Photo of Ariana Goodell

China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” went into effect on November 1, 2018. It is the latest regulation passed by China’s Ministry of Public Security that executes China’s Cybersecurity Law, which took effect in June of last year. The regulation gives China’s Public Security Bureaus (PSBs) broad

San Francisco voters will decide on November 6, 2018, whether to enact the city’s “Privacy First Policy” that intends to protect the personal information of residents and visitors from misuse by companies doing business in San Francisco. The policy builds upon the California Consumer Privacy Act passed in June 2018, which gives consumers various rights,

California’s new privacy law, the California Consumer Privacy Act of 2018 (AB 375), will go into effect on January 1, 2020. The law expands privacy rights, provides California consumers with more control over the personal information that businesses collect on them, and includes civil penalties and statutory damages for noncompliance. While the new privacy law

In preparation for the EU’s General Data Protection Regulation (GDPR), which comes into effect May 25, Facebook announced it is launching a range of new privacy tools in an effort to “put people in more control over their privacy.” Interestingly, last week Mark Zuckerberg clarified that he intends to implement Europe’s GDPR across its entire global network of users, not just those located in the EU. Presumably, this global policy would make it possible for all Facebook users to exercise their data rights, including the potential for users to restrict Facebook processing their personal data if they believe their data is being misused.

“Overall I think regulations like this are very positive,” Zuckerberg stated on a conference call with reporters. “We intend to make all the same controls available everywhere, not just in Europe.” Zuckerberg noted that “Is it going to be exactly the same format? Probably not. We’ll need to figure out what makes sense in different markets with different laws in different places. But let me repeat this, we’re going to make all the same controls and settings available everywhere, not just in Europe.”
Continue Reading Facebook announces plan to implement GDPR globally

Three bipartisan Senate bills are up for consideration in Congress that would attempt to modernize the legal standards under which the U.S. government can access communications electronically stored by email service providers and cloud computing companies.

The proposed bills, introduced July 27, 2017, each provide a different scheme in updating the Electronic Communications Privacy Act (ECPA), which has been criticized for being woefully outdated, given the rise of the Internet of Things and how people currently share, store, and use information. Accordingly, many have publicly called for Congress to completely overhaul the Reagan-era statute.

Current Framework: The ECPA

Although ECPA has undergone amendment since its passage in 1986, the most scrutinized aspects of the law, such as those related to email retention, remain unchanged from when it was passed more than 30 years ago.

ECPA currently requires law enforcement officials to obtain a warrant in order to access data less than 180 days old. A warrant requirement is a strict legal standard, requiring that any request be supported by probable cause – a reasonable suspicion of criminal activity based on articulable facts.

However, if the data is more than 180 days old, ECPA considers those older communications to be abandoned, and therefore not subject to a reasonable expectation of privacy. Thus, law enforcement officials are entitled to access those emails and other electronic communications without a warrant.  Instead, government officials need only issue a subpoena for the information or obtain a court order.
Continue Reading ECPA Reform Legislation on the Horizon (Again)