Chapter 6: Cybertorts, Privacy, and Government Regulation - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Chapter 6: Cybertorts, Privacy, and Government Regulation

Description:

The notion behind cybertorts is that the Internet has created a ... Hidden cameras would be an unreasonable intrusion as would wiretaps, listening devices, ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 27
Provided by: davidb54
Category:

less

Transcript and Presenter's Notes

Title: Chapter 6: Cybertorts, Privacy, and Government Regulation


1
Chapter 6 Cybertorts, Privacy, and Government
Regulation
  • David Baumer
  • Spring, 2002
  • BUS 504 Technology, Law and the Internet

2
Cybertorts
  • The notion behind cybertorts is that the Internet
    has created a connectedness that was not present
    previously
  • Two areas of tort that are most impacted by the
    Internet
  • Defamation
  • Invasions of Privacy
  • For defamation much of the action pertains to
    liability of third parties for rebroadcasting the
    defamatory comments

3
Defamation in Cyberspace
  • Defamation--can be oral or written
  • By and large cyberspace defamation is written so
    libel standards apply
  • Defamation requires a showing that
  • The defendant made or repeated false statements
  • Were heard by third parties
  • Harmed the reputation of the plaintiff
  • If the media is the defendant and the pl. is a
    public figure, the pl. must show that the def.
    knew or should have known that the statements
    were false

4
Defamation in Cyberspace
  • The crucial issue in cyberspace defamation cases
    is how to treat ISPs
  • If the ISP is treated as a publisher, then they
    have tremendous liability exposure
  • If the ISP is treated as a bookstore, then they
    are basically not liable for the contents of
    those using their service
  • Bookstores are treated as distributors of the
    material and are not liable unless they knew or
    should have known that the material they transmit
    is defamatory

5
Defamation in Cyberspace
  • In the early cases, liability of the ISP was
    based on whether the ISP supervised the content
    of the users of their service
  • The unfortunate result was that ISPs that tried
    to clean up content of users in terms of
    obscenity, were liable for defamatory content of
    other users
  • Congress did not like this outcome so they passed
    the Communications Decency Act (CDA) of 1996
  • Section 230(C) of the CDA provides that no
  • provider or user of an interactive computer
    service shall be treated as the publisher or
    speaker of any information provided by another
    information content provider.

6
CDA of 1996
  • Congress said in the CDA that there shall be no
    liability if a ISP restricted obscenity
  • Inconsistent state laws dealing with defamation
    were preempted by this legislation
  • Employer liability
  • Given the ease of constructing ISPs, many
    employers are ISPs within the meaning of the CDA
  • The CDA could be used to shield employers from
    liability
  • Also note that there are an increasing number of
    states that have exempted employers from
    liability unless they knew or had reason to know
    the statements were false

7
Privacy and the Internet
  • The value Americans place on privacy is enshrined
    in the 4th Amend.
  • The 4th Amend. pertains to govt. intrusions
  • For invasions of privacy by private
    (nongovernmental) sources
  • Common law torts are available
  • Increasingly, statutes are being passed to
    augment the reach of invasion of privacy claims

8
Privacy and the Internet
  • The courts use the term reasonable expectation
    of privacy when analyzing whether an invasion of
    privacy has taken place
  • The term is used both in 4th Amend. cases and in
    tort suits between citizens
  • At common law an unreasonable intrusion into the
    pl.s solitude is considered a tort
  • Hidden cameras would be an unreasonable intrusion
    as would wiretaps, listening devices,
  • Reasonable expectation of privacy is not
    warranted w.r.t. information given out over the
    Internet

9
Privacy and the Internet
  • While it is not reasonable to expect privacy when
    information is given to a third party over the
    Internet
  • It is reasonable to expect privacy if the
    recipient guarantees that the information will
    remain private
  • Companies that do not adhere to their stated
    privacy policies are subject to invasion of
    privacy lawsuits
  • Furthermore if the information is collected
    without knowledge or consent of the person
  • Web sites that attach cookies or collect
    information for one purpose such as a contest
    could be liable also
  • To date there have been no lawsuits based on the
    act of attaching cookies or web bugs
  • Web sites that store sensitive information such a
    medical or financial are subject to statutory
    regulation

10
Privacy On The New Frontier of Cyberspace
  • The Federal Trade Commission (FTC) has authority
    to combat unfair and deceptive trade practices
  • Much of the FTCs Internet work has been in their
    consumer protection branch
  • http//www.ftc.gov/ftc/consumer.htm
  • In the Consumer Protection branch there are a
    wide range of activities that the FTC has listed
    as unfair and deceptive trade practices

11
Privacy On The New Frontier of Cyberspace
  • FTC Fair Information Practices
  • Notice/Awarenessconsumers should be notified as
    to who is gathering the data and the uses that
    will be made of that data
  • Choice/Consentconsumers should consent to any
    secondary use for the data. There should be
    opt-in and opt-out provisions.
  • Access/Participationconsumers should have the
    right to contest the accuracy of the data
    collected.
  • Integrity/Securitythere should be managerial
    mechanisms in place to guard against loss,
    unauthorized access, or disclosures of the data.
  • Enforcement/Redressthere should be remedies
    available to victims of information misuse.

