District Court Upholds FTC Data Security Authority

On April 7, U.S. District Judge Esther Salas in New Jersey upheld the Federal Trade Commission’s authority to bring cases against firms for failure to observe reasonable security practices. The FTC has brought over 30 data security cases in the last decade, but the hotel chain Wyndham World challenged that authority in court in 2012 after the FTC brought a case against them. The judge refused to “carve out a data-security exception to the FTC’s authority” to protect consumers, saying Wyndham’s position would “bring us into unchartered territory.” The judge, however, also said her ruling “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked.” The ruling was silent on the merits of the underlying complaint, and Wyndham said it continued to believe that the FTC lacked authority to bring the case.

European Court Rejects Data Retention Mandate

The European Court of Justice (ECJ) ruled today that the 2006 EU directive requiring telecom operators to retain data for two years in invalid. The directive, which was passed as an anti-terrorism measure after the July 7, 2005 London subway and bus terrorist bombings, obliged telecom firms to keep data for two years about customer locations, calls texts and emails. The operators were not obliged to keep the contents of these communications. However, the ECJ still ruled that the directive contravened the EU’s Charter of Fundamental Rights and therefore recommended that the directive be overturned. The directive has been controversial since it was passed and some member states such as Germany have not passed legislation implementing it. The ECJ heard the case in response to complaints from civil society groups about telephone data retention laws in Ireland and Austria. Those laws can now be challenged. Member of the European Parliament and General Data Protection Regulation Rapporteur, Jens Albrecht, welcomed the ruling.

House Committee Ponders Preservation and Reuse of Copyrighted Works

Last week, the House Judiciary Subcommittee on Courts, IP and the Internet held a hearingon Preservation and Reuse of Copyrighted Works. The hearing spanned a wide range of topics, and Committee Chairman Goodlatte (R-VA) expressed interest in several key issues, including digitization in cases of deterioration of works caused by age and decay; the notion that Copyright Act is outdated in the digital age; how to best allow public access to works that may have been abandoned; and technological platforms to connect users and copyright owners. However, there was no uniform view from the six witnesses testifying, nor were there consensus positions demonstrated by committee members. In all, the hearing provided another significant input into the Committee’s ongoing copyright review process. For more information about the hearing and witness testimony, check out the Cmte site.

Recommended Read: The Global War for Internet Governance

Professor Laura DeNardis discussed her book: “The Global War for Internet Governance” at the New America Foundation on April 3. DeNardis book is timely, especially given the Commerce Department’s March 14 decision to privatize the Internet Domain Name Function. She stated that this decision was, in fact, a “big deal.” Brazilian Embassy Minister Counselor Benoni Belli said that as a result of the decision, the atmosphere surrounding the April 23-24 Internet Governance “Netmundial” conference in Sao Paulo is much better. Briefly, the management of the Internet’s root zone file will be transferred from ICANN and Verisign to a multistakeholder body as early as 2015 when the ICANN/Versign contracts with the Department of Commerce lapse. There are conditions though, chiefly that whatever model emerges supports and enhances the multistakeholder approach. DeNardis supports “multistakeholderism,” although she cautioned that the multistakeholder approach is not the answer to every Internet Governance challenge.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.