New York may take legal action against her because it appears that her legal complaint is deficient due to a "failure to state a claim."
The bottom line is be careful what you post because it may create tremendous legal liability for you and/or others.
UPDATE: According to The New York Post, Ms. Sharpton has made her social media accounts "private". In light of all of the media coverage regarding this matter, Ms. Sharpton's latest move further demonstrates her $5 million dollar legal claim against the City of New York appears to be frivolous.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Technology companies make billions of dollars per year in advertising revenue due to frictionless sharing. This capability is so important to the monetary viability of many digital companies that some of them recently spent millions of dollars lobbying Congress to weaken the Video Privacy Protection Act to make it easier for consumers to share their video viewing habits with others. While Silicon Valley may promote this change as providing more "consumer choice", others may believe this revision has diminished important privacy protections.
Just because you have the ability to take a photo or a video doesn't mean you should do so and share it digitally. Having the skills to understand when not to share is very important in the Social Media Age. In general, I advise many clients not share their personal content digitally unless it is in furtherance of their professional career.
The latest person who has not mastered the skill of when not to share appears to be Rev. Al Sharpton's daughter Dominique Sharpton. According to The New York Post's analysis of Ms. Sharpton's personal Instagram account she has "a lot of explaining to do." Ms. Sharpton is suing the City of New York for $5 million dollars because she allegedly injured her angle on a Soho sidewalk. I am highly skeptical of this claim because it appears that on her personal Instagram account she has posted photos of herself climbing mountains in the U.S. and overseas.
Ms. Sharpton's Instagram account photos do not appear to demonstrate that she has a $5 million dollar claim against the New York City. According to The New York Post, New York City has ordered Ms. Sharpton to preserve her photos because they appear to contradict the claims in her complaint against the City. If the photos on Ms. Sharpton's Instagram account are authenticated, the City of New York may take legal action against her because it appears that her legal complaint is deficient due to a "failure to state a claim."
The bottom line is be careful what you post because it may create tremendous legal liability for you and/or others.
UPDATE: According to The New York Post, Ms. Sharpton has made her social media accounts "private". In light of all of the media coverage regarding this matter, Ms. Sharpton's latest move further demonstrates her $5 million dollar legal claim against the City of New York appears to be frivolous.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, May 22, 2015
Adult Sex Website Hacked, Personal Data At Risk
The Internet and apps may be utilized for many productive and interesting activities. For example, users and companies may engage in Business to Business (B to B), Business to Consumer (B to C) commerce, general digital marketing/branding, etc.... However, some of the most popular digital activities include viewing porn and cheating on one's spouse.
In 2013, The Huffington Post reported that porn sites receive more traffic than Netflix, Amazon, and Twitter combined. Internet porn is ingrained in popular culture. Who can forget Avenue Q's catchy number, "The Internet is For Porn"? In addition to porn, many people utilize the Internet and apps to cheat on their spouses and significant others. For example, near the area where I live and work (in Bethesda), cheating website Ashleymadison.com ranked the Washington, DC area #1 for usage for the third year in a row. This distinction is nothing to brag about.
What many people may not realize is that when utilizing a website or app to find a sexual partner, you create a digital trail that puts your personal information at risk. For example, a married pastor in Michigan was recently exposed while utilizing a "hook up" app. He uploaded photos of himself and other personal information that appears to have led to his identification.
CNN is reporting that the website Adultfriendfinder.com was hacked in March and this incident appears to have exposed the personal information of millions of users. The data leaked may include very intimate details about users. The information exposed may be utilized to destroy personal lives, professional careers, and/or blackmail users.
The bottom line is that when using the Internet and apps it is very important to be cautious about the data you upload. To protect your personal privacy and safety (and your family's), its imperative to limit the personal information that you post about yourself and your family.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
In 2013, The Huffington Post reported that porn sites receive more traffic than Netflix, Amazon, and Twitter combined. Internet porn is ingrained in popular culture. Who can forget Avenue Q's catchy number, "The Internet is For Porn"? In addition to porn, many people utilize the Internet and apps to cheat on their spouses and significant others. For example, near the area where I live and work (in Bethesda), cheating website Ashleymadison.com ranked the Washington, DC area #1 for usage for the third year in a row. This distinction is nothing to brag about.
What many people may not realize is that when utilizing a website or app to find a sexual partner, you create a digital trail that puts your personal information at risk. For example, a married pastor in Michigan was recently exposed while utilizing a "hook up" app. He uploaded photos of himself and other personal information that appears to have led to his identification.
CNN is reporting that the website Adultfriendfinder.com was hacked in March and this incident appears to have exposed the personal information of millions of users. The data leaked may include very intimate details about users. The information exposed may be utilized to destroy personal lives, professional careers, and/or blackmail users.
The bottom line is that when using the Internet and apps it is very important to be cautious about the data you upload. To protect your personal privacy and safety (and your family's), its imperative to limit the personal information that you post about yourself and your family.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Sunday, May 3, 2015
DOJ Will Be More Transparent About Secret Cell Phone Tracking
The U.S. Department of Justice (DOJ) has stated that it will soon become more transparent about its secret cell phone tracking program. According to The Wall Street Journal, "the Federal Bureau of Investigation has begun getting search warrants from judges to use the devices, which hunt criminal suspects by locating their cellphones, the officials said. For years, FBI agents didn’t get warrants to use the tracking devices."