12
Privacy On The New Frontier of Cyberspace
  • Essentially, the FTC would like all web sites
    that collect consumer information to adhere to
    these principles
  • FTC surveys indicate that 97 of web sites
    collect personal information from visitors
  • About 50 provide for opt-out provisions on the
    information collected
  • About 43 of the web sites provided consumers
    with access to the records collected about them
  • Only 20 of the web sites surveyed adhered to all
    of the FTC Fair Information Principles

13
Data Collection and Computers
  • As everyone knows more and more records are being
    computerized
  • Compared to paper records the opportunity for
    snooping has dramatically increased
  • Much of the sensitive information is stored on
    government files
  • In some (many?) cases the govt. is extremely lax
    in who they allow access to data collected from
    citizens

14
Internet Data Collection and Cookies
  • Note that many web sites advertise their ability
    to equip you with the tools to snoop on
    neighbors, coworkers and relatives
  • The FTC has developed information on identity
    thieves
  • On a routine basis web sites attach cookies to
    visitors
  • Cookies can have beneficial uses for web sites
    and visitors alike, but in general cookies amount
    to an
  • involuntary extraction of information
  • Web sites that use cookies are most interested in
    the clickstream of the browers--where have the
    brower been to since the last visit

15
Internet Data Collection and Cookies
  • Certainly cookies violate some of the FTC Fair
    Information Principles
  • More and more web sites are now discussing their
    use of cookies in their privacy statements
  • The FTCs actions in the Geocities case
    illustrates some of what the FTC considers unfair
    and deceptive
  • Certainly corrective action was taken by Yahoo,
    but there are thousands of violators
  • Also third party verifiers have emerged such as
    TRUSTe that certify adherence to certain privacy
    policies

16
Internet Data Collection
  • One of the problems is that online vendors are
    forced to collect a lot of information form
    customers in order to verify their identity
  • Unless the vendors use commercially reasonable
    attribution procedures, they cannot charge
    customer credit cards
  • Commercially reasonable attribution procedures
    include collecting name, credit card, addresses,
    email names and other names

17
Internet Data Collection
  • According to the FTC your identity can be stolen
    by
  • co-opting your name, Social Security number,
    credit card number, or some other piece of your
    personal information for their own use.
  • Identity thieves can
  • Use credit cards to defraud victims
  • Open bank accounts
  • Open cellular phone accounts

18
Internet Data Collection
  • Egghead.coms privacy policy reflects the modern
    reality of E-Commerce
  • For credit card transactions the transmissions
    are encrypted
  • Egghead will refund 50 to you for any liability
    you encounter so long as you are blameless if
    your credit card number is used by a fraudulent
    party
  • Egghead does make your email address available to
    third parties they select
  • Note that there is an opt-out option
  • Egghead claims that they will not sell consumer
    information to third parties

19
Internet Data Collection
  • Egghead does collect information obtained from
    customers
  • For purposes of reporting to advertisers
  • Egghead gets more money from advertisers the more
    traffic they have at their web site.
  • They claim not to reveal any unaggregated data to
    the advertisers
  • In connection with games and contests information
    is collected and shared with third parties, again
    with an opt out option
  • The third parties have to pledge not to resell
    the information

20
Internet Data Collection
  • Egghead does attach cookies to your browser to
    assist them in determining your buying
    preferences
  • Egghead says it does not sell or rent information
    collected from cookies to third parties

21
Childrens Sites
  • Again the FTC has been active in this area
  • The Geocities case is just one example
  • The FTC considers it an unfair and deceptive
    trade practice to collect information from
    children without parental consent when that
    information will be used for another purpose
  • Congress has passed the Childrens Online Privacy
    Protection Act of 1998, which basically requires
    the same safeguards
  • Children are considered under 13
  • Most of the FTC Fair Information Principles are
    required
  • Notice, an opportunity to review, opt out,
    security and confidentiality

22
Financial Records
  • Financial Records The Gramm-Leach-Bliley Act,
    1999
  • The Privacy aspects of the Act are summarized by
    the beginning of Title V
  • It is the policy of the Congress that each
    financial institution has an affirmative and
    continuing obligation to respect the privacy of
    its customers and to protect the security and
    confidentiality of those customers nonpublic
    personal information.
  • The Act requires that financial institutions
    insure the privacy and confidentiality of
    customer records and information

23
Financial Records
  • The Gramm-Leach-Bliley Act also
  • Provide protection against any anticipated
    threats or hazards to the security or integrity
    of those records, and
  • Protect against unauthorized access to or use of
    such records or information.
  • It is clear that the Act prohibits giving out of
    nonpublic information to 3rd parties without
    notice and an opt out option
  • The Act prohibits giving out account numbers and
    credit card information to unaffiliated third
    parties for use in telemarketing, email and
    direct mailings

24
Medical Records
  • The Health Insurance Portability and
    Accountability Act of 1996
  • There are two parts to this legislation
  • One part deals with denial of health insurance
    when a person changes jobs and this part has been
    successful
  • The other part deals with the privacy of medical
    records
  • Regulations drafted by HHS prohibits
    nonconsensual secondary use of medical records
  • It allows transfers of medical records among
    healthcare providers, insurers, and HMOs
  • Other transfers of medical information must be
    approved unless they fall into certain exceptions

25
Medical Records
  • The HIPAA exceptions include
  • Public health authorities
  • Medical researchers
  • Law enforcement
  • Officials performing oversite functions for
    purposes of determining whether fraud has taken
    place
  • There are other exceptions
  • The revised regs. from HHS have just been
    approved for use, implementation has been stayed

26
European Union and Privacy
  • In the U.S. there is a much greater reliance on
    self-regulation than in the EU
  • The EU passed a Data Protection Directive that
    prohibits sharing data with any country who does
    not subscribe to their heavily regulated
    standards
  • The Department is Commerce has fashioned some
    regulations that seem to satisfy the EU at present
Write a Comment
User Comments (0)
About PowerShow.com