MediaTech Law

By MIRSKY & COMPANY, PLLC

PII at the Center of RadioShack Bankruptcy Auction and Mediation

Posted July 6, 2015 by Rob Ellis 0

A recent New York Times article highlights the disconnect between a company’s privacy policy and the disclosure of user data when the company is sold. According to the Times, while a company, like Hulu, declares that it “respects your privacy”, should the company go up for sale, user names, birth dates, email addresses and unique subscriber information can be made available to the highest bidder. Often it is this very information that can be of most value to a struggling or defunct company. This very issue played out recently with the bankruptcy of RadioShack, the electronics retail store founded in 1921, and the recent sale of its brand.

The now-bankrupt RadioShack reached a mediated agreement with U.S. states on May 14th over the sale of customer data, which barred the transfer of personal customer information; limited the number of emails to be included in the sale; and provided opt-out mechanisms to customers prior to transfer.

New York-based Standard General purchased 1,750 RadioShack stores and trademark and intellectual property, out of bankruptcy. The sale included personal customer information provided by customers to RadioShack over many years, including email addresses, postal addresses and phone numbers.

Read More

Targeted Election Ads: New Frontier in Political Advertising

Posted March 19, 2015 by Roman Vayner 0

The next U.S. President won’t be sworn in for almost two years, but the jostling and positioning among likely candidates has already begun. When candidates consider how to reach potential voters, an increasingly sophisticated weapon in their arsenal will be targeted advertising to reach voters in-between commercial breaks of their favorite TV shows. These “addressable ads” allow advertisers – in this case political campaigns – to pay content providers, such as satellite networks, to reach specific homes. Addressable ads present a sharp departure from previous eras of political advertising that used a “shotgun approach” to appeal to as many potential voters as possible, regardless of demographics, previous political affiliation, or likelihood of voting.

Satellite television providers DirecTV and DISH Network have already embraced this technology by selling data about subscribers’ individual viewing habits to campaigns. Subscriber data are initially anonymized, but with addresses intact, and then matched to the addresses on voter-registration and canvassing databases. According to a USA Today report, once the targeted households are selected, the satellite provider sends the addressable ads to the home’s digital video recorder (DVR), and the ad airs in the next available commercial slot as part of whatever programming the customer is watching. After the ad plays, the remainder of the user’s TV show continues unaffected until the next ad slot opens.

Read More

Please Don’t Take My Privacy (Why Would Anybody Really Want It?)

Posted October 22, 2012 by Andrew Mirsky 0

Legal issues with privacy in social media stem from the nature of social media – an inherently communicative and open medium. A cliché is that in social media there is no expectation of privacy because the very idea of privacy is inconsistent with a “social” medium. Scott McNealy from Sun Microsystems reportedly made this point with his famous aphorism of “You have zero privacy anyway. Get over it.”

But in evidence law, there’s a rule barring assumption of facts not in evidence. In social media, by analogy: Where was it proven that we cannot find privacy in a new communications medium, even one as public as the internet and social media?

Let’s go back to basic principles. Everyone talks about how privacy has to “adapt” to a new technological paradigm. I agree that technology and custom require adaptation by a legal system steeped in common law principles with foundations from the 13th century. But I do not agree that the legal system isn’t up to the task.

All you really need to do is take a wider look at the law.

Privacy writers talk about the law of appropriation in privacy. The law of appropriation varies from state to state, though it is a fairly established aspect of privacy law.

Read More

SaaS: Software License or Service Agreement? Start with Copyright

Posted July 16, 2012 by Andrew Mirsky 0

SaaS, short for “Software as a Service”, is a software delivery model that grants users access to a program while the software itself and its accompanying data are stored off-site, on a vendor’s (or another third party’s) servers.  A user accesses the program via the internet, and the access is provided as a service.  Hence … “Software as a Service”.

In terms of user interface functionality, a SaaS service – typically accessed via a subscription model – is identical to a traditional software model in which a user purchases (or more typically, licenses) a physical copy of the software for installation on and access via the user’s own computer.  And in enterprise structures, the software is installed on an organization’s servers and accessed via dedicated “client” end machines, under one of many client-server setups.  In that sense, SaaS is much like the traditional client-server enterprise model where servers in both cases will likely be offsite, the difference being that SaaS servers are owned and managed by the software owner.  The “cloud” really just refers to the invisibility of the legal and operational relationship of the servers to the end user, since even in traditional client-server structures servers might very likely be offsite and accessed only via internet.

Read More

Privacy: Consent to Collecting Personal Information

Posted April 4, 2012 by Andrew Mirsky 0

Gonzalo Mon writes in Mashable that “Although various bills pending in Congress would require companies to get consent before collecting certain types of information, outside of COPPA, getting consent is not a uniformly applicable legal requirement yet. Nevertheless, there are some types of information (such as location-based data) for which getting consent may be a good idea.  Moreover, it may be advisable to get consent at the point of collection when sensitive personal data is in play.”

