The COVID-19 pandemic that erupted during the last three months of the survey period has transformed the world, and cyberlaw has registered some of its impacts. The massive and almost instantaneous shift from face-to-face interactions to remote videoconferencing technologies will continue to create cyber-law issues that will draw the attention of courts and legislatures for years to come. This survey covers the year ending May 2020.
Privacy and data security. David Sella-Villa offers an early look at new privacy issues that have arisen as a consequence of the novel coronavirus and the COVID-19 pandemic.1 The use of Zoom and other videoconferencing platforms to replace face-to-face interactions gives rise to cybersecurity issues and has created new streams of private information that create new vulnerabilities for users of the platforms. Contact-tracing technologies likewise create new sources of private information, as do symptom-screening procedures. The expanded use of facial recognition and artificial intelligence to battle the pandemic has raised concerns among privacy advocates.
Meg Strickler surveys developments in privacy law generally.2 Facebook and Google each appeared as the defendant in a pair of cases challenging their practices as violating a variety of state and federal privacy laws, with mixed outcomes. A new crop of cases explores the contours of the Illinois Biometric Information Privacy Act, still the only biometric privacy law in the United States with a private right of action. Two courts considered the validity of cy pres settlements in class actions against Google. Finally, Federal Trade Commission enforcement actions resulted in some large penalties against major online platforms.
David Payne offers an introduction to New York State’s SHIELD Act.3 This update of the state’s breach notification law broadens the scope of intrusions that count as a reportable breach and includes a detailed specification of what qualifies as a conforming data security program. The essay is a must-read for all business lawyers, as the impact of the law is not limited to the borders of New York, but applies to businesses wherever located if they hold the private information of a New York resident.
Roland Trope takes a close look at developments at the intersection of artificial intelligence (“AI”) technologies and security.4 Facebook’s $5 billion settlement with the Federal Trade Commission was based in part on Facebook’s misuse of AI-powered facial recognition. Apple’s new branded credit card used an AI algorithm to set customers’ credit limits, but the algorithm was apparently biased to set a lower limit if the customer was female. Illinois enacted a law that regulates employers’ use of AI to evaluate job applicants by analysis of their video interviews. And a new executive order directs federal agencies to develop plans that will make the Global Positioning System more resilient to attacks that could threaten national security.
Paul Lanois covers selected developments in privacy law at the state level.5 His essay covers two topics. First, he describes new legislation in California and Oregon relating to Internet of Things devices. Second, he reviews early litigation under the California Consumer Privacy Act. A number of private plaintiffs filed lawsuits claiming violations of the Act even before the California Attorney General’s enforcement authority began on July 1, 2020.
Intellectual property. Timothy Bradley takes us through some of the most significant cyber-related copyright developments of the survey year.6 Several district court decisions left it unclear whether embedding an Instagram photograph or retweeting copyrighted text without permission is infringing. One court largely upheld a $1 billion statutory damages award against Cox Communications for turning a blind eye to infringement occurring on its system, and another allowed a similar suit to proceed against Charter Communications. The U.S. Supreme Court issued a major decision holding that official annotations to a state statutory code are not protectable by copyright. The essay discusses the main takeaways from the Copyright Office’s report on the DMCA notice-and-takedown system, and previews the battle in the U.S. Supreme Court between Google and Oracle on the copyrightability of elements of a software application programming interface.
Consumer law. Richik Sarkar’s essay discusses developments in advertising and consumer protection.7 The Telephone Consumer Protection Act continues to perplex the courts, but the U.S. Supreme Court is expected to resolve one of the key outstanding issues in its 2020-21 term. The Federal Trade Commission, for the first time, took enforcement action under the Consumer Review Fairness Act, which nullifies contractual limitations on a consumer’s ability to post critical reviews. The Federal Trade Commission also brought several enforcement actions against false and misleading uses of social media by advertisers and influencers.
Electronic payments. Stephen T. Middlebrook, Tom Kierner, and Sarah Jane Hughes offer a roundup of developments in electronic payments and financial services.8 Several issues arise from stimulus payments distributed in response to the COVID-19 pandemic. There was litigation over whether retail gift cards must be printed in Braille. The Federal Trade Commission has taken action against payment processors and others. There were amendments to the Consumer Financial Protection Bureau’s “remittance” regulation and Regulation E. Also addressed are regulatory actions connected to cryptocurrencies.
Intermediary liability. Chase Edwards’ essay delves into online intermediary liability, with a focus on the immunity provision known as Section 230.9 The cases involve efforts by crime victims to hold intermediaries liable, use of Section 230 to gain a competitive advantage, loss of the immunity due to the intermediary’s involvement with the content, and attempts to hold Snapchat liable for harm resulting from use of its Speed Filter. Fact-checking by social media platforms has provoked the ire of President Trump, and the essay discusses the executive order he issued aiming to water down the protections that the platforms derive from Section 230.
Contracts. Nancy Kim once again offers a masterful tour through the messy thicket of digital contracting cases.10 She discerns a trend in the caselaw toward a more consumer-centered analysis of the presentation of terms that the proponent seeks to enforce as contractual. Instead of enforcing terms based merely on their formal content, courts are more frequently considering their context and visual presentation when determining whether they meet the legal standard of conspicuousness and provide reasonable notice to the consumer. The essay also discusses cases in which the proponent has used multiple versions of the terms it seeks to enforce, and others in which businesses sought to avoid complying with the arbitration clauses that they themselves inserted into their contracts.