Feb 282013
 February 28, 2013  Posted by  Laws, Online, U.S.

Natasha Singer reports:

Before his planned retirement from Congress at the end of next year, Senator John D. Rockefeller IV, the West Virginia Democrat, intends to give American consumers more meaningful control over personal data collected about them online.

To that end, Mr. Rockefeller on Thursday introduced a bill called the “Do-Not-Track Online Act of 2013.”

The bill would require the Federal Trade Commission to establish standardized mechanisms for people to use their Internet browsers to tell Web sites, advertising networks, data brokers and other online entities whether or not they were willing to submit to data-mining.

The bill would also require the F.T.C. to develop rules to prohibit online services from amassing personal details about users who had opted out of such tracking.

Read more on The New York Times. I haven’t found a copy of the text of the bill yet, although it’s reportedly the same bill he introduced in 2011.

Feb 282013
 February 28, 2013  Posted by  Breaches, Business, Court, Featured News

The FTC may have settled charges against Aaron’s over the use of DesignerWare LLC software, but the consumers haven’t. Crystal and Brian Byrd are still pursuing a lawsuit against Aaron’s and now  there’s another lawsuit filed on behalf of another consumer by the same attorneys. As Associated Press reports:

Spyware installed on computers leased from furniture renter Aaron’s Inc. secretly sent 185,000 emails containing sensitive information _ including pictures of nude children and people having sex _ back to the company’s corporate computers, according to court documents filed Wednesday in a class-action lawsuit.

 According to the filings, some of the spyware emails contained pictures secretly taken by the rental computers’ webcams or other sensitive information including Social Security numbers, social media and email passwords, and customer keystrokes, the Federal Trade Commission determined last year.

The attorneys also claimed Atlanta-based Aaron’s hasn’t properly notified at least 800 customers allegedly targeted by spyware made by DesignerWare, a company located in North East, Pa.

Read more on Public Opinion.

With respect to that last point, I went back and looked again at the consent order involving Aaron’s, and it appears that it contains no provision requiring notification of consumers whose images were transmitted.  Could the consent order even require that if it allows the respondents to get away with not admitting any guilt or  admitting to the facts of the case?  Going forward, the FTC needs to consider whether consumers need to be notified of a privacy or data security breach and include some requirement that such notification be made.

 Update: I see that ColorTyme is also being sued in another potential class action lawsuit.  ColorTyme also one of the companies involved in the FTC’s case.  The case files on them can be found here.

Feb 282013
 February 28, 2013  Posted by  Misc

The current issue of Yale Journal of Law & Technology includes two privacy-related articles. Here’s their summary, but it looks like a subscription is required to access the full articles:

Christina P. Moniodis 
15 Yale J.L. & Tech. 139
The Supreme Court’s data privacy jurisprudence consists of only two cases, yet these cases have fueled a circuit split on data privacy rights. The Court’s hesitance to foray into data privacy law may be because the nonrival, invisible, and recombinant nature of information causes plaintiffs’ harms to elude courts. Such harms threaten the democratic relationship between citizen and state.
Michael Birnhack 
15 Yale J.L. & Tech. 24
Is technology-neutral legislation possible? Technological neutrality in legislation is often praised for its flexibility and ability to apply to future technologies. Yet, time and again we realize that even if the law did not name any technology, it was nevertheless based on an image of a particular technology. When new technologies appear, they expose the underlying technological mindset of the existing law. This article suggests that we read technology-related laws to uncover their hidden technological mindset so that we can better understand the law and prepare for the future.