By Chris Jones*

 

I. Introduction

As the world moves increasingly online, consumers are forced to enter personal information into websites to apply for jobs, attend school, or purchase tickets to an event. Consumers’ personal information is often sold and shared as a commodity among tech businesses, advertising agencies, and data brokers. According to the Federal Trade Commission (“FTC”), “most consumers . . . know little about the data brokers who collect and trade consumer data or build consumer profiles that can expose intimate details about their lives and . . . expose unsuspecting people to future harm.”[1] As a result, the risk of individual privacy harms continues to increase. Privacy injuries may include reputational, discriminatory, physical, emotional, economic, and relationship harms.[2]

Absent a comprehensive federal privacy law, the majority of U.S. businesses operate under the assumption that fine print in a legally complex privacy policy is sufficient to act in good faith. Unfortunately, standard privacy policies do nothing to advise consumers of the harms they may experience when utilizing a website, application, or device. Without a basic understanding of why they should care about their personal information being sold and shared, consumers lack the requisite knowledge necessary to make an informed decision.

This article argues that the potential for consumer harms, resulting from the use of a product or service, should be spelled out and disclosed. The FTC should promulgate a rule to require harms’ disclosure in a standardized, easy-to-understand privacy policy that is consistent throughout the industry. By educating the general public up front, informed consumers can determine the true level of risk they are willing to take, instead of blindly following flashy advertising and exciting trends.

II. Background

A. Overview of Privacy Policies

Privacy policies are typically lengthy notices filled with technical terms and legal language[3] that explain what an entity does with a consumer’s personal information, how the information is shared with third parties, and whether the consumer has options regarding this sharing.[4] Many privacy policies are difficult to understand and contain language designed to mislead consumers into believing the business protects their information.[5] Moreover, privacy policies typically provide no warning to consumers of potential harms they may encounter when utilizing the product or service.[6]

Many businesses rely on the fine print in a legally complex privacy policy to address consumer privacy issues.[7] According to Jen King, the director of consumer privacy at the Center for Internet and Society, privacy policies are “documents created by lawyers, for lawyers. They were never created as a consumer tool.”[8]

In 2012, the average length of an online privacy policy was 2,415 words.[9] It would take an average internet user seventy-six working days—consisting of eight hours per day—to read the privacy policies of every website they encountered within a year.[10]  Over the past decade, Americans’ use of the internet has exploded; as a result businesses have greatly expanded their privacy policies.[11] For example, Facebook’s privacy policy takes a reported eighteen minutes to read.[12] Thus, it is not reasonable to expect the average consumer has the time, nor the sophistication, to read and understand every lengthy and substantially different privacy policy they may encounter.

B. Legal Foundation

The FTC is in charge of preventing unfair or deceptive acts or practices that affect commerce in the privacy arena.[13] Pursuant to Section 18 of the FTC Act and the Commission’s rules of practice, the FTC has the authority to “promulgate, modify, and repeal trade regulation rules that define with specificity acts or practices that are unfair or deceptive in or affecting commerce within the meaning of Section 5(a)(1).”[14] The FTC Act identifies unfair or deceptive acts as those that cause or are likely to cause significant injury to consumers.[15]

The FTC currently sanctions businesses for unfair or deceptive practices while enforcing adherence to a business’ privacy policy.[16] As the FTC does not provide a standardized template for privacy policies, businesses are left to draft their own documents, without clear guidelines.