This change in behavior is welcome news. Law enforcement should be required to obtain a warrant before deploying these technologies. Police across the country have utilized devices sometimes called stingrays without a warrant thousands of times to collect information about cell phone users for years. The usage of these technologies on American soil appears to have started around 2007 and according to published reports is widespread across the country.
In a democratic and free society, it is imperative for law enforcement to be transparent about their practices. Even though there may be security concerns regarding being too transparent about some of the details of these programs, the usage of these technologies without a warrant is a clear violation of our Fourth Amendment rights.
While I applaud the DOJ's decision to change its practice and now obtain a warrant before deploying these tools what triggered the change in policy? In 2014, the Supreme Court in Riley v. California ruled 9-0 that the police generally need a warrant to search electronic devices of those who are arrested. The DOJ's policy should have been updated right after this ruling occurred and not almost a year later.
The bottom line is that privacy still matters in the Digital Age and that transparency and accountability are more important than ever due to the increased sophistication of digital surveillance tools.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
This change in behavior is welcome news. Law enforcement should be required to obtain a warrant before deploying these technologies. Police across the country have utilized devices sometimes called stingrays without a warrant thousands of times to collect information about cell phone users for years. The usage of these technologies on American soil appears to have started around 2007 and according to published reports is widespread across the country.
In a democratic and free society, it is imperative for law enforcement to be transparent about their practices. Even though there may be security concerns regarding being too transparent about some of the details of these programs, the usage of these technologies without a warrant is a clear violation of our Fourth Amendment rights.
While I applaud the DOJ's decision to change its practice and now obtain a warrant before deploying these tools what triggered the change in policy? In 2014, the Supreme Court in Riley v. California ruled 9-0 that the police generally need a warrant to search electronic devices of those who are arrested. The DOJ's policy should have been updated right after this ruling occurred and not almost a year later.
The bottom line is that privacy still matters in the Digital Age and that transparency and accountability are more important than ever due to the increased sophistication of digital surveillance tools.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, May 1, 2015
Facebook Threatens European Regulators Over Stronger Privacy Laws
In a very troubling development that shows Facebook's true colors, one of its corporate executives stated that if European regulators continue to scrutinize Facebook's data collection and utilization practices its citizens will not be provided certain features in a timely manner. This veiled threat to European regulators demonstrates that the EU is on the right track in questioning the data privacy policies and practices of Facebook and other Internet companies.
Manufacturers of cars and heavy machinery, pharmaceutical companies, banks, chemical companies, etc.. are required to follow appropriate safety regulations in Europe and around the world. Data collection and usage laws are nothing more than safety regulations and it is time for Facebook and the entire digital ecosystem to get on board with regulations that will enhance user trust of their platforms.
An Austrian class action lawsuit about Facebook's data usage practices, the ongoing Netherlands privacy regulator investigation into Facebook's activities, and the possibility that Europe will enact stronger data protection laws that will provide greater regulatory tools to protect citizens from some of Facebook's troubling data collection and usage practices appears to worry the company. These developments demonstrate the importance of baking privacy into your platform's design and the need for Facebook to change its data collection and usage practices and its policies.
The bottom line is that data privacy is a safety issue. My hope is that U.S. lawmakers and regulators soon follow Europe's lead in understanding that unfettered data collection and usage is a clear and present danger to its citizens and that more robust privacy laws are a must in the Big Data Age.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Manufacturers of cars and heavy machinery, pharmaceutical companies, banks, chemical companies, etc.. are required to follow appropriate safety regulations in Europe and around the world. Data collection and usage laws are nothing more than safety regulations and it is time for Facebook and the entire digital ecosystem to get on board with regulations that will enhance user trust of their platforms.
An Austrian class action lawsuit about Facebook's data usage practices, the ongoing Netherlands privacy regulator investigation into Facebook's activities, and the possibility that Europe will enact stronger data protection laws that will provide greater regulatory tools to protect citizens from some of Facebook's troubling data collection and usage practices appears to worry the company. These developments demonstrate the importance of baking privacy into your platform's design and the need for Facebook to change its data collection and usage practices and its policies.
The bottom line is that data privacy is a safety issue. My hope is that U.S. lawmakers and regulators soon follow Europe's lead in understanding that unfettered data collection and usage is a clear and present danger to its citizens and that more robust privacy laws are a must in the Big Data Age.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, April 30, 2015
U.S. Student Digital Data Privacy and Parental Rights Act of 2015 Introduced
On April 29, 2015, Representatives Luke Messer and Jared Polis introduced the bipartisan Student Digital Privacy and Parental Rights Act of 2015. According to The New York Times, "the bill would prohibit operators of websites, apps and other online
services for kindergartners through 12th graders from knowingly selling
students’ personal information to third parties; from using or
disclosing students’ personal information to tailor advertising to them;
and from creating personal profiles of students unless it is for a
school-related purpose."
The legislation is modeled after California's SB 1177, (the "Student Online Personal Information Protection Act") which Education Week hailed as a "landmark" student data privacy law. The federal Student Digital Privacy and Parental Act of 2015 is a positive piece of legislation that would help better protect the personal privacy and safety of students around the country. The fact that some members of the ed-tech industry are wary of the bill demonstrates the potential effectiveness of the legislation.
This bill is sorely needed because as Education Week reported last year, some ed-tech vendors such as Google have been caught intentionally misleading parents about their data mining and privacy practices. For example, exactly 1 year ago today, Google promised to stop scanning student emails and other digital content for advertising purposes.