First, what current requirements – laws, agency regulations and quasi-laws – require obtaining consent, even if not “uniformly applicable”?

1. Government Enforcement.  The Federal Trade Commission’s November 2011 consent decree with Facebook user express consent to sharing of nonpublic user information that “materially exceeds” user’s privacy settings.  The FTC was acting under its authority under Section 5 of the FTC Act against an “unfair and deceptive trade practice”, an authority the FTC has liberally used in enforcement actions involving not just claimed breaches of privacy policies but also data security cases involving managing of personal data without providing adequate security.

2. User Expectations Established by Actual Practice.  The mobile space offers some of the most progressive (and aggressive) examples of privacy rights seemingly established by practice rather than stated policy.  For example, on the PrivacyChoice blog, the CEO of PlaceIQ explained that “Apple and Android have already established user expectations about [obtaining] consent.  Location-based services in the operating system provide very precise location information, but only through a user-consent framework built-in to the OS.  This creates a baseline user expectation about consent for precise location targeting.”  (emphasis added)

Read More

Privacy For Businesses: Any Actual Legal Obligations?

Posted March 19, 2012 by Andrew Mirsky 0

For businesses, is there an obligation in the United States to do anything more than simply have a privacy policy?  The answer is not much of an obligation at all.

Put another way, is it simply a question of disclosure – so long as a business tells users what it intends to do with their personal information, can the business pretty much do anything it wants with personal information?  This would be the privacy law equivalent of the “as long as I signal, I am allowed to cut anyone off” theory of driving.

Much high-profile enforcement (via the Federal Trade Commission and State Attorneys General) has definitely focused on breaches by businesses of their own privacy statements.  Plus, state laws in California and elsewhere either require that companies have privacy policies or require what types of disclosures must be in those policies, but again focus on disclosure rather than mandating specific substantive actions that businesses must or must not take when using personal information.

As The Economist recently noted in its Schumpeter blog, “Europeans have long relied on governments to set policies to protect their privacy on the internet.  America has taken a different tack, shunning detailed prescriptions for how companies should handle people’s data online and letting industries regulate themselves.”   This structural (or lack of structural) approach to privacy regulation in the United States can also been seen – vividly – in legal and business commentary that met Google’s recent privacy overhaul.  Despite howls of displeasure and the concerted voices of dozens of State Attorneys General, none of the complaints relied on any particular violations of law.  Rather, arguments (by the AGs) are made about consumer expectations in advance of consumer advocacy, as in “[C]onsumers may be comfortable with Google knowing their search queries but not with it knowing their whereabouts, yet the new privacy policy appears to give them no choice in the matter, further invading their privacy.”

Again, there’s little reliance on codified law because, for better or worse, there is no relevant codified law to rely upon.  Google, Twitter and Facebook have been famously the subjects of enforcement actions by the states and the Federal Trade Commission, and accordingly Google has been careful in its privacy rollout to provide extensive advance disclosures of its intentions.

As The Economist also reported, industry trade groups have stepped in with self-regulatory “best practices” for online advertising, search and data collection, as well as “do not track” initiatives including browser tools, while the Obama Administration last month announced a privacy “bill of rights” that it hopes to move in the current or, more realistically, a future Congress.

This also should not ignore common law rights of privacy invasion, such as the type of criminal charges successfully brought in New Jersey against the Rutgers student spying on his roommate.   These rights are not new and for the time being remain the main source of consumer recourse for privacy violations in the absence of meaningful contract remedies (for breaches of privacy policies) and legislative remedies targeted to online transactions.

More to come on this topic shortly.

Read More

Dirty Needle: Tattoo Parlor Sues Competitor for Defamation

Posted November 9, 2011 by Kate Tummarello 0

Two dueling tattoo parlors down the road from one another in Mobile, Alabama. It could be the premise of a TLC reality show.  It’s not (yet) a TV show, but it IS a court case recently decided by the Alabama Court of Civil Appeals. In September, that court ruled in favor of Chassity Ebbole, owner of “LA Body Art” tattoo parlor in Mobile, who had sued the owners of the competing “Demented Needle” tattoo shop for libel and wrongful invasion of privacy.

Ebbole claimed that Demented Needle owner Paul Averette had been telling customers and others that Ebbole’s shop used equipment infected with diseases such as Hepatitis C and HIV, claiming also that Averette had told the world that Ebbole had infected herself.

Read More

Update: Privacy for Mobile Apps – The Limits of Transparency

Posted September 8, 2011 by Kate Tummarello 0

In June of this year, Senator Al Franken (D. Minn.) introduced the “Location Privacy Protection Act of 2011” (S. 1223).  According to the bill summary available on Franken’s website, a 2010 investigation by the Wall Street Journal revealed that 47 of the top 101 mobile applications for Apple iPhones and Google Android phones disclose user location without consent of the user.