III. Potential Harms from Data Sharing

As technology has revolutionized American lives, individuals’ personal information is entered into online platforms on a daily basis in order to schedule medical appointments, apply for college, or communicate with most businesses. Moreover, the average Smartphone user in the U.S. utilizes approximately forty-six apps per month.[17] As a result, the risk of individual privacy harms continues to increase.[18] Privacy harms encompass a large scale of scenarios ranging from discrimination to emotional impairment to economic loss.[19]

Privacy injuries associated with the unauthorized use of an individual’s data may include reputational,[20] discrimination,[21] physical,[22] autonomy,[23] economic,[24] emotional,[25] and relationship harms.[26] For example, the disclosure of personal health data may affect a consumer’s ability to obtain employment, financial products, insurance, housing, or admission to a nursing home; it may cause social stigmatization based on race, sexual preferences, disease, addictions, mental health conditions, religion, or political positions; and it may subject the consumer to potentially dangerous situations due to blackmail, bullying, stalking, Ransomware, or the revelation of secret locations for domestic abuse victims.[27] Disclosures of mental health conditions, along with certain diagnoses, such as sexually transmitted disease, alcohol, or drug use carry additional social stigmatizations.[28]

Courts have moved beyond rigid injury requirements to include more intimate personal autonomy harms, such as “coercion – the impairment on people’s freedom to act or choose; (2) manipulation – the undue influence over people’s behavior or decision-making; (3) failure to inform – the failure to provide people with sufficient information to make decisions; (4) thwarted expectations – doing activities that undermine people’s choices; (5) lack of control – the inability to make meaningful choices about one’s data or prevent the potential future misuse of it; [and] (6) chilling effects – inhibiting people from engaging in lawful activities.”[29]

Further stigmatization can occur when online platforms make their way into the real lives of consumers. For example, Facebook has developed a relationship with law enforcement, searching for individuals whose online activities may infer suicidal tendencies.[30] Facebook scans users’ input—including private messages—for content that may apply to “safety and health.”[31]  Facebook then reports individuals to law enforcement that they consider as potentially suicidal.[32] Thus, by sending allegedly private messages on Facebook, a user runs the risk of the police showing up at their door in real life.[33]

This can be particularly troubling for users as police documentation about a potentially suicidal visit—including officers’ body cam footage of people, cars, and homes—becomes public record.[34] The records may be shared with any interested parties—including data brokers.[35] This public documentation of a consumer’s perceived mental instability can have devastating consequences that affect the rest of their lives.[36] Potential harms may include discrimination in careers, housing, public doxing, reputational damage, relationship issues, or mental health stigmas. Imagine having to disclose to potential employers that you were deemed a suicide risk by local law enforcement.

Still, the majorities of consumers are not adequately informed of potential harms and have little to no knowledge of the life-long consequences that may result from utilizing these products and services.[37]

IV. Privacy Policies Should Disclose Potential Harms

At the time of publication, there are still no comprehensive U.S. privacy laws at the federal level, let alone any statutes to require privacy policies disclose potential consumer harms. While it is standard practice in the U.S. for some industries to warn consumers of potential harms, the technological world is way behind. For example, in California, amusement parks, personal car manufacturers, and even holiday lights’ manufacturers are required to disclose “significant exposures to chemicals that cause cancer, birth defects or other reproductive harm.”[38]

Countries worldwide and several U.S. states have begun to pass privacy laws to minimize commercial surveillance and promote data security.[39] “Persistent and targeted surveillance collapses individual moments of interaction, spread out over time and mitigated through human forgetfulness, into one long story of an individual’s life.”[40] This type of surveillance can lead to inferences about highly sensitive areas of a person’s life, such as religion, sexual activities, and health.[41] Therefore, U.S. consumers need to be warned of surveillance profiling and subsequent harms, before they agree to utilize a product or service.

“Studies have shown that most people do not generally understand the market for consumer data that operates beyond their monitors and displays.”[42] A Pew Research Center study found that “78% of US adults say they understand very little or nothing about what the government does with the data it collects, and 59% say the same about the data companies collect.”[43] Thus, if the majority of consumers admit they do not understand what is done with their personal data, a privacy policy filled with legal terms and jargon does nothing to serve as a warning.

Critics may argue that privacy harms often do not occur until some future time, if at all. Therefore, it is unnecessary to warn consumers about the potential risk of future harms. The current technological ecosystem is so complex and consists of so many entities; it is difficult—if not impossible—for the average consumer to pinpoint where their personal information was disclosed, when experiencing higher insurance rates, employment discrimination, or targeted advertising based on their most intimate secrets. Thus, it is critical to notify consumers of potential harms at the initial time of their data collection.