Unfortunately, Google's promise to better protect personal student data has fallen woefully short since its troubling consumer privacy policy still covers its education offerings and this policy clearly allows it to data mine and profile students on its Google Apps For Education platform. For example, Google's promise to stop data mining students does not extend to Google + or YouTube since neither platform is considered a Google Apps "Core Service".
A former IT policy director at Cornell recently authored an eye opening research paper about Google's troubling profiling and data mining practices which is a must read for school administrators, parents, and educators. Unfortunately, Google is not the only ed-tech company with weak privacy policies and practices. Politico and others have also called out Khan Academy for its data mining and profiling practices of students.
Earlier this year, I advocated for my home state of Maryland to enact a similar student privacy bill which was also modeled after California's SB 1177. I was very troubled to witness Facebook and Google (here is a link to the hearing where you will see that the representatives of these companies were actively trying to thwart passage of robust student privacy protections) advocate for amendments to gut the bill's privacy protections for our children.
My hope is that Facebook, Google, etc... realize that their continued refusal to accept appropriate limits on student data collection, processing, and usage will continue to make parents suspicious about their motives for providing educational technology tools. These companies are two of the largest advertising entities in the world and their actions so far clearly demonstrate that they want access to personal student data for marketing purposes.
The following national education groups have already voiced support for the federal Student Digital Data Privacy and Parental Rights Act of 2015:
Its time for the entire ed-tech industry to support the Student Digital Data Privacy and Parental Rights Act of 2015. Embracing enhanced digital privacy protections for our students will signal to parents that the industry can be trusted to protect our children's personal information.
As a parent, I want my children to be able to utilize the latest and greatest digital education platforms; however, until stronger privacy laws are enacted I have little confidence that all school technology vendors will make my children's personal privacy and safety a priority. Therefore, I challenge Facebook, Google, and every other ed-tech company and organization that advocated to weaken Maryland's Student Data Privacy Act of 2015 to do the right thing and support this bill as drafted.
UPDATE May 1, 2015: The White House has announced that it supports the new bill. In a blog post, The White House stated: "[w]e are pleased to see Representatives Luke Messer (R-IN) and Jared Polis (D-CO) answer the President’s State of the Union call to enact new protections for K-12 students’ data to ensure that classrooms can embrace technology with confidence.
Introduced yesterday, The Student Digital Privacy and Parental Rights Act is an important bipartisan step, building upon existing momentum from industry leaders committed to ensuring educational data is not misused by providers or third parties, and carrying the strong endorsement of privacy advocates, the private sector, and associations representing parents and educators."
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
The legislation is modeled after California's SB 1177, (the "Student Online Personal Information Protection Act") which Education Week hailed as a "landmark" student data privacy law. The federal Student Digital Privacy and Parental Act of 2015 is a positive piece of legislation that would help better protect the personal privacy and safety of students around the country. The fact that some members of the ed-tech industry are wary of the bill demonstrates the potential effectiveness of the legislation.
This bill is sorely needed because as Education Week reported last year, some ed-tech vendors such as Google have been caught intentionally misleading parents about their data mining and privacy practices. For example, exactly 1 year ago today, Google promised to stop scanning student emails and other digital content for advertising purposes.
Unfortunately, Google's promise to better protect personal student data has fallen woefully short since its troubling consumer privacy policy still covers its education offerings and this policy clearly allows it to data mine and profile students on its Google Apps For Education platform. For example, Google's promise to stop data mining students does not extend to Google + or YouTube since neither platform is considered a Google Apps "Core Service".
A former IT policy director at Cornell recently authored an eye opening research paper about Google's troubling profiling and data mining practices which is a must read for school administrators, parents, and educators. Unfortunately, Google is not the only ed-tech company with weak privacy policies and practices. Politico and others have also called out Khan Academy for its data mining and profiling practices of students.
Earlier this year, I advocated for my home state of Maryland to enact a similar student privacy bill which was also modeled after California's SB 1177. I was very troubled to witness Facebook and Google (here is a link to the hearing where you will see that the representatives of these companies were actively trying to thwart passage of robust student privacy protections) advocate for amendments to gut the bill's privacy protections for our children.
My hope is that Facebook, Google, etc... realize that their continued refusal to accept appropriate limits on student data collection, processing, and usage will continue to make parents suspicious about their motives for providing educational technology tools. These companies are two of the largest advertising entities in the world and their actions so far clearly demonstrate that they want access to personal student data for marketing purposes.
The following national education groups have already voiced support for the federal Student Digital Data Privacy and Parental Rights Act of 2015:
- AASA, the School Superintendents Association
- International Society for Technology in Education
- National Association of Elementary School Principals
- National Association of Secondary School Principals
- National Education Association
- National PTA
- State Educational Technology Directors Association
Its time for the entire ed-tech industry to support the Student Digital Data Privacy and Parental Rights Act of 2015. Embracing enhanced digital privacy protections for our students will signal to parents that the industry can be trusted to protect our children's personal information.
As a parent, I want my children to be able to utilize the latest and greatest digital education platforms; however, until stronger privacy laws are enacted I have little confidence that all school technology vendors will make my children's personal privacy and safety a priority. Therefore, I challenge Facebook, Google, and every other ed-tech company and organization that advocated to weaken Maryland's Student Data Privacy Act of 2015 to do the right thing and support this bill as drafted.
UPDATE May 1, 2015: The White House has announced that it supports the new bill. In a blog post, The White House stated: "[w]e are pleased to see Representatives Luke Messer (R-IN) and Jared Polis (D-CO) answer the President’s State of the Union call to enact new protections for K-12 students’ data to ensure that classrooms can embrace technology with confidence.
