Megan L. Brown, partner in Wiley Rein’s National Security, Privacy, Cyber & Data Governance, and Telecom, Media & Technology practices, co-authored a new law and policy paper published today by the National Security Institute (NSI) at George Mason University’s Antonin Scalia Law School. The paper is co-authored with NSI Visiting Fellow James B. Burchfield.
On Thursday, the Ninth Circuit—in Patel v. Facebook—issued an opinion in a much-watched privacy class action suit, inviting more litigation over claimed privacy violations. The court allowed a class action suit to go forward where plaintiffs had alleged that Facebook violated Illinois’ privacy law by scanning individuals’ faces from photographs uploaded to the social network on an opt-out basis. In a sweeping decision, the court held that the statutory violation was, itself, a concrete injury sufficient to satisfy the traditional constitutional requirement of Article III standing. This case will grease the wheels on the deluge of no-harm privacy class action lawsuits.
On Tuesday, the Consumer Financial Protection Bureau (CFPB) released a noteworthy blog post providing an update on key findings about the use of alternative data for credit access in connection with the Bureau’s first no-action letter (NAL). The post, written by top agency officials, discusses a NAL that the CFPB issued in September 2017 to Upstart Network, Inc., a company with an online lending platform that utilizes “alternative data” and machine learning to make credit decisions.
This week, the National Institute of Standards and Technology (NIST) released NISTIR 8259, a draft of the long awaited “Core Cybersecurity Feature Baseline for Securable IoT Devices.” The publication (the baseline draft) proposes a voluntary, flexible, minimum set of “baseline of cybersecurity features based on common cybersecurity risk management approaches as a starting point for manufacturers.” (p. 1). We expect it to shape standards of care and regulatory expectations for manufacturers and sellers of all connected devices. For stakeholders, and others, there are multiple opportunities for engagement. NIST is holding a workshop on the baseline on August 13. Comments for the baseline draft are due September 30.
In an innovative use of existing criminal statutes, the US Attorney for the Middle District of Georgia has secured a guilty plea from a man accused of planning to use an unmanned aircraft system (UAS or drone) to smuggle marijuana into a state prison. The crime? A federal charge under 49 USC § 46306 (b)(6) and (c)(2), which makes it unlawful to “knowingly and willfully operate or attempt to operate an aircraft eligible for registration knowing that” the aircraft is not registered, and which imposes a five year prison sentence if the offense is “related to transporting a controlled substance by aircraft.”
The FCC dropped a Public Notice establishing application and bidding procedures for Auction 103—the next in a series of millimeter wave spectrum auctions by the Commission as part of its Spectrum Frontiers proceeding. Auction 103, scheduled to begin December 10, 2019, features UMFUS licenses in the 37.6-38.6 GHz (Upper 37 GHz), 38.6-40 GHz (39 GHz), and 47.2-48.2 GHz (47 GHz) bands.
As federal lawmakers consider national privacy legislation, states have moved to implement their own consumer privacy and data security laws. California has led the charge with the passage of the California Consumer Privacy Act of 2018 (CCPA), a broad privacy law that regulates how certain businesses use personal information. On the heels of the CCPA, in September 2018, California also passed legislation addressing security of Internet of Things (IoT) devices, SB 327.