V. Solution

Absent a comprehensive federal privacy law, this article proposes the FTC should promulgate a rule to require consumer harms’ disclosure in a standardized, easy-to-understand privacy policy that is consistent throughout the industry.

The Gramm-Leach-Bliley Act (“GLBA”) provides financial institutions with a standardized template listing specific categories of information that must be disclosed.[44] This template is similar to the nutrition-label approach to privacy instituted by Apple and Google in their app stores.[45] For example, Apple created the labels “to help users learn at a glance what data will be collected by an app, whether that data is linked to them or used to track them, and the purposes for which that data may be used.”[46] The nutrition labels are a great tool to identify the information being collected; however, the labels fail to warn consumers of potential harms resulting from the collection.

By utilizing a template similar to the GLBA requirement, consumers can easily determine whether or not the business sells or shares their personal information with third-parties, who those third parties are, what potential harms can result from said sharing, and what choices the consumer has—if any—to opt out. Thus, consumers can quickly identify the key components to determine whether they want to do business with the entity. While the U.S. has a long way to go in protecting users’ privacy, this disclosure of harms is one step that can educate and empower consumers to make informed decisions.

VI. Conclusion

Action should be taken at the federal level to clearly notify consumers of potential privacy harms resulting from the sharing of their personal information. By providing sweeping protection in privacy policies for all U.S. residents, the FTC can help to balance the benefits of technology with the education necessary for consumers to take back control of their own private lives.

 

 

*J.D., Gonzaga University School of Law. Acknowledgments and gratitude to Professor Drew Simshaw for his
invaluable insights and continuing support.

[1] Trade Regulation Rule on Commercial Surveillance and Data Security, Fed. Trade Comm’n,, Dec. 8, 2021, 1, 5 https://www.ftc.gov/system/files/ftc_gov/pdf/commercial_surveillance_and_data_security_anpr.pdf. [hereinafter FTC Trade Regulation Rule].

[2] See Danielle Keats Citron & Daniel J. Solove, Privacy Harms, Geo Wash. L. Fac. Publications & Other Works, 1, 19, 21-23, 25, 28  https://scholarship.law.gwu.edu/faculty_publications/1534 (last visited Feb. 7, 2023).

[3] See Lori Andrews, A New Privacy Paradigm in the Age of Apps, 53 Wake Forest L. Rev. 421, 435 (2018).

[4] See Andrews, supra note 3, at 434-36.

[5] See Deceived by Design, Forbrukerradet 1, 22  (June 27, 2018),

https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf (discussing how Big Tech utilizes positive and negative wording to “nudge users toward making certain choices”); See also Kevin Litman-Navarro, We Read 150 Privacy Policies. They Were an Incomprehensible Disaster, N.Y. Times, June 12, 2019, https://www.nytimes.com/​interactive/​2019/​06/​12/​opinion/​facebook-google-privacy-policies.html.

[6] See Forbrukerradet, supra note 5.

[7] See Andrews, supra note 3, at 435.

[8] See Litman-Navarro, supra note 5.

[9]Alexis C. Madrigal, Reading the Privacy Policies You Encounter in a Year Would Take 76 Work Days, Atl. Monthly Grp., LLC (Mar. 1, 2012), https://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/.

[10] Id.

[11] See Litman-Navarro, supra note 5.

[12] See Litman-Navarro, supra note 5.

[13] See 15 U.S.C. §§ 41-58, as amended [hereinafter 15 U.S.C.]; See also Michael Goodyear, The Dark Side of Videoconferencing: The Privacy Tribulations of Zoom and the Fragmented State of U.S. Data Privacy Law, 10 Hous. L. Rev. 76, 79 (2020).

[14] See FTC Trade Regulation Rule, supra note 1, at 12.

[15] See 15 U.S.C., supra note 13; See also Scott Stiefel, The Chatbot Will See You Now;  Protecting Mental Healthware Confidentiality in Software Applications, 20 Colum. Sci. & Tech. L. Rev. 333, 386 (2019).