Introduced yesterday, The Student Digital Privacy and Parental Rights Act is an important bipartisan step, building upon existing momentum from industry leaders committed to ensuring educational data is not misused by providers or third parties, and carrying the strong endorsement of privacy advocates, the private sector, and associations representing parents and educators."
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Monday, April 27, 2015
Supreme Court to Hear Major Data Privacy and Digital Reputation Case
According to the Associated Press, the Supreme Court announced today that it will decide whether digital platforms "that collect personal data can be sued for publishing inaccurate
information even if the mistakes don’t cause any actual harm." A Virginia resident sued Spokeo.com (an Internet company that compiles alleged publicly available data on people and lets
subscribers view the information, including address, age, marital status, economic health, etc...) because it listed inaccurate information about him and he claims it damaged his job prospects. The plaintiff lost in federal district court; however the 9th U.S. Circuit Court of Appeals reversed and found that Spokeo had violated the Fair Credit Reporting Act (FCRA).
This is a very interesting case because of the importance of one's digital reputation. Should companies such as Spokeo and others that acquire and re-purpose information about people be required to authenticate the accuracy of the data they publish? If so, how should authentication occur?
In the Digital Age, what does actual harm mean? How does one know if actual harm has occurred? Do prospective employers, colleges, financial firms, insurance companies, etc.. always tell applicants they were denied an offer because of data found online at Spokeo or another digital platform?
Should companies that compile data on users/consumers and provide this information to others for a fee be regulated as a consumer reporting agency under FCRA? Recently, a judge in California found that LinkedIn was not a consumer reporting agency under the definition of FRCA. Despite this one court's ruling, are companies such as Spokeo, Facebook, Google, LinkedIn, etc... avoiding being regulated under FCRA because of an outdated definition of a consumer reporting agency?
Facebook has agreements in place that enable it to send all your personal information (i.e. personal feelings indicated, posts, photos, friend connections, likes, etc...) to data brokers and this information may be utilized against you when applying for a job, insurance, etc... Google scans your emails, calendars, cloud drive, etc... for behavioral advertising and who knows what other purposes. Does some of Facebook's and Google's activities fall under FCRA and if not should they?
The bottom line is that due to the importance of digital reputation stronger regulations are needed to protect our privacy. Spokeo advertises itself as the "leading people search platform using proprietary technology to organize information into comprehensive yet easy-to-understand online profiles;" Google states its "mission is to organize the world’s information and make it universally accessible and useful;" and Forbes has stated Facebook "moves to become the world's most powerful data broker."
If these companies acts like data brokers should they also be regulated as them as well? We may soon find out how the Supreme Court views data privacy and digital reputation in the Digital Age.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
This is a very interesting case because of the importance of one's digital reputation. Should companies such as Spokeo and others that acquire and re-purpose information about people be required to authenticate the accuracy of the data they publish? If so, how should authentication occur?
In the Digital Age, what does actual harm mean? How does one know if actual harm has occurred? Do prospective employers, colleges, financial firms, insurance companies, etc.. always tell applicants they were denied an offer because of data found online at Spokeo or another digital platform?
Should companies that compile data on users/consumers and provide this information to others for a fee be regulated as a consumer reporting agency under FCRA? Recently, a judge in California found that LinkedIn was not a consumer reporting agency under the definition of FRCA. Despite this one court's ruling, are companies such as Spokeo, Facebook, Google, LinkedIn, etc... avoiding being regulated under FCRA because of an outdated definition of a consumer reporting agency?
Facebook has agreements in place that enable it to send all your personal information (i.e. personal feelings indicated, posts, photos, friend connections, likes, etc...) to data brokers and this information may be utilized against you when applying for a job, insurance, etc... Google scans your emails, calendars, cloud drive, etc... for behavioral advertising and who knows what other purposes. Does some of Facebook's and Google's activities fall under FCRA and if not should they?
The bottom line is that due to the importance of digital reputation stronger regulations are needed to protect our privacy. Spokeo advertises itself as the "leading people search platform using proprietary technology to organize information into comprehensive yet easy-to-understand online profiles;" Google states its "mission is to organize the world’s information and make it universally accessible and useful;" and Forbes has stated Facebook "moves to become the world's most powerful data broker."
If these companies acts like data brokers should they also be regulated as them as well? We may soon find out how the Supreme Court views data privacy and digital reputation in the Digital Age.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, April 21, 2015
U.S. Government Ethics Office Releases Personal Social Media Usage Standards
Earlier this month, the U.S. Office of Government Ethics (OGE) released its Standards of Conduct as Applied to Personal Social Media Usage. The standards are as follows:
1. Use of Government Time and Property
This requirement limits the amount of time employees may access their personal social media accounts while working on government business (i.e. while on the job). In addition, supervisors may not order or ask a subordinate to work on their (the supervisor's) personal social media accounts.
2. Reference to Government Title or Position & Appearance of Official Sanction
This requirement prohibits employees from using their official titles, position, or any authority associated with their government employment for personal gain. This rules implies that in certain situations it may be a best practice to post a "clear and conspicuous disclaimer" that the content on one's personal social media account is not sanctioned or endorsed by the government.
3. Recommending and Endorsing Others on Social Media
Government employees may recommend others on social media platforms such as LinkedIn. However, in my opinion, supervisors and subordinates should be very careful when endorsing each other on digital platforms because it may create potential legal issues in the future.
