Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.


Published on

  • Be the first to comment

  • Be the first to like this

  1. 1. Chapter 6: Cybertorts, Privacy, and Government Regulation David Baumer Spring, 2002 BUS 504: Technology, Law and the Internet
  2. 2. Cybertorts – The notion behind cybertorts is that the Internet has created a connectedness that was not present previously • Two areas of tort that are most impacted by the Internet – Defamation – Invasions of Privacy • For defamation much of the action pertains to liability of third parties for rebroadcasting the defamatory comments
  3. 3. Defamation in Cyberspace – Defamation--can be oral or written • By and large cyberspace defamation is written so libel standards apply • Defamation requires a showing that – The defendant made or repeated false statements – Were heard by third parties – Harmed the reputation of the plaintiff • If the media is the defendant and the pl. is a public figure, the pl. must show that the def. knew or should have known that the statements were false
  4. 4. Defamation in Cyberspace – The crucial issue in cyberspace defamation cases is how to treat ISPs • If the ISP is treated as a publisher, then they have tremendous liability exposure • If the ISP is treated as a bookstore, then they are basically not liable for the contents of those using their service – Bookstores are treated as distributors of the material and are not liable unless they knew or should have known that the material they transmit is defamatory
  5. 5. Defamation in Cyberspace • In the early cases, liability of the ISP was based on whether the ISP supervised the content of the users of their service – The unfortunate result was that ISPs that tried to clean up content of users in terms of obscenity, were liable for defamatory content of other users • Congress did not like this outcome so they passed the Communications Decency Act (CDA) of 1996 – Section 230(C) of the CDA provides that no – ―… provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.‖
  6. 6. CDA of 1996 – Congress said in the CDA that there shall be no liability if a ISP restricted obscenity • Inconsistent state laws dealing with defamation were preempted by this legislation • Employer liability – Given the ease of constructing ISPs, many employers are ISPs within the meaning of the CDA » The CDA could be used to shield employers from liability » Also note that there are an increasing number of states that have exempted employers from liability unless they knew or had reason to know the statements were false
  7. 7. Privacy and the Internet • The value Americans place on privacy is enshrined in the 4th Amend. – The 4th Amend. pertains to govt. intrusions – For invasions of privacy by private (nongovernmental) sources • Common law torts are available • Increasingly, statutes are being passed to augment the reach of invasion of privacy claims
  8. 8. Privacy and the Internet • The courts use the term ―reasonable expectation of privacy‖ when analyzing whether an invasion of privacy has taken place – The term is used both in 4th Amend. cases and in tort suits between citizens » At common law an unreasonable intrusion into the pl.’s solitude is considered a tort » Hidden cameras would be an unreasonable intrusion as would wiretaps, listening devices, – Reasonable expectation of privacy is not warranted w.r.t. information given out over the Internet
  9. 9. Privacy and the Internet • While it is not reasonable to expect privacy when information is given to a third party over the Internet – It is reasonable to expect privacy if the recipient guarantees that the information will remain private » Companies that do not adhere to their stated privacy policies are subject to invasion of privacy lawsuits – Furthermore if the information is collected without knowledge or consent of the person » Web sites that attach cookies or collect information for one purpose such as a contest could be liable also » To date there have been no lawsuits based on the act of attaching cookies or web bugs – Web sites that store sensitive information such a medical or financial are subject to statutory regulation
  10. 10. Privacy On The New Frontier of Cyberspace • The Federal Trade Commission (FTC) has authority to combat unfair and deceptive trade practices – Much of the FTC’s Internet work has been in their consumer protection branch – • In the Consumer Protection branch there are a wide range of activities that the FTC has listed as unfair and deceptive trade practices
  11. 11. Privacy On The New Frontier of Cyberspace – FTC Fair Information Practices – Notice/Awareness—consumers should be notified as to who is gathering the data and the uses that will be made of that data – Choice/Consent—consumers should consent to any secondary use for the data. There should be opt-in and opt-out provisions. – Access/Participation—consumers should have the right to contest the accuracy of the data collected. – Integrity/Security—there should be managerial mechanisms in place to guard against loss, unauthorized access, or disclosures of the data. – Enforcement/Redress—there should be remedies available to victims of information misuse.
  12. 12. Privacy On The New Frontier of Cyberspace • Essentially, the FTC would like all web sites that collect consumer information to adhere to these principles – FTC surveys indicate that 97% of web sites collect personal information from visitors – About 50% provide for opt-out provisions on the information collected – About 43% of the web sites provided consumers with access to the records collected about them • Only 20% of the web sites surveyed adhered to all of the FTC Fair Information Principles
  13. 13. Data Collection and Computers • As everyone knows more and more records are being computerized – Compared to paper records the opportunity for snooping has dramatically increased – Much of the sensitive information is stored on government files • In some (many?) cases the govt. is extremely lax in who they allow access to data collected from citizens