[16] See 15 U.S.C., supra note 13; See also Nicole Angelica, Alexa’s Artificial Intelligence Paves the Way for Big Tech’s Entrance into the Health Care Industry – The Benefits to Efficiency and Support if the Patent-Centric System Outweigh the Impact on Privacy, 21 N.C. J. L. & Tech. 59, 77-78 (2020)..

[17] See Stephanie Chan, U.S. Consumers Used an Average of 46 Apps Each Month in the First Half of 2021, Sensor Tower, Inc., Aug. 2021, https://sensortower.com/blog/apps-used-per-us-smartphone.

[18] See FTC Trade Regulation Rule, supra note 1, at 7 (stating how the FTC noted that “companies’ collection and use of data have significant consequences for consumers’ wallets, safety, and mental health”).

[19] See Lothar Determann, Healthy Data Protection, 26 Mich. Tech. L. Rev. 229, 256 (2020).

[20] See Citron & Solove, supra note 2, at 22 (describing how “reputational harms impair a person’s ability to maintain ‘personal esteem in the eyes of others and can taint a person’s image.’” Reputational harms can result in social rejection, lost employment or business).

[21] See Citron & Solove, supra note 2, at 28 (Discrimination harms particularly highlight the inequality and disadvantages for people from marginalized communities. Potential discrimination may occur in the form of employment, housing, insurance ratings, or online harassment).

[22] See Citron & Solove, supra note 2, at 19 (describing physical harms as setbacks to physical health or physical violence when personal data is improperly shared).

[23] See Citron & Solove, supra note 2, at 40 (describing autonomy harms as the “restriction, coercion, or manipulation of people’s choices”).

[24] See Citron & Solove, supra note 2, at 21 (Economic harms include financial loss or identity theft).

[25] See Citron & Solove, supra note 2, at 23 (Emotional harms include emotional distress, categorized by anger, frustration, various degrees of anxiety, and annoyance).

[26] See Citron & Solove, supra note 2, at 25 (describing how relationship harms can encompass personal, professional, and organizational relations).

[27] See Determann, supra note 19, at 256; See Andrews, supra note 3, at 465–66.

[28] See Determann, supra note 19, at 256-57 (When faced with a mental health diagnosis, patients may experience “embarrassment, shame, and even social exclusion should information of this nature become public.” This stigmatization often affects an individual’s quality of life and can cause additional health conditions or a variety of psychosomatic symptoms).

[29] See Citron & Solove, supra note 2, at 47.

[30] See Benjamin Goggin, Inside Facebook’s Suicide Algorithm; Insider, Inc., Jan. 6, 2019, https://www.businessinsider.com/facebook-is-using-ai-to-try-to-predict-if-youre-suicidal-2018-12.

[31] See id.

[32] See id.

[33] See id.

[34] See Jacqueline White, ISP body-cam footage shows Idaho suspect pulled over in Indiana, minutes after being stopped by Deputy, Scripps Media, Inc., https://www.wrtv.com/news/working-for-you/isp-body-cam-footage-shows-idaho-suspect-pulled-over-in-indiana-minutes-after-being-stopped-by-deputy (last updated Jan 3, 2023 04:18 PM).

[35] See generally Electronic Frontier Foundation, FOIA How To,

https://www.eff.org/issues/transparency/foia-how-to (last visited Feb. 6, 2023).

[36] See Goggin, supra note 30.

[37] See Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, and Erica Turner, Americans and Privacy: Concerned, Confused, and Feeling Lack of Control Over Their Personal Information, Pew Res. Ctr, 1, 10 (Nov. 15, 2019)

https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/ [hereinafter Pew Research Center] (describing how the majority of Americans do not understand what the government or private businesses do with their personal information); See also Citron & Solove, supra note 2, at 18-40 (describing privacy harms a consumer may experience due to unauthorized use of their personal information).

