Category: Surveillance & Privacy

German authorities said on Thursday they had arrested an employee of its foreign intelligence service (BND) on suspicion of sharing state secrets with Russia this year and thereby committing treason. Police arrested the suspect, a German citizen identified as Carsten L, on Wednesday in Berlin, the federal prosecutors office said. It said police also raided his flat and workplace as…

Meta Platforms Inc CEO Mark Zuckerberg’s Chan-Zuckerberg Initiative-backed Byju’s —​​India’s largest online education firm — has been accused of bullying parents to buy courses. What Happened: India’s National Commission for Protection of Child Rights, or NCPCR, said the edtech company is targeting first-generation learners and forcing parents to buy courses after purchasing their phone numbers, ANI reported. Priyank Kanoongo, the…

The Department of Justice, together with the Federal Trade Commission (FTC), today announced a settlement that, if approved by a federal court, will require Epic Games Inc. (Epic Games) to pay $275 million in civil penalties as part of a settlement to resolve alleged violations of the Children’s Online Privacy Protection Act (COPPA), the Children’s Online Privacy Protection Rule (COPPA…

On 2 November 2022, the Portuguese Data Protection Authority (“CNPD”) issued a Decision imposing a fine of € 4,300,000 (four million three hundred euros) to the National Institute of Statistics (“INE”) for multiple violations in the processing of data subjects’ sensitive data during the Census 2021 operation. Background On the 27th of April 2021, after launching an investigation into the…

Ocenture LLC, a privately held company headquartered in Jacksonville, Florida, and its subsidiary, Carelumina LLC (collectively, “Ocenture”), have agreed to pay $3 million to resolve allegations that they caused the submission of false claims to Medicare by paying and receiving kickbacks in connection with genetic testing samples. The United States alleged that Ocenture participated in a genetic testing fraud scheme…

WASHINGTON – A California man was sentenced yesterday to 42 months in federal prison for his role in accessing, monitoring and conveying confidential and sensitive information that could be used to identify and locate Twitter users of interest to the Saudi Royal Family. Ahmad Abouammo, 45, formerly of Walnut Creek and currently residing in Seattle, was convicted of acting as…

On November 25, 2022, Ireland’s Data Protection Commission (“DPC”) released a decision fining Meta Platforms, Inc. (“Meta”) €265 million for a 2019 data leak involving the personal information of approximately 533 million Facebook users worldwide. In the decision, the DPC argued that Meta failed to comply with the GDPR’s requirement of providing privacy “by design and default” when it failed…

Listen to this post

As reported in the the Retail Industry Law Resource blog:
Plaintiff’s firms continue to file variations of state law wiretapping lawsuits over “session replay” software and “live chat” or “chatbot” applications in various jurisdictions. These filings typically allege that companies use such software tools to record users’ interactions with a website without first obtaining users’ consent, thereby violating the wiretapping, eavesdropping, or interception provisions of various state laws. Session replay software allows companies to record and play back user’s interactions on its websites. The “live chat” or “chatbot” feature allows a website user to engage in text conversations with an assistant, to which chat the company has access. These wiretapping claims threaten substantial penalties. Companies that use these web-tracking tools, however, can take steps to protect themselves from these lawsuits by a careful examination of the software being used and by evaluating what disclosures or consent may be warranted.

Plaintiffs’ claims arise from the wiretapping or interception provisions of various state laws that prohibit the recording of confidential communications without the consent of all parties to the communication. California courts, for example, have experienced a surge of class action filings pursuant to the California Invasion of Privacy Act (“CIPA”). Specifically, section 631 of CIPA prohibits (1) intentional wiretapping of any telegraph or telephone wire, line, or cable; (2) willfully and without the consent of all parties attempting to learn the contents of a communication in transit; and (3) attempting to use or communicate information obtained as a result of engaging in either activity. CIPA entitles plaintiffs to $5,000 per violation. A violation arguably occurs each time a user visits a website. Thus, these penalties can grow quickly.
Further, recent case law has encouraged the Plaintiffs’ bar with favorable interpretations of these state statutes. For example, the Third Circuit recently took a narrow view of the direct-party exception defense under Pennsylvania’s Wiretapping and Electronic Surveillance Control Act, resulting in the initiation of several class actions. The direct-party exception works to exempt a party from liability pertaining to communications directly with another party. In Popa v. Harriet Carter Gifts, Inc., however, the Third Circuit held that the legislature “codified only a law-enforcement exception, thus limiting any direct-party exception to that context” and remanded the case for further consideration by the District Court, which had not reached the issue of consent. Thus, companies facing claims under the Pennsylvania statute cannot avoid liability merely by showing that plaintiff and the company were the direct parties to the communication. If successful, the Pennsylvania statute entitles plaintiffs to $100 a day for each day of violation, or $1,000, whichever is higher.
Accordingly, it is important for companies to be aware of how their website software is being utilized, what information they and their vendors are collecting from website users, and what disclosures or consents may be warranted in light of the above. User consent is consistently a defense under state wiretapping statutes. Therefore, companies should evaluate their website terms of service and privacy policies to confirm that they include sufficient and clear disclosures and/or obtain user consent depending on the type of activity taking place on company websites by the company and its service providers.

June 26, 2022. Are Twitter, TikTok, Facebook and other social media platforms hiring from the FBI, military, NATO, CIA and U.S. State Department? It seems they are. This hiring tendency has not been widely reported in mainstream news because the revelation seems to have originated in an investigation by Russian media sources. Much of the evidence for the claim, however, is publicly verifiable. Here are some examples you can verify for yourself.

June 17, 2022. In a blow to press freedom, the United Kingdom has approved the extradition of WikiLeaks founder Julian Assange to the United States to face espionage charges related to the publication of classified documents exposing U.S. war crimes. Home Secretary Priti Patel signed off on the transfer after the U.K. Supreme Court denied Assange’s appeals earlier this year,…

June 15, 2022. Eva K Bartlett: RT had me on yesterday to discuss Ukraine’s kill list & my entry on it. I highlighted Canada’s cozy relationship with Ukraine, including with the Nazi battalions, Chrystia Freeland’s Nazi-collaborating grandpa , and why I feel safer living in Russia than I would were I back in Canada where Ukrainian nationalists & Nazi supporters…

June 1, 2022. Public inquiry into the federal government’s unprecedented use of the Emergencies Act seeks access to cabinet secrets. The public inquiry into the federal government’s unprecedented use of the Emergencies Act wants access to cabinet secrets as it warns it will be hard to complete its work by next February, as required under a legally-mandated timeline. In its…

May 31, 2022. The Department of Justice, together with the Federal Trade Commission (FTC), announced a settlement that, if approved by a federal court, will require Twitter Inc. to pay $150 million in civil penalties and implement robust compliance measures to protect users’ data privacy. The settlement will resolve allegations that Twitter violated the FTC Act and an administrative order…

May 10, 2022. The Centers for Disease Control and Prevention (CDC) bought access to location data harvested from tens of millions of phones in the United States to perform analysis of compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation, according to CDC documents obtained by Motherboard. The…

May 9, 2022. Facial recognition company Clearview AI has agreed to stop its sales to private companies in the United States as part of a landmark settlement reining in a technology criticized as threatening Americans’ privacy rights. The settlement, filed Monday in federal court in Illinois, marks the most significant court action yet against Clearview AI, a company known for…

Video