According to Franken’s bill summary, current law prevents disclosure of user location during telephone calls without user consent. Currently, no similar legislation protects user location when a user accesses information through a mobile web browser or mobile application. Franken claims that his bill will close loopholes in the Electronic Communications Privacy Act that allow for this distinction.

If S. 1223 passes, companies will be required to obtain permission not only to collect mobile user location information but also to share that information with third parties. Additionally, the bill seeks to put in place measures to prevent stalking through location information.

As of this writing, Franken’s bill has been assigned to the Senate Judiciary Committee and is being cosponsored by Sens. Blumenthal, Coons, Durbin, Menendez, and Sanders.

Original Post (published 9/8/2011)

When was the last time you read a license agreement after installing software or downloading an app on your smartphone? If you’re like most people, the answer is probably never.

According to some estimates, fewer than 8 percent of us actually read the entirety of those agreements, despite rising concerns about digital privacy and data collection.

Read More

Podcast #9: App Development Legal Issues: Open Source, Copyright, API Terms of Use and More

Posted May 6, 2011 by Andrew Mirsky 0


Today, we will discuss the business and, particularly, the legal landscape faced by application (App) developers dealing with mobile platforms (iOS, Android and Blackberry being dominant), including dealing with application interfaces (APIs) when developing based on existing applications, and, of course, client relationships.

I am joined today by Liz Steininger, co-founder of Tapangi Consulting and project manager in the DC Government’s Office of the Chief Technology Officer.  Tapangi Consulting specializes in mobile and HTML5 application development as well as content management.  Liz is also an active member of the DC Tech community and you can find her on Twitter as @liz315.

Some of the issues we discuss today are these:

  • Protecting ideas in early stages of pitching to potential clients.
  • Application developer agreements and API Terms of Use (TOUs).
  • Platform question: As a developer, how do you think about development based on different platform (e.g. Android or iOS or Blackberry) or a specific API?
  • Copyright and “open source” issues, GPL, libraries, use of third-party code.
  • Ownership and Rights Issues
  • Privacy and uses of personal information (PI).

Please click here for the podcast.

Read More

App Developer Legal Issues: API TOUs, Copyright and Trademark

Posted April 21, 2011 by Andrew Mirsky 0

Our Twitter chat last week with technology and entertainment lawyer Joy Butler highlighted legal issues with app development, including contract issues between app developers and clients, on one end, and intellectual property (IP) and API issues between the app and the intended development platform, on the other end.

Privacy issues become pressing later when the app goes public for end users, although the biggest privacy problems tend to arise when app publishers get tripped up by commitments made in their own end user license agreements (EULAs) or privacy policies, more so than from any violations of privacy laws.  More on privacy and the app/API problems in a separate blog post.

Immediate issues are copyright and trademark, both governed by federal laws, but also governed by API terms of use and similar application development agreements with hosting platforms.  Apple’s software developer kits (SDK) for the iPad and iPhone encompass similar purposes as part of broader packages of developer protocols for use of those APIs.

Read More

Podcast #7: Privacy vs. 1st Amendment – Supreme Court case of IMS Health v. Sorrell

Posted March 30, 2011 by Andrew Mirsky 0

 

In January, the Supreme Court agreed to hear arguments in the case of IMS Health v. Sorrell, an appeal of a ruling in November in favor of data aggregator IMS Health by the U.S. Court of Appeals for the 2nd Circuit. The case involves a 2007 Vermont statute, similar to laws in many other states, that prohibits the use, sale and transfer of prescriber-identifiable data (referred to as “PI Data”) for marketing purposes, unless a prescriber (meaning: a physician) opts in to allow use of his or her PI Data. The State of Vermont and its supporters argue that any 1st Amendment challenges to the law by users of the PI Data are sufficiently overcome by substantial privacy interests of doctors and their patients.

To discuss these issues, my guest today is John Verdi, Senior Counsel of the Electronic Privacy Information Center (EPIC).  John and EPIC have filed an amicus brief in the Supreme Court in support of Vermont’s position, and I’ve asked John to join me today to briefly discuss the privacy issues involved.

Please click the link below for the podcast.

Read More

Do Corporations Have Personal Privacy Rights?

Posted March 18, 2011 by Thomas Yarnell 0

Thanks to Andrew Mirsky for contributing research and feedback to this post.

Does a corporation have the same rights as a person?

It really depends on the context. In the context of personal privacy, the answer is no.

In a unanimous ruling this month, the Supreme Court found that corporations are not entitled to the same “personal privacy” rights as individuals under the Freedom of Information Act (FOIA).

After a 2004 investigation by the Federal Communications Commission (FCC) into AT&T’s billing practices, a trade group including AT&T competitors submitted a FOIA request to the FCC seeking records of the inquiry. The FCC protected some of AT&T’s trade secrets and customers’ personal information, but refused AT&T’s request under the personal-privacy exemption in FOIA to protect certain other information.  The FCC ruled that AT&T’s records should be publicly released under FOIA because the company could not claim “personal privacy.”

Read More

Copyright 2022 Mirsky & Company, PLLC