4. Seeking Employment through Social Media
Those seeking employment via digital platforms must conform with all applicable laws and regulations. Therefore it is imperative to know and understand all rules and regulations when utilizing social media for employment purposes.
5. Disclosing Nonpublic Information
Employees are prohibited from disclosing non-public information on digital platforms to further their personal interests or the personal interests of others. The World War II adage, "Loose lips sink ships" is alive and well in the Social Media Age so use caution when posting information online.
6. Personal Fundraising
Employees are permitted to utilize personal digital accounts to fund raise for non-profit charitable organizations as long as they comply with all appropriate federal rules. For example, employees should not personally solicit funds from subordinates or prohibited sources.
7. Official Social Media Accounts
Employees who are authorized to utilize official social media accounts must comply with all applicable laws, rules, regulations, policies, directives, etc...
OGE may issue updates from time to time so it is best to utilize caution when participating in social media. The bottom line is when in doubt don't post online.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
1. Use of Government Time and Property
This requirement limits the amount of time employees may access their personal social media accounts while working on government business (i.e. while on the job). In addition, supervisors may not order or ask a subordinate to work on their (the supervisor's) personal social media accounts.
2. Reference to Government Title or Position & Appearance of Official Sanction
This requirement prohibits employees from using their official titles, position, or any authority associated with their government employment for personal gain. This rules implies that in certain situations it may be a best practice to post a "clear and conspicuous disclaimer" that the content on one's personal social media account is not sanctioned or endorsed by the government.
3. Recommending and Endorsing Others on Social Media
Government employees may recommend others on social media platforms such as LinkedIn. However, in my opinion, supervisors and subordinates should be very careful when endorsing each other on digital platforms because it may create potential legal issues in the future.
4. Seeking Employment through Social Media
Those seeking employment via digital platforms must conform with all applicable laws and regulations. Therefore it is imperative to know and understand all rules and regulations when utilizing social media for employment purposes.
5. Disclosing Nonpublic Information
Employees are prohibited from disclosing non-public information on digital platforms to further their personal interests or the personal interests of others. The World War II adage, "Loose lips sink ships" is alive and well in the Social Media Age so use caution when posting information online.
6. Personal Fundraising
Employees are permitted to utilize personal digital accounts to fund raise for non-profit charitable organizations as long as they comply with all appropriate federal rules. For example, employees should not personally solicit funds from subordinates or prohibited sources.
7. Official Social Media Accounts
Employees who are authorized to utilize official social media accounts must comply with all applicable laws, rules, regulations, policies, directives, etc...
OGE may issue updates from time to time so it is best to utilize caution when participating in social media. The bottom line is when in doubt don't post online.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Monday, April 20, 2015
Twitter Quietly Updates Its Terms of Service
According to Mashable, Twitter quietly updated its Terms of Service on Friday in anticipation of new European Data Protection (privacy) laws. Unfortunately for U.S. users, Twitter's new terms apply to international and not U.S. based users.
An Irish subsidiary was chosen as the location for international user data because it has a reputation for less Internet related regulations. In other words, other European countries have different beliefs in how data should be protected. In my opinion, many of Ireland's Internet related regulatory positions are based purely upon economic reasons.
Less regulations may mean more economic development. For example, I live and work in Montgomery County, Maryland and it has an unfavorable regulatory reputation compared to multiple Northern Virginia counties. Therefore, Fortune 500 companies are more willing to relocate and open subsidiaries in the "business friendly" climate of Virginia.
In general, social media companies are not platforms that are built with privacy by design in mind. The services provided by Twitter, Facebook, Google, etc... were created to data mine users for behavioral advertising purposes (don't believe any co-founder who states they wanted to make the world a better place, etc....). Therefore, I do not trust these platforms to handle any sensitive or confidential information/communication.
The European Union is working on stronger data protection regulations because it understands the dangers inherent when companies engage in unfettered collection and data mining of personal information. It is expected that Europe will enact stronger data protection laws sometime later this year. My hope is that the U.S. will follow the EU's lead in trying to create a more private, less discriminatory, and non-monopolistic digital data future.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
An Irish subsidiary was chosen as the location for international user data because it has a reputation for less Internet related regulations. In other words, other European countries have different beliefs in how data should be protected. In my opinion, many of Ireland's Internet related regulatory positions are based purely upon economic reasons.
Less regulations may mean more economic development. For example, I live and work in Montgomery County, Maryland and it has an unfavorable regulatory reputation compared to multiple Northern Virginia counties. Therefore, Fortune 500 companies are more willing to relocate and open subsidiaries in the "business friendly" climate of Virginia.
In general, social media companies are not platforms that are built with privacy by design in mind. The services provided by Twitter, Facebook, Google, etc... were created to data mine users for behavioral advertising purposes (don't believe any co-founder who states they wanted to make the world a better place, etc....). Therefore, I do not trust these platforms to handle any sensitive or confidential information/communication.
The European Union is working on stronger data protection regulations because it understands the dangers inherent when companies engage in unfettered collection and data mining of personal information. It is expected that Europe will enact stronger data protection laws sometime later this year. My hope is that the U.S. will follow the EU's lead in trying to create a more private, less discriminatory, and non-monopolistic digital data future.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, April 16, 2015
Fox News Settles 9/11 Social Media Copyright Lawsuit
According to The Hollywood Reporter, Fox News has confidentially settled its 9/11 photo social media lawsuit. The case commenced soon after September 11, 2013 because Fox News' "Justice with Judge Jeanine" posted on Facebook the iconic photo of three firefighters raising the American flag at the ruins of the World Trade Center without obtaining permission from the copyright holder.
