Court: Gov't Doesn't Need Search Warrant for Location Data
A federal appeals court has decided that government authorities can extract historical location data directly from telecommunications carriers without a search warrant, The New York Times reports. The court ruled that such searches are constitutional because location data is a “business record” and so is not protected by the Fourth Amendment, the report states. The decision could have implications for other government initiatives to collect metadata under the premise that it constitutes a business record. “It doesn’t make it a slam dunk, but it makes a good case for the government to argue that position,” said one expert. This follows a decision Monday on the searches of cell phones in general where judges said they believe it’s a matter for the Supreme Court. (Registration may be required to access this story.)
Appeals Judges: Supreme Court Should Decide Cell Search Case
Following the First U.S. Circuit Court of Appeals’ decision Monday not to rehear a case involving whether warrants are needed to search cell phones, “two First Circuit judges said they voted against rehearing the case in order to speed its path to the U.S. Supreme Court,” The Wall Street Journal reports. In May, the Appeals Court decided 2-1 that Boston police needed a warrant to search a suspect’s cell phone, and earlier this month, Justice Department lawyers asked the court to rehear the case. “Ultimately this issue requires an authoritative answer from the Supreme Court, and our intermediate review would do little to mend the growing split among lower courts,” wrote Judge Jeffrey R. Howard, and Chief Judge Sandra Lynch wrote, “The preferable course is to speed this case to the Supreme Court for its consideration.” (Registration may be required to access this story.)
And here’s what Slate had to say about it:
Fifth Circuit Decision "Doomed" at SCOTUS Level
In a feature for Slate, Mark Joseph Stern contends that this week’s Fifth Circuit Court of Appeals decision that authorities do not need warrants to extract historical location data from cell phones “is doomed at the Supreme Court” level. “The Fifth Circuit’s cellphone ruling is almost certain to be reversed in the near future, barring a dramatic change of heart from one of the Supreme Court’s privacy lovers,” he writes. Meanwhile, TIME takes a look at five recent privacy cases in a report examining how the Supreme Court defines the right to privacy.
Speaking of surveillance, senators are looking to reform FISA and the PATRIOT Act:
Sen. Leahy Introduces FISA Privacy Act
Senate Judiciary Chairman Patrick Leahy (D-VT) has introduced legislation to reform America’s surveillance powers, Slate reports. The FISA Accountability and Privacy Protection Act of 2013—which is cosponsored by nine additional senators—would narrow the scope of Section 215; allow for judicial review of “gag orders” provisions; move up the FISA Amendments Act sunset clause by two years; require the inspector general of the intelligence community to conduct a comprehensive review of the current law and its impact on citizens’ privacy, and mandate the release of an unclassified report for the public on the impact of the surveillance programs on individual privacy, the report states. The Senate Judiciary will host a hearing on privacy and the NSA disclosures on Wednesday.
Franken Introduces Surveillance Transparency Act of 2013
Sen. Al Franken (D-MN) has introduced a bill that would require more transparency around government collection of broadband and phone info, reports Multichannel News.
"The Surveillance Transparency Act of 2013 would expand and improve ongoing government reporting about programs under the PATRIOT Act and Foreign Intelligence Surveillance Act that have been the subject of controversy in recent weeks," said Franken's office in its announcement.
Senators Seek Changes to FISC, Section 215
Speaking on ABC’s This Week, Sen. Richard Durbin (D-IL) said changes to foreign intelligence surveillance court proceedings are needed and proposed adopting “a real court proceeding” to approve wiretapping requests, The Wall Street Journal reports. “Let’s have an advocate for someone standing up for civil liberties to speak up about the privacy of Americans when they make each of these decisions,” Durbin said, along with proposing the release of redacted FISA court transcripts. In a special to The Washington Post, Sens. Mark Udall (D-CO) and Ron Wyden (D-OR) urge the White House to “end the bulk collection of Americans’ phone records and instead obtain information directly from phone companies, using regular court orders based on individual suspicion.” The prevailing sentiment, The New York Times reports, is that momentum is building in Congress to alter NSA surveillance. (Registration may be required to access this story.)
Senate Strongly Presses NSA; Bills Introduced; Classified Docs Released
This exclusive for The Privacy Advisor reports on a Senate Judiciary Committee hearing yesterday where senators from both sides of the aisle pressed representatives from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Federal Bureau of Investigation and Justice Department over surveillance programs, particularly the provision allowing for the dragnet collection of Americans’ phone metadata. Committee Chairman Patrick Leahy (D-VT), on several occasions, expressed deep concern about the amount of Americans’ data being collected under Section 215. A number of senators said they were introducing legislation to narrow the scope of the collection of phone metadata. Obama administration representatives said they were willing to “reevaluate” the program.
The FTC has been busy:
FTC Updates COPPA FAQs
The Federal Trade Commission (FTC) has updated its Frequently Asked Questions (FAQs) about changes to the Children’s Online Privacy Protection Act (COPPA). Updates include share buttons, actual knowledge and information collected from child-redirected sites. If an app includes a share button that allows children to send or post information, “verifiable parental consent” is required; clarity on the actual knowledge standard is provided, and best practices are offered to third parties that discover personal information from a child-directed site has been collected. Recent COPPA revisions by the FTC went into effect on July 1.
