Blog

Legal barriers for drones

Dr. Ursula Widmer

Legal Barriers for Drones

The use of drones for various purposes, such as image recording, surveys, scientific studies, surveillance or transport, is spreading rapidly. However, certain legal barriers must be observed for reasons of security, and protection of privacy and personality rights. The Federal Office for Civil Aviation (FOCA) recently adopted more stricter regulations for the use of drones and model aircraft in order to take better account of the security risks.

(more…)

Read More

Are cookies currently regulated in South Africa?

Olivia Smith & John Giles

What is the cookie law in South Africa? Many people ask because the law relating to cookies is such a big issue in many other countries. Do you need to get a user’s (aka data subject’s) consent before using cookies? Are there any specific regulations?

What are cookies and why are they used?

Cookies are text files transferred from your browser to your computer’s hard drive. They store information about your activity on a browser. Companies worldwide use cookies to monitor customer behavior and to improve interactivity with a website.

You will notice when you search for a specific product, ads relating to that product appear on other sites you visit.  When you log into a website that uses cookies and later re-visit it, the cookies allow the website to ‘remember’ you.

Cookies make your life as a website user much easier because you do not have to log in every time you visit the same page. Your online experiences will be personalized to your preferences. (more…)

Read More

The Right to be Forgotten Tsunami: What Effect for US Companies

Francoise Gilbert

The so-called Right to Be Forgotten or right of erasure (RTBF) has been the subject of much debate and attention since the publication of the Court of Justice of the European Union (CJEU) opinion in May 2014, in the Costeja v. Google case. The CJEU held that, under certain conditions, a European citizen has the right to demand that a search engine remove links to information pertaining to him that is “inaccurate, inadequate, irrelevant, or excessive,” even if the information is truthful.

Since the publication of the CJEU opinion, search engines have been flooded by delisting requests. According to the Google Transparency Report, as of the end of February 2015, Google has received over 220,000 delisting requests, and has evaluated over 800,000 URLs.

The topic has also garnered the attention of the Article 29 Working Party (A29), which published Guidelines, in late November 2014, to explain the position of the EU Data Protection Authorities. Among other things, the Guidelines provide that delisting requests, when accepted, must be implemented on all domains operated, worldwide, by the entity receiving the delisting request, and not just only on its EU domains.

Interest in RTBF has also expanded outside the European Economic Area (EEA). Cases similar to the Costeja case have been brought in Asia and the Americas. It is clear that a strong current is building. The CJEU Costeja ruling and its aftermath are significant for businesses around the world in many respects. The genie is out of the bottle, and may be sneaking into, and disrupting many businesses.

(more…)

Read More

Right to be Forgotten – Casting a Wider Net

Francoise Gilbert

The Article 29 Working Party (WP29) has published, in its document WP 225, Guidelines on the Implementation of the Court of Justice of the European Union (CJEU) Judgment on Google Spain and Inc. v. Agencia Espanola de Proteccion des Datos (AEPD) and Mario Costeja GonzalezC-131/12 (Guidelines) to provide its interpretation of the CJEU’s ruling, and identify the criteria that will be used by the EU/EEA Member States Data Protection Authorities when addressing complaints from individuals following a denial of de-listing requests.

(more…)

Read More

People-tracking and Swiss Data Protection Law

Dr. Ursula Widmer

People-tracking and Swiss Data Protection Law

People-tracking systems are being used increasingly, e.g. for optimizing flows of traffic and people or for analysis of customer behavior. Since these systems can also be used for processing sensitive data and personal profiles, the Swiss Federal Data Protection and Information Commissioner (FDPIC) considers that caution is called for and that closer scrutiny of the data protection conditions is necessary. The FDPIC has published comments on people-tracking, which are available its website.

(more…)

Read More

Yelp to pay $450,000 penalty for COPPA violation

Francoise Gilbert

Yelp to pay $450,000 penalty for COPPA violation

The Federal Trade Commission has announced a proposed settlement with Yelp, Inc. for COPPA violations. The FTC alleged that, for five years, Yelp illegally collected and used the personal information of children under 13 who registered on its mobile app service. According to the FTC complaint, Yelp collected personal information from children through the Yelp app without first notifying parents and obtaining their consent. The Yelp app registration process required individuals to provide their date of birth. Several thousand registrants provided a date of birth showing they were under 13 years old. Even though it had knowledge that these registrants were children, Yelp did not follow the requirements of the COPPA Rule and collected their personal information without proper notice to, and consent from, their parents. Information collected included name, e-mail address, geolocation, and any other any information that these children posted on Yelp. In addition, the complaint alleges that Yelp did not adequately test its app to ensure that users under 13 were prohibited from registering. Under the terms of the proposed settlement agreement, among other things, Yelp must:

  • pay a $450,000 civil penalty;
  • delete information it collected from individuals who stated they were 13 or younger at the time they registered for the service; and
  • submit a compliance report to the FTC in one year outlining its COPPA compliance program.

In a separate action, FTC alleged that TinyCo also improperly collected Children information in violation of COPPA. Under the settlement agreement between TinyCo and the FTC, TinyCo will pay a $300,000 civil penalty.