[38]See OEHHA Cal. Off. Envtl Health Hazard Assessment About Proposition 65

https://oehha.ca.gov/proposition-65/about-proposition-65 (last visited Feb. 2, 2023) (“Proposition 65 requires businesses to provide warnings to Californians about significant exposures to chemicals that cause cancer, birth defects or other reproductive harm.  These chemicals can be in the products that Californians purchase, in their homes or workplaces, or that are released into the environment. By requiring that this information be provided, Proposition 65 enables Californians to make informed decisions about their exposures to these chemicals”).

[39] See Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, Official J. Eur. Union L. 119, at 1 (2016) (The GDPR is a comprehensive privacy law designed to prohibit businesses from tracking and selling the personal information of consumers located in the EU, absent consent); See also Californians for Consumer Privacy, CPRA Executive Summary

https://www.caprivacy.org/cpra-exec-summary/ (last visited June 21, 2021)  (describing California’s privacy law); See also Va. Code §§ 59.1-571 to -581 (2021) (describing Virginia’s privacy law); See also Col. Gen. Assemb., Senate Bill 21-190,

https://leg.colorado.gov/sites/default/files/documents/2021A/bills/2021a_190_enr.pdf (last updated June 23, 2021) (describing Colorado’s Privacy Law).

[40] Margot E. Kaminsky, Privacy and the Right to Record, 97 Boston U. L. Rev. 167, 215 (2015).

[41] Id.

[42] See FTC Trade Regulation Rule, supra note 1, at 5.

[43] See Pew Research Center, supra note 37, at 10.

[44] See FTC Trade Regulation Rule, supra note 1, at  15 (describing how the GLBA regulates the privacy of consumer information collected by financial institutions).

[45] See Cookie Pro, Google Play Data Safety vs. Apple Nutrition Label

https://www.cookiepro.com/knowledge/data-safety-nutrition-label/ (last updated July 6, 2022).

[46] Id.

 

Image Source: https://depositphotos.com/vector-images/caution-sign.html

Robot Lawyers: Sooner Than You Think

By Haley Magel

There’s been a lot of buzz recently about ChatGPT and robots taking the role of lawyers[1], and many probably think it’s satire or an over-exaggeration.  While robot lawyers might not be taking over the legal industry right now[2], that day might be a lot sooner than anyone expects.

For those that don’t know what ChatGPT is or have a scant understanding, it is a chatbot that uses “natural language processing to understand and respond to human communication.”[3]  Chatbots are either retrieval or generative, and ChatGPT is generative meaning that it takes a user input pattern and creates the output itself with the help of an underlying deep-learning model. [4]  In less technical terms, you can ask ChatGPT a question and it will answer the question with an output that it creates.  In the legal context, one could ask ChatGPT to explain what constitutes a well-founded fear of persecution in an asylum case, and the chatbot can spit out a relatively accurate response.[5]  One could also ask ChatGPT to explain the concept of personal jurisdiction, develop a list of deposition questions for the plaintiff in a motor vehicle accident, and create a contract for the sale of real estate in Massachusetts and receive competent answers.[6]

There are obviously some drawbacks to ChatGPT as it currently operates such as low interpretability which means that ChatGPT does not explain the methods it uses to come to its answers.[7]  ChatGPT also does not include footnotes or specific references, so it isn’t easy to fact-check answers and make sure that the correct legal authority was applied accurately.[8]  Another factor to take into consideration is that all artificial intelligence (“AI”) is trained with human input and there are numerous examples of how bias has been introduced into algorithms.[9]  Drawing conclusions from AI could include implicit bias that many aren’t suspecting to be in the AI output.[10]

The ultimate test of legal competence for many is the bar exam, so researchers put ChatGPT to work to try its hand at answering questions from the multistate multiple choice section of the bar exam, known as the Multistate Bar Examination (“MBE”).[11]  ChatGPT’s answers were compared to the average correct answers of bar test-takers, and overall bar takers answer 68% of questions correctly with ChatGPT answering 50% of questions correctly.[12]  ChatGPT is significantly exceeding the baseline random choice rate of 25%, but is still trailing human test–takers by 18%.[13]  Researchers believe that a chatbot may be able to pass the bar exam within the next 18 months as updated versions of ChatGPT are released.[14]