Copyright issues are becoming more challenging in the Social Media Age. However, its important to read and understand the terms of service and privacy policy of each platform. For example, when utilizing Facebook, "you grant us [Facebook] a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). Since I don't like these terms I don't post personal photos to my Facebook account.
News organizations must be very careful about monetizing the photographs they see online without obtaining a proper license. For example, in 2013 a jury awarded a photojournalist $1.2 million dollars after Agence France-Presse and Getty Images (and others) utilized photos he posted on Twitter regarding the 2010 Haiti earthquake without obtaining the proper licenses from him.
The bottom line is that when posting and re-posting content online it is important to understand copyright law issues.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Copyright issues are becoming more challenging in the Social Media Age. However, its important to read and understand the terms of service and privacy policy of each platform. For example, when utilizing Facebook, "you grant us [Facebook] a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). Since I don't like these terms I don't post personal photos to my Facebook account.
News organizations must be very careful about monetizing the photographs they see online without obtaining a proper license. For example, in 2013 a jury awarded a photojournalist $1.2 million dollars after Agence France-Presse and Getty Images (and others) utilized photos he posted on Twitter regarding the 2010 Haiti earthquake without obtaining the proper licenses from him.
The bottom line is that when posting and re-posting content online it is important to understand copyright law issues.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, April 15, 2015
European Commission: Google's Conduct Infringes on Antitrust Rules
The European
Commission (EC) has sent a Statement of
Objections (i.e. a formal complaint) against Google for violating European
antitrust laws. In particular, the EC alleges Google
“has
abused its dominant position in the markets for general internet search
services in the European Economic Area (EEA) by systematically favouring its
own comparison shopping product in its general search results pages. The Commission's preliminary view is that
such conduct infringes EU antitrust rules because it stifles competition and
harms consumers.”
According to the EC’s press release, it has also “formally opened a separate antitrust investigation into Google's conduct [regarding] the mobile operating system Android. The investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”
According to the EC’s press release, it has also “formally opened a separate antitrust investigation into Google's conduct [regarding] the mobile operating system Android. The investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”
These announcements have come after an
almost five
year investigation into Google’s European business practices. The EC has tried three times
to settle this matter to no avail. New EC
Competition Commissioner Margrethe Vestager, reinvigorated the investigation last year when her office requested additional information from
various Internet vendors of online services to determine if consumers have been
harmed by Google’s behavior and to figure out if Google has utilized its
dominant market position to illegally hinder competition.
The EC’s investigation
appears to have picked up momentum after The Wall Street Journal
recently obtained a confidential 2012 U.S. Federal Trade Commission (FTC) report where key staff recommended suing Google for antitrust
violations after finding real harm to consumers and innovation. While the FTC report focused on Google’s U.S.
behavior, the company most likely acted in a similar fashion in the European
Union where it controls more than 90%
of the Internet search market.
Since the EC opened its antitrust
investigation into Google, the company has paid 100s of millions of dollars in fines
and settlements due to illegal behavior. For example, in 2011 it paid a $500 million fine
for knowingly accepting illegal advertisements from Canadian pharmacies. Subsequently, it has paid multiple million
dollar fines in the United States
and in Europe for
privacy violations in connection with its Street View data collection project, the
deceptive privacy practices in Google's roll out of its Buzz social network, its
2012 privacy policy change, and the Safari hack incident.
Illegally abusing market position in
Internet search (and/or other areas) is intertwined with data collection,
usage, and privacy issues because in order to receive the most relevant search
results to a search query a search engine must be able to access and process
voluminous amounts of data very quickly.
For years, 90% to 96% of
Google’s revenue has come from advertising which means it is dependent upon being
able to obtain massive amounts of personal information at a low cost to feed
its behavioral advertising machine.
Data dominance also appears to be a growing
concern of the EC. For
example, Commissioner Vestager recently stated that she’s
studying the U.S.’s “stringent approach to dealing with personal data as a means
to payment” in its review of deals. This
appears to signal that regulators are beginning to understand that personal and
corporate data issues are intertwined with antitrust matters.
The
EC’s announcement that it has also opened up an investigation into whether
Google has entered into anti-competitive agreements and/or abused its dominant
position in regards to its Android operating system demonstrates that it wants
to ensure that consumers are not harmed and that innovation is not stifled by
illegal market activities in the growing mobile space. Last year, The Wall Street Journal and The
Information reported that Google’s confidential Android agreements have been
“increasing the number of Google apps that must be pre-installed on [each
Android] device to as many as 20, placing more Google apps on the home screen
or in a prominent icon folder and making Google Search more prominent.”
Google’s
Android contract requirements are very troubling when comparing them to Microsoft’s pre-2002 agreements
with PC vendors which “required
PC manufacturers to bundle and promote the Internet Explorer Web browser and
other software in prominent locations on the computer screen.” Therefore,
it doesn’t surprise me that the EC is investigating whether Google’s Android agreements violate antitrust law.
This enforcement action and
the announcement of another investigation into Google’s other market activities demonstrates
the need for users of its services to carefully read their contracts with Google and
be familiar with their terms of service and troubling world-wide privacy
policy. Google's terms and privacy policy allows for unfettered data mining and profiling of consumer,
education, corporate, and government data. Multiple European Data Protection Authorities have already fined Google for its privacy practices and
ordered Google to change it privacy policy; unfortunately that has had virtually
no effect on its market behavior.