And it may get busier if Sen. Schumer has anything to say about it.
Calls on FTC To Curb Brick-and-Mortar Tracking
Sen. Charles Schumer (D-NY) has called on the Federal Trade Commission to institute rules to allow shoppers to opt out of smartphone tracking at brick-and-mortar retail stores, CBS New York reports. Schumer said that participating stores are “going to know a lot about you by following you around, even if you don’t purchase, even if you’re just browsing.” He also added that children can be tracked, and collected data may be stored indefinitely.
Here’s an impending appeal that could get interesting:
Woman Awarded $1.44M; Company To Appeal
Indianapolis Star reports a Marion Superior Court jury has awarded a plaintiff “$1.44 million after finding Walgreens and a pharmacist violated her privacy when the pharmacist looked up and shared the woman’s prescription history.” The lawsuit alleged, “As a provider of pharmaceutical service, defendant Walgreens Co. owes a non-delegable duty to its customers to protect their privacy and confidentiality of its customers’ pharmaceutical information and prescription histories.” In a statement, Walgreens has said it will appeal, stating it is “a misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy.”
Utah Law Allowing Administrative Subpoenas Challenged
Legislators are joining privacy advocates in criticizing a Utah law, passed in 2009, that allows prosecutors to obtain Internet users' information without a warrant. These so-called “administrative subpoenas” allow Investigators to order Internet companies to hand over a user’s name and address, Web session times and durations, local and long-distance phone records and banking information when relevant to cases. The law has been used roughly 1,200 times since its passing.
Now, however, privacy advocates and legislators alike are questioning whether the law is in line with the constitution, though it hasn’t yet been challenged in court. Rep. Brian Greene (R - Pleasant Grove) told the Salt Lake Tribune in an e-mail interview that he would favor legislation to scale back the law. Another member of the Judiciary Interim Committee, which has held hearings on the law, Sen. Luz Robles (D-Salt Lake City), said protections should be added to the statute to ensure it’s being used out of necessity, not convenience.
North Carolina Delays Drones with Budget Law
Under North Carolina’s budget law, without the state chief information officer’s okay, no government entity may buy or operate a drone "or disclose personal information about any person acquired through the operation of an unmanned aircraft system" before July 2015, reports The Miami Herald. Rep. Jason Saine (R-Lincoln) says the delay is to allow for time to look into concerns about the possibility for police to obtain 24-hour public surveillance abilities. There are exceptions to the rule, and the department of transportation reportedly has plans to acquire a drone in conjunction with the launch of a drone research field.
New York Court Rules DMV-Data Brokers Not Liable for Subsequent Use
Law360 reports the New York Second Circuit ruled that while companies that sell DMV information cannot be held liable under the Driver’s Privacy Protection Act for a purchaser's use of that information, it “held that companies must uphold a certain standard of care in evaluating statutory disclosure exceptions.” (Registration may be required to access story.)
Safe Harbor in Hot Water
Despite the U.S.-EU Safe Harbor agreement’s apparent success at facilitating cross-border data transfers since its adoption in 2000, it’s in danger. MEP Jan-Phillip Albrecht recommended in his report earlier this year that the mechanism be discontinued, and the Transatlantic Trade and Investment Partnership (TTIP) negotiations have indicated discontent with the current framework. As such, organizations certified under Safe Harbor “should closely monitor the EU’s legislative process and the TTIP for indications about Safe Harbor’s future,” writes Hogan Lovells’ Privacy Team in this latest installment of the IAPP’s Privacy Tracker blog. (IAPP member login required.)
Italian DPA Releases Rules on Spam and Viral Marketing
The Italian Data Protection Authority (Garante) has released, earlier this month, a set of rules dealing with spam and viral marketing. The provision, named “Guidelines on Marketing Activities and Spam,” is intended to fight the abuses of marketing communications and to promote fair commercial practices towards users and consumers.
French Supreme Court: Undeclared File Sale Is Void
Lexology reports on the French Supreme Court’s recent ruling that the sale of a file containing personal data that should have been declared with the French data protection authority, the CNIL, and was not must be cancelled. “Having noticed that this rule had not been complied with, the court found such a file to be illegal and unable to be subject to a convention under the French Civil Code,” the report states, noting the sale had to be considered void. “This ruling is particularly important in that it is the first time that the court has applied such reasoning,” the report states, noting it “reminds us of the importance of complying with the obligations attached to the handling of personal data…” (Registration may be required to access this story.)
Provision Could Label Data Transfers as Breaches
GovInfoSecurity reports on a provision in Australia’s proposed data breach notification legislation that “could deem the unauthorised transfer of data from Australia to another country a breach.” In an interview, Françoise Gilbert, CIPP/US, notes, “Europe has been the most adamant at trying to curb the exodus of information outside of Europe without the proper measures…Australia is sort of following this trend and becoming much more serious about the cross-border data transfers.” The proposed law also calls for a requirement for organisations to notify stakeholders in the event of a breach.
If you want to comment on this post, you need to login.