  14. 14. Internet Data Collection and Cookies – Note that many web sites advertise their ability to equip you with the tools to snoop on neighbors, coworkers and relatives » The FTC has developed information on ―identity‖ thieves – On a routine basis web sites attach cookies to visitors » Cookies can have beneficial uses for web sites and visitors alike, but in general cookies amount to an » involuntary extraction of information » Web sites that use cookies are most interested in the clickstream of the browers--where have the brower been to since the last visit
  15. 15. Internet Data Collection and Cookies – Certainly cookies violate some of the FTC Fair Information Principles • More and more web sites are now discussing their use of cookies in their privacy statements • The FTC’s actions in the Geocities case illustrates some of what the FTC considers unfair and deceptive – Certainly corrective action was taken by Yahoo, but there are thousands of violators – Also third party verifiers have emerged such as TRUSTe that certify adherence to certain privacy policies
  16. 16. Internet Data Collection – One of the problems is that online vendors are forced to collect a lot of information form customers in order to verify their identity • Unless the vendors use commercially reasonable attribution procedures, they cannot charge customer credit cards • Commercially reasonable attribution procedures include collecting name, credit card, addresses, email names and other names
  17. 17. Internet Data Collection • According to the FTC your identity can be stolen by – ―co-opting your name, Social Security number, credit card number, or some other piece of your personal information for their own use‖. – Identity thieves can • Use credit cards to defraud victims • Open bank accounts • Open cellular phone accounts
  18. 18. Internet Data Collection •’s privacy policy reflects the modern reality of E-Commerce – For credit card transactions the transmissions are encrypted » Egghead will refund $50 to you for any liability you encounter so long as you are blameless if your credit card number is used by a fraudulent party – Egghead does make your email address available to third parties they select » Note that there is an opt-out option – Egghead claims that they will not sell consumer information to third parties
  19. 19. Internet Data Collection • Egghead does collect information obtained from customers – For purposes of reporting to advertisers » Egghead gets more money from advertisers the more traffic they have at their web site. » They claim not to reveal any unaggregated data to the advertisers – In connection with games and contests information is collected and shared with third parties, again with an opt out option » The third parties have to pledge not to resell the information
  20. 20. Internet Data Collection • Egghead does attach cookies to your browser to assist them in determining your buying preferences – Egghead says it does not sell or rent information collected from cookies to third parties
  21. 21. Children’s Sites • Again the FTC has been active in this area – The Geocities case is just one example – The FTC considers it an unfair and deceptive trade practice to collect information from children without parental consent when that information will be used for another purpose • Congress has passed the Children’s Online Privacy Protection Act of 1998, which basically requires the same safeguards – Children are considered under 13 – Most of the FTC Fair Information Principles are required » Notice, an opportunity to review, opt out, security and confidentiality
  22. 22. Financial Records • Financial Records: The Gramm-Leach-Bliley Act, 1999 – The Privacy aspects of the Act are summarized by the beginning of Title V: » ―It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.‖ – The Act requires that financial institutions insure the privacy and confidentiality of customer records and information
  23. 23. Financial Records – The Gramm-Leach-Bliley Act also Provide protection against any anticipated threats or hazards to the security or integrity of those records, and Protect against unauthorized access to or use of such records or information. It is clear that the Act prohibits giving out of nonpublic information to 3rd parties without notice and an opt out option The Act prohibits giving out account numbers and credit card information to unaffiliated third parties for use in telemarketing, email and direct mailings
  24. 24. Medical Records – The Health Insurance Portability and Accountability Act of 1996 • There are two parts to this legislation – One part deals with denial of health insurance when a person changes jobs and this part has been successful – The other part deals with the privacy of medical records • Regulations drafted by HHS prohibits nonconsensual secondary use of medical records – It allows transfers of medical records among healthcare providers, insurers, and HMOs – Other transfers of medical information must be approved unless they fall into certain exceptions
  25. 25. Medical Records • The HIPAA exceptions include – Public health authorities – Medical researchers – Law enforcement – Officials performing oversite functions for purposes of determining whether fraud has taken place – There are other exceptions • The revised regs. from HHS have just been approved for use, implementation has been stayed
  26. 26. European Union and Privacy • In the U.S. there is a much greater reliance on self-regulation than in the EU – The EU passed a Data Protection Directive that prohibits sharing data with any country who does not subscribe to their heavily regulated standards – The Department is Commerce has fashioned some regulations that seem to satisfy the EU at present