Today, the Senate passed legislation—the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865)— that would give law enforcement and victims much-needed legal tools to prosecute online traffickers and rogue websites.  SIIA congratulates Congress for its bicameral, bipartisan effort to enable full prosecution of those involved in sex trafficking, but we remain concerned about the potential unintended outcomes of any legislation that limits critical internet speech protections provided under Section 230 of the Communications Decency Act (CDA 230). CDA 230 enables many platforms and websites work closely with law enforcement, partner with other companies and outside groups to share signals of illegal activity, particularly acts of human trafficking.  It has also become common among large internet platforms to invest in new technologies, such as machine learning, to proactively police and moderate content.  Over decades, CDA 230 has pr ...

A piece in DigiDay yesterday draws attention to the fact that publishers are at risk under the draft ePrivacy Regulation under consideration in Brussels. At this time, the draft Regulation is in a state of flux, and the outcome is hard to know, with a possible tightening of the current requirements on cookies. Under the current ePrivacy Directive, often referred to as the “Cookie Directive” publishers merely need to get consent, by having readers click a box that they consent to the use of cookies.  As the DigiDay article points out, the new regulation could empower browsers to play more of a gatekeeper role, which is one of several possible outcomes. SIIA has been active in highlighting the problems for European policymakers.  On July 1, 2016, we filed comments arguing that the proposal should not be extended to software and digital content publishers and over-the-top-content providers, who would continue to be regulated under the more flexible rules of th ...

Does the EU’s right to be forgotten extend to the whole world?  The French data protection authority, CNIL, says yes and wants search engines to delist search results which contain information that violates the European Union’s right to be forgotten – not just for French users, not just for European users, but for all users everywhere. Google is prepared to remove offending search results for European users, but balks at removing material globally just because European courts find that it violates European privacy rules. 

In a March 30, 2017 opinion piece, “Don’t trade away data protection,” two leading Members of the European Parliament, Viviane Reding and Jan-Phillip Albrecht, suggest “strengthening data protection safeguards in the General Exception (known as GATS XIV) and E-Commerce chapters, and removing necessity and consistency tests.”  The idea behind the proposal is to make absolutely certain that the General Data Protection Regulation (GDPR) and perhaps other parts of the EU privacy acquis could not be successfully challenged as inconsistent with an affirmative cross-border data flow obligation.  This is a topic SIIA will comment on again in the coming months, likely in a longer form Issue Brief.  This blog discusses the proposal to remove the necessity test.

Technology companies are increasingly challenged by requests by law enforcement to access data stored outside the U.S. This issue came to a head in July 2016, when the Second Circuit Court of Appeals ruled against the U.S. Government in the case Microsoft v. United States, stating that the government cannot compel Microsoft, or other companies, to turn over customer emails stored on servers outside the United States.  The Department of Justice (DOJ) is expected to appeal this decision, and various other cases are making their way through the courts.

Last week, President Trump signed a congressional resolution to roll back the Federal Communication Commission’s (FCC) broadband privacy rules adopted in 2016.  The response has been a loud outcry that privacy on the internet is dead.  On the contrary, the vast majority of the internet is still under substantial regulation by the Federal Trade Commission (FTC).

In a significant ruling, earlier this month, the European Court of Justice ruled that an individual’s privacy interest in limiting the disclosure of personal information does not generally override the interest in public disclosure about company officials. The ruling protects the public interest in transparency about governance of public companies; preserves the capacity of stock holders to assess companies accurately and protect their legal rights with respect to them; and reaffirms the legitimacy of data processor access to personal information in public data bases about companies.

This week, Japan’s highest court dismissed a man’s demand that internet search results of his arrest in a child prostitution case be removed under the right to be forgotten.

SIIA’s TechChats provides a look into some of the most successful executives in our industry. Hear how many of them got to where they are today, what is shaping their businesses and the industry today, and special advice they would give to others trying to grow a successful company.

Several years ago, SIIA and the Future of Privacy Forum (FPF) worked together with a number of Ed Tech companies to develop a Student Privacy Pledge, a voluntary effort by the industry to commit to good privacy practices regarding their collection and use student data.  President Obama endorsed the pledge and it has been instrumental in guiding the development of state student privacy legislation toward protecting privacy while fostering the use of student information for fulfilling the educational needs of students.  Recently, we marked the milestone of 300 companies signing on to the pledge.  This week, however, the Electronic Frontier Foundation (EFF) issued an attack on the pledge as containing loopholes in its fine print. Specifically, EFF takes issue with the definition of “student personal information” in the Pledge and the fact that the pledge only covers “school service providers.” These concerns are largely unfounded and ill-informed ...