privacy law

Cyrus Farivar, writing for Ars Technica, features five cases that the U.S. Supreme Court could grant certiorari in and take on privacy and surveillance issues involving the National Security Agency: Klayman v. Obama, First Unitarian Church v. National Security Agency, American Civil Liberties Union (ACLU) v. Clapper, United States v. Moalin, and United States v. Muhtorov. Farivar notes the Supreme Court held in United States v. Jones that law enforcement doesn't have the authority to use GPS tracking without a warrant and held in Riley v. California that law enforcement can't search a person's phone without a warrant, reflecting "an awareness that modern tech has changed reasonable privacy."

Law firm Pinsent Masons, writing on its Out-Law blog, reports that the Court of Justice of the EU has ruled that a Czech journalist's use of a CCTV system at his home violated EU's data protection law. The court ruled that "'video surveillance' by individuals that is carried out 'even partially' in a public space is subject to the EU's Data Protection Directive, even if the camera capturing images of people is 'directed outwards from the private setting of the person processing the data.'" UK information commissioner David Smith told the blog that the CJEU's judgment applies to private people using drones with cameras: "The judgment means civilian operators of drones in public places will have to adhere to 'fair processing' requirements if capturing images that can identify individuals and may, in many cases, require them to obtain individuals' consent to the capturing of such footage, among other data protection rules that apply." The result is that the media's use of drones will require getting consent of the people being photographed and videorecorded.

The Federal Aviation Administration has said no to a petition from the Electronic Privacy Information Center to conduct rulemaking about the privacy and civil liberties concerns raised by drones, Gizmodo's Adam Clark Estes writes. The FAA, which has to prioritize making rules when immediate safety or security concerns are at stake, said privacy is not an immediate safety concern, but "conveniently, the agency didn't comment on whether drones and privacy present a security concern," Estes says. While it's understandable that the FAA didn't trckle drones and privacy, Este concludes "it makes the issue even more frustrating, because if the agency in charge of regulating drones is not going to protect privacy in its drone rulemaking, who will?"

Entrepreneur Jay Bregman wants to add regulatory engineers at a new startup to help companies use drones without running afoul of products liability and privacy law, C|NET's Steve Shankland reports: "His as-yet-unnamed startup plans to bake those rules into drone control software so drone makers and operators can fly the robotic devices without fear." Bregman said that the Federal Aviation Administration just doesn't have the bandwidth to regulate thousands and thousands of drones, so technology could enforce regulations via software code.

We're embarking on an era when everyday objects will be connected to the Internet, whether it's devices in our home or it's devices we wear. Gigaom's Jeff John Roberts notes that digital privacy already is pretty limited. How will things look when even more objects are connected to the Internet? The problem, he says, is that Internet-connected objects "will start to pull all sorts of people — even those who aren’t on the Internet in the first place — into connected databases through photo tagging and other sensor features." ACLU's Jay Stanley offers some hope, arguing that, as a society, we may be embarking on a new level of awareness about the importance of privacy.

The Federal Communications Commission has entered the realm of data security for the first time--with a $10 million fine no less, the Washington Post's Brian Fung reports. The fine was levied against "two telecom companies that allegedly stored personally identifiable customer data online without firewalls, encryption or password protection. The two companies, YourTel America and TerraCom, share the same owners and management. From September 2012 to April 2013, the FCC said, the companies collected information online from applicants to Lifeline, the government's telephone subsidy program for poor Americans."

The data was discovered by reporters for the Scripps Howard News Service doing a simple Google search, Fung also reports.

Al Tompkins, writing in Poynter, discusses the struggle between reporting on the Ebola epidemic and respecting HIPAA, the law protecting patients' privacy: "A health story of national proportions like the Ebola story pits the role of journalism against HIPPA rules. HIPAA (American Health Insurance Portability and Accountability Act of 1996) restricts patient information to doctors, direct caregivers, insurance companies and others expressly named in the Act." 

HIPPA privacy rules do allow hospitals to release general information about a patient without releasing their names, such as where an infected person traveled, Tompkins reported. Dr. Art Caplan, head of the Division of Bioethics at New York University Langone Medical Center, told Tompkins that a national health crisis allows public officials to get information in order to be able to trace the contacts a patient had with others. But that loophole doesn't apply to journalists.

The United Nations' special rapporteur on counterterrorism and human rights has found that mass electronic surveillance does away with the right to privacy, The Intercept's Glenn Greenwald reports: "In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty."

The rapporteur found that no country has demonstrated with evidence that mass surveillance is necessary. The report also rejected the argument that mass surveillance is justified because there is more protection for Americans than there is for foreigners, Greenwald reports: "'Article 26 of the Covenant prohibits discrimination on grounds of, inter alia, nationality and citizenship. The Special Rapporteur thus considers that States are legally obliged to afford the same privacy protection for nationals and non-nationals and for those within and outside their jurisdiction.'"

Jeffrey Vagle, writing in Just Security, says that a recent decision from U.S. District Lucy Koh could strengthen the positions of plaintiffs seeking standing to challenge government surveillance. Courts have consistently ruled that plaintiffs don't have standing to challenge government surveillance, he notes, even though "research has long shown that even the mere awareness of government surveillance, under which an individual could reasonably expect herself to be observed, can yield very real chilling effect injuries, including self-censorship and an increased reluctance to associate with certain people or groups. Foucault would, of course, argue that this is the entire point of surveillance."

Koh ruled in a case involving a data breach at Adobe that the plaintiffs had standing to bring their claims because they need only show a "'substantial risk that the harm will occur, which may prompt plaintiffs to reasonably incur costs to mitigate or avoid that harm.'" The reasoning in Koh's decision "may be a sign that future surveillance harms will soon be recognized as an 'injury in fact,'" making it easier for plaintiffs to assert standing and keep pursuing their cases in court, Vagle said.

The "right to be forgotten" has arrived in Asia. According to a report in the Associated Press, a Japansese court has ordered Google to remove search results that "hinted at the man's relations with a criminal organization after he complained his privacy rights were violated."

Europe's highest court made a similar ruling in May; some lawyers say the ruling could lead to the exportation of Europe's privacy laws to the rest of the world.