Digital Updates – March

On March 20, the News Media Alliance joined over 60 business groups, including the Motion Picture Association and the Association of National Advertisers, in asking the Attorney General of the State of California, Xavier Becerra, to postpone the enforcement of the California Consumer Privacy Act (CCPA). The CCPA was adopted in 2018 and provides residents of California with strong privacy protections. While the law came into effect in January 2020, the Attorney General is required to promulgate implementing regulations prior to the planned enforcement start date of July 1. The letter calls for the Attorney General to delay this deadline by six months due to the ongoing COVID-19 pandemic that places considerable stress on the businesses that must comply with the new law. According to reports, the Attorney General is currently planning on sticking to the original schedule. Read more here.

On March 17, the Washington Post reported that the government is in discussions with the tech industry regarding the use of user location data to aid in slowing the spread of COVID-19. The news follows earlier reports of the administration reportedly asking the big tech companies to assist governmental efforts to battle the virus. Any potential partnerships between the government and big tech would be sensitive as the tech industry has been under increased scrutiny for its handling of user privacy and as Congress has not agreed on a federal privacy legislation. On March 18, five Democratic Senators, including Robert Menendez (D-NJ), Sherrod Brown (D-OH), Richard Blumenthal (D-CT), Kamala Harris (D-CA), and Cory Booker (D-NJ), sent letters to Vice President Mike Pence and Google CEO Sundar Pichai asking whether user privacy considerations had been taken adequately into account when developing the Google-affiliated pilot screening website launched on Sunday. Read the letter here. 

On March 17, Representative David Cicilline (D-RI), Chair of the House Antitrust Subcommittee, held a roundtable discussion with stakeholders in Rhode Island on competition in the digital marketplace. The event, hosted virtually due to the COVID-19 pandemic, was aimed at soliciting the views of local businesses, innovators, and thought leaders about the issue. Representatives of The Boston Globe and The Providence Journal participated in the roundtable, highlighting how the dominant platforms affect the news industry. They also expressed support for the Journalism Competition and Preservation Act that would grant news publishers a temporary safe harbor to come together and negotiate collectively with the platforms. Rep. Cicilline has been leading a congressional antitrust investigation into market power online, including whether the dominant platforms have engaged in anti-competitive conduct, that is expected to wrap up soon. The subcommittee has held five hearings and sent multiple requests of information to the tech platforms as part of the investigation. Read more about the subcommittee’s investigation here.

On March 16, Dr. Johnny Ryan of Brave Software, a California-based developer of a privacy-focused web browser, filed a complaint with the Irish Data Protection Commission regarding Google’s use of consumer data for undisclosed purposes across its business. The complaint argues that Google fails to adequately ring-fence the personal data it collects for its various services, instead allowing other parts of the company to use the data without making this clear to users. Such use would violate Article 5(1)b of the European Union’s General Data Protection Regulation (GDPR), which establishes a “purpose limitation” principle. Specifically, GDPR allows user data to be collected for “specified, explicit and legitimate” purposes but forbids the use of such data “in a manner that is incompatible with those purposes.” The complaint follows Dr. Ryan’s attempts to find out how Google uses his personal data. Properly enforced, GDPR would allow users to limit how Google uses their personal data, in addition to increasing competition in the digital marketplace. Read more about the complaint here.

On March 13, the U.S. Copyright Office shared a summary of its pandemic plan with Members of Congress, noting that the Office aims to continue providing essential services during the ongoing COVID-19 pandemic. These services include administering the registration and recordation systems, handling mandatory deposits, and conducting regulatory activities. According to the summary, many Copyright Office staff members will work remotely, although some will remain on-site, and the registration examination of digital applications will continue as normal. Paper applications and physical deposits may experience delays. Additionally, the remote working arrangements should not have any effect on the Copyright Office modernization efforts.

On March 12, Washington State Senator Reuven Carlyle issued a statement indicating that the state House and Senate had failed to reach a compromise on a proposed consumer privacy bill, the Washington Privacy Act. The Act would have created broad consumer data protections similar to those established by the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR). The Washington House and Senate disagreed about whether the Act should include a private right of action. The bill’s failure marks the second time that the bill has failed to pass the legislature. Meanwhile, New York State is considering a data privacy bill, A8526/S5642, which would go beyond CCPA and GDPR by requiring affirmative opt-in consent, creating a private right of action, and establishing a fiduciary duty of care, loyalty, and confidentiality that would require businesses to put consumers’ privacy rights ahead of their own interests. Read more about the Washington Privacy Act’s failure here.