Today’s European Commission
announcement is the first step in what may be a long drawn out legal process,
which in theory could lead to a fine up to $6.4 billion dollars
and require Google to change some of its business practices. As a long time Google user, my hope is that
Google soon begins to once again abide by its corporate motto by
not being “evil”.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, April 9, 2015
Facebook faces new class action privacy lawsuit in Austria
A new class action lawsuit has been filed against Facebook in Austria by privacy advocate Max Schrems. The lawsuit alleges that Facebook has breached EU privacy law due to its privacy practices and involvement in the NSA’s Prism program.
Max Schrems has been a thorn in Facebook's side for years. He appeared in the documentary "Terms and Conditions May Apply" a couple of years ago where he discussed the data and metadata Facebook had collected on him and others. Schrems has been advocating against Facebook's data collection practices for years so it will be interesting to follow this case.
According to The Guardian, Schrems is also fighting to stop security services from gaining access to his personal data held by Facebook and other technology firms. One of the best ways to stop Facebook and other technology firms from gaining access to his personal data without going through the proper legal channels in his home country is to support U.S. legislation such as the LEADS Act which I have previously discussed.
The bottom line is that fighting for privacy takes a tremendous amount of time and resources. Class action lawsuits along with new legislation are some of the arrows in the quiver that may be utilized to better protect our personal privacy and safety. Its imperative that an international framework on how to resolve the digital privacy challenges of our times is created to ensure that these issues are provided the necessary attention.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Max Schrems has been a thorn in Facebook's side for years. He appeared in the documentary "Terms and Conditions May Apply" a couple of years ago where he discussed the data and metadata Facebook had collected on him and others. Schrems has been advocating against Facebook's data collection practices for years so it will be interesting to follow this case.
According to The Guardian, Schrems is also fighting to stop security services from gaining access to his personal data held by Facebook and other technology firms. One of the best ways to stop Facebook and other technology firms from gaining access to his personal data without going through the proper legal channels in his home country is to support U.S. legislation such as the LEADS Act which I have previously discussed.
The bottom line is that fighting for privacy takes a tremendous amount of time and resources. Class action lawsuits along with new legislation are some of the arrows in the quiver that may be utilized to better protect our personal privacy and safety. Its imperative that an international framework on how to resolve the digital privacy challenges of our times is created to ensure that these issues are provided the necessary attention.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, April 1, 2015
Maryland's Student Data Privacy Act of 2015 Is Needed
The Internet and broadband access has led to many innovations in how we teach our children. During the past 10 years, K-12 schools have implemented new and exciting technologies that will help students learn and be prepared for life inside and outside of the workforce. Unfortunately, privacy law has not kept up with the technology that is being utilized by our schools because the primary student privacy law, the Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 and it has not been updated to account for all of the new digital activities and metadata that is being created by students on school contracted digital platforms.
Due to the well balanced approach that HB 298 takes, I
am asking for your support of this legislation as it passed in the House of
Delegates."
Earlier today, I testified again on behalf of a Maryland bill (HB 298) that would help better protect students' digital privacy without hampering educational technology companies with burdensome regulations. Maryland's HB 298 is based upon California's landmark Student Online Personal Information Protection Act (SOPIPA or SB 1177). I testified with the sponsor of the bill along with other advocates and some of my written testimony is as follows:
"House Bill 298 as passed by the House of Delegates is a
positive piece of legislation that will help protect the personal privacy and
safety of Maryland students and their families.
Three federal privacy statutes address student information that may be collected
by and from schools: The Family
Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy
Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA).
FERPA was enacted in 1974 when student records were housed
in filing cabinets. This statute is
essentially a confidentiality law designed to protect student paper
records. Forty years ago, schools didn’t
have personal computers and Internet access.
FERPA was not designed to protect digital student information. COPPA focuses on the online collection of
personal information directly from children younger than 13 years old without
parental consent. The PPRA primarily
address the use of certain types of data collected from in-school surveys as
well as some marketing activities.
FERPA covers “educational records” such as transcripts that
were originally kept in a school principal or central district office. The statute specifically carves out an
exemption for “directory information” such as a student’s name, address, date
of birth, telephone number, age, sex, and weight. This 1974 definition of “educational records”
and the directory information exclusion no longer makes sense in 2015. Much of the data gathered and utilized by
electronic based services is outside the scope of FERPA’s existing definition.
As an example, the metadata gathered from a learning app
used by a child in school is not considered an “educational record” and would
not be protected by FERPA. Under FERPA,
the app maker and other third parties such as digital advertising networks may
utilize the information obtained from our children’s use of school contracted online
digital technologies. This data which
may include information regarding health, sexual orientation, religion, race,
etc… may then be utilized by third parties to discriminate against our children
when they apply to colleges, for jobs, insurance, etc…
Absent stronger privacy protections for online student
content, our children’s privacy will be compromised and innovative learning
tools and educational technologies will face increased parent skepticism and
opposition. HB 298 as passed by the
House of Delegates helps assuage parent’s fears while not stifling industry
innovation. HB 298 is modeled after
California’s widely applauded Student Online Personal Information Act (SOPIPA)
that has been called a “landmark” student data privacy bill by the highly
regarded K-12 focused publication Education Week.