Read More

The Brazilian Law on the Rights of Internet Users

Esther Nunes and Paulo Bonomo

The Brazilian Law on the Rights of Internet Users – Law No. 12,965, of April 23, 2014 (“Law No. 12,965/2014”)

After a time-consuming legislative process that lead to several discussions and postponements in recent years, Law No. 12,965/2014, known as the Brazilian “Marco Civil da Internet, was published on April 24, 2014. The law will take in effect within sixty (60) days from such date.

The objective of the Marco Civil da Internet is to establish the principles, guarantees, rights and obligations for the use of the Internet. In order to assure its enforceability, Law No. 12,965/2014 establishes several concrete requirements that will have to be observed by different Internet players.

Fundamental Rights of Internet Users

The Marco Civil da Internet creates a very extensive list of fundamental rights of Internet users. The law specifically identifies these rights whereas previously they were found to derive from the Brazil Federal Constitution concerning the fundamental right to privacy, as well as the Civil and Consumer Protection Codes.

(more…)

Read More

Internet Marketing and Crowdsourcing: What are the Limits?

Eric Barbry

Internet Marketing and Crowdsourcing: What are the Limits?

The Internet marketing industry is exploring various strategies to try to influence the behaviors of Internet users as how they behave has now become integral to the operation of a growing number of services offered by search engines (e.g. Google Suggest) and more generally social networks.

Crowdsourcing is one of the avenues used to achieve their goals: via crowdsourcing platforms, companies can pay Internet users to complete a variety of microtasks ranging from performing image recognition to translating content, clicking on “like” or posting comments.

One can easily imagine how crowdsourcing platforms can be misused to produce fake comments or harm someone’s online reputation. In France, this type of behavior constitutes unfair trade practices and is actionable under Article L 120-1 of the French Consumer Code.

If a website experienced an unexplained drop in traffic or begins to be associated with negative search suggestions or comments, it is worth taking a closer look at these platforms. In France, to record evidence and build a case, companies should have the litigious practices recorded by a competent member of the legal profession (in France a huissier will draft their findings in a report called constat).

Link: Article L 120-1 of the French Consumer Code (in French)

Read More

Civilian Drones and Privacy Protection

Alain Bensoussan

Civilian Drones and Privacy Protection

Drones, also known as UAVs (Unmanned Aerial Vehicles) have long been confined to the military sector. But today their civilian use is growing exponentially in many areas. E-commerce giant Amazon’s recent announcement of the launch of a 30-minute package delivery service via small drones (Micro Aerial Vehicles) in the US within the next five years demonstrates the benefits of drones and showcases how enormous their potential can be.

In April 2012, France adopted regulations governing the use of drones. These regulations are implemented through the French Directorate General of Civil Aviation (DGAC).

In addition, drones equipped with a camera or a video camera must take account of the French Data Protection Act, which governs the processing of personal data and privacy rights.

CNIL, the French data protection authority, has especially been looking into UAVs that integrate different kinds of sensor as they can be powerful tools to observe, store and analyze personal data. In December 2013 it devoted a special issue of its newsletter to the topic “Drones, Innovations, Privacy and Individual Freedoms”, in which it examined the possible new forms of surveillance of individual behaviors and movements, and hence — more generally— their impact on privacy.

This gives food for thought not only about the civilian use of UAVs, but also on the broader issue of roboethics. The CNIL’s analysis could lead to future recommendations in this area.

Link: Cnil 6th Newsletter on Innovation & Foresight (in French)

Read More

SCC Strikes Down Alberta Privacy Legislation on Speech Grounds

Barry Sookman, Daniel Glover, Roland Hung and Keith Rose

SCC Strikes Down Alberta Privacy Legislation on Speech Grounds

This morning, the Supreme Court of Canada released Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62, an important decision relating to the intersection of freedom of expression and protection of privacy and, in the process, struck down Alberta’s Personal Information Protection Act, SA 2003, c. P-6.5 ( “PIPA”). At issue were the privacy rights created by the PIPA and the right to free expression, which is constitutionally enshrined as section 2(b) of the Canadian Charter of Rights and Freedoms (the “Charter”).

The case arose from a strike in 2006, at the Palace Casino in Edmonton.  Both the union and the employer videotaped the picket line, which was located in a shopping mall.  The evidence on record suggests that recording picket lines was standard practice in Alberta at the time.  The union posted notices at the site that recordings of people crossing the picket line might be posted to a web site.

Certain individuals, including officers of the employer, employees, and other members of the public, filed complaints with Alberta’s Information and Privacy Commissioner, under PIPA.  The record indicates that the complainants were recorded crossing the picket line, but that no such recordings of any of the complainants were ever posted on the web site.

The Adjudicator concluded that the union did not have the right to collect and use the recordings.  The union applied for judicial review and the chambers judge struck down certain portions of PIPA.  [United Food and Commercial Workers, Local 401 v Alberta (Information and Privacy Commissioner), 2011 ABQB 415.]  The Alberta Court of Appeal upheld the conclusion that portions of the Act were unconstitutional.  [United Food and Commercial Workers, Local 401 v Alberta (Attorney General), 2012 ABCA 130.]

(more…)

Read More