Google and Facebook's representatives were lobbying to add amendments that would gut the bill's privacy protections for our children. Behind the scenes, these two companies appeared to be not just the two primary opponents of this bill but of other similar bills around the country (watch/listen to the testimony). Google's behavior is not surprising since it has been caught by Politico spending hundreds of thousands of dollars to lobby against privacy bills that would better protect the personal privacy of students and their families around the country. Facebook's participation in this process appears to demonstrate that it wants to enter the education market. Due to Facebook's agreements with data brokers and its troubling privacy practices and policies, student data should not be entrusted on their platform.
The bottom line is that if you care about student privacy and cyber safety, our laws need to catch up with the technology that is being deployed. To support Maryland's Student Data Privacy Act of 2015 please reach out to the senators on the Education, Health & Environmental Affairs Committee to voice your support.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, March 24, 2015
Radio Shack's Proposed Sale Of Customer Data Violates Its Privacy Policy
Radio Shack is on life support and will soon no longer exist in its current format. Its unfortunate that a store I grew up going to with my grandfather will soon be out of business. Its last great hurrah was its awesome Super Bowl ad that brought back its glory days from the 1980's.
Radio Shack is losing so much money that it has resorted to selling one of its most prized assets. Its customers' personal information. What is most disturbing is that despite its long stated privacy promise that "[w]e will not sell or rent your personally identifiable information to anyone at any time," this promise may be ignored in bankruptcy court.
Last year, an educational technology company ConnnectEDU tried to sell the millions of records it had accumulated on young children and the FTC stepped in and fought to require it to honor its privacy promises. My hope is that the FTC joins Texas regulators in fighting to protect Radio Shack's customers' personal information. Personally Identifiable Information is extremely valuable and its a very positive step that regulators are beginning to understand the importance of requiring companies to honor their privacy commitments to its customers or users.
I don't want data brokers to learn about all of the cool things I use to make with my late grandfather. Its none of their damn business!
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Radio Shack is losing so much money that it has resorted to selling one of its most prized assets. Its customers' personal information. What is most disturbing is that despite its long stated privacy promise that "[w]e will not sell or rent your personally identifiable information to anyone at any time," this promise may be ignored in bankruptcy court.
Last year, an educational technology company ConnnectEDU tried to sell the millions of records it had accumulated on young children and the FTC stepped in and fought to require it to honor its privacy promises. My hope is that the FTC joins Texas regulators in fighting to protect Radio Shack's customers' personal information. Personally Identifiable Information is extremely valuable and its a very positive step that regulators are beginning to understand the importance of requiring companies to honor their privacy commitments to its customers or users.
I don't want data brokers to learn about all of the cool things I use to make with my late grandfather. Its none of their damn business!
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Monday, March 23, 2015
New York Times Facebook Content Deal Is A Threat To Personal Privacy
The New York Times is one of the world's most respected news organizations and one of the most popular destinations for news on the Internet. However, I was dismayed to read in The New York Times that it may strike a deal to house some of its content inside Facebook.
This is a very troubling development for not just the media landscape but also for the freedom of thought and expression. The ramifications of this potential deal will erode the privacy of The New York Times' readers and it will enable data brokers and their clients to create richer profiles of those who read the paper via Facebook due to Facebook's troubling deal with multiple data brokers.
When a New York Times reader utilizes Facebook to access articles, this information will be sent to Facebook's data broker partners who will insert this content into a user's digital dossier. This data may be utilized by banks, insurance companies, employers, etc... to discriminate against people for reading about certain topics. For example, when someone reads a lot of articles about their race, sexual orientation, health issue, religion, etc.. this data will be tracked and a data broker may provide it to one of their clients who may utilize it to decide on whether a reader is a good fit for a job.
While ad networks and other digital tracking platforms already combine every digital morsel about users they can find, being able to track users from their personal Facebook account creates a new level of data purity that from a privacy standpoint is very troubling. I don't want data brokers to be able to track everything that I read on The New York Times and combine that information with other personal characteristics about myself.
Due to Facebook's troubling privacy policy and practices, I do not utilize it for personal communications and I have no plans on doing so in the future. I urge The New York Times and others who may be thinking about hosting their content on Facebook to think about these important privacy issues before finalizing any deal that may harm their users' in unanticipated ways.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
This is a very troubling development for not just the media landscape but also for the freedom of thought and expression. The ramifications of this potential deal will erode the privacy of The New York Times' readers and it will enable data brokers and their clients to create richer profiles of those who read the paper via Facebook due to Facebook's troubling deal with multiple data brokers.
When a New York Times reader utilizes Facebook to access articles, this information will be sent to Facebook's data broker partners who will insert this content into a user's digital dossier. This data may be utilized by banks, insurance companies, employers, etc... to discriminate against people for reading about certain topics. For example, when someone reads a lot of articles about their race, sexual orientation, health issue, religion, etc.. this data will be tracked and a data broker may provide it to one of their clients who may utilize it to decide on whether a reader is a good fit for a job.
While ad networks and other digital tracking platforms already combine every digital morsel about users they can find, being able to track users from their personal Facebook account creates a new level of data purity that from a privacy standpoint is very troubling. I don't want data brokers to be able to track everything that I read on The New York Times and combine that information with other personal characteristics about myself.
Due to Facebook's troubling privacy policy and practices, I do not utilize it for personal communications and I have no plans on doing so in the future. I urge The New York Times and others who may be thinking about hosting their content on Facebook to think about these important privacy issues before finalizing any deal that may harm their users' in unanticipated ways.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Subscribe to:
Posts (Atom)