Recently, there actually was an attempt to use ChatGPT in a courtroom setting where DoNotPay tried to use its AI chatbot to help represent a defendant in a speeding case.[15]  The plan was to have the chatbot run on a smartphone, listen to what was being said in court, and provide instructions to the defendant via an earpiece.[16]  State bar association prosecutors threatened 6 months of jail time if a chatbot were used in court, and DoNotPay backed down with their robot lawyer stunt.[17]

Thankfully, for every lawyer out there that wants to keep their job, it doesn’t seem like ChatGPT and other AI chatbots are ready to take over the legal industry quite yet.  It seems most likely in the near future that chatbots will be used in conjunction with human lawyers to achieve simple drafting tasks and other small, routine legal needs.

 

 

 

Image Source: https://miro.medium.com/max/900/0*zvGIPN52Cx3NVGvP.png

[1] Ken Crutchfield, ChatGPT—Are the Robots Finally Here?, ABOVE THE L. (Jan. 10, 2023, 1:47 PM), https://abovethelaw.com/2023/01/chatgpt-are-the-robots-finally-here/.

[2] Amanda Yeo, DoNotPay’s AI Lawyer Stunt Cancelled After Multiple State Bar Associations Object, MASHABLE (Jan. 26, 2023), https://mashable.com/article/donotpay-artificial-intelligence-lawyer-experiment.

[3] Thomas Bacas, Analysis: Will ChatGPT Bring AI to Law Firms? Not Anytime Soon, BLOOMBERG L. (Dec. 28, 2022, 10:22 AM), https://news.bloomberglaw.com/bloomberg-law-analysis/analysis-will-chatgpt-bring-ai-to-law-firms-not-anytime-soon.

[4] Id.

[5] Jenna Greene, Will ChatGPT Make Lawyers Obsolete? (Hint: Be Afraid), THOMSON REUTERS (Dec. 9, 2022, 2:33 PM), https://www.reuters.com/legal/transactional/will-chatgpt-make-lawyers-obsolete-hint-be-afraid-2022-12-09/.

[6] Id.

[7] Bacas, supra note 3.

[8] Crutchfield, supra note 1.

[9] Id.

[10] Id.

[11] Michael James Bommarito and Daniel Martin Katz, GPT Takes the Bar Exam, at 2, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4314839.

[12] Id. at 5.

[13] Id.

[14] Id. at 6.

[15] Yeo, supra note 2.

[16] Id.

[17] Id.

By Bryce Yancey

 

 

 

American companies may likely see an uptick in shareholder activists running proxy contests against the incumbent boards during the 2023 proxy season. This is largely due to the SEC amending Rule 14a-19 of the Security Exchange Act to require Companies to implement universal proxy cards in their board of directors’ elections, which went into effect on September 1, 2022.[1] Historically, a shareholder could vote for any combination of nominees they desired if they attended the director vote meeting in person.[2] However, proxy voting became the norm as time went on. The company and a dissident shareholder distributed separate proxy cards through this process.[3] Since shareholders could only submit one effective proxy card, they could not “mix-and-match” some nominees from the company’s slate and some from the dissident’s slate.[4]

However, due to the universal proxy cards being implemented, the company and dissident stockholders are now required to list all director candidates on their proxy voting ballots.[5] This new process is expected to test companies’ board members, specifically those who may be considered the “weaker” candidates, as it will be pitting a dissident’s best individual nominees against the company’s perceived “weakest” nominees.[6] Experts believe that this new system will significantly impact shareholder activism, particularly in the area of ESG (Environmental, Social, and Governance).^[7] The universal proxy gives these activists and cause-related groups the ability not just to propose a slate of directors but also allows them the ability to pick and choose individual directors from both company and activist nominees.[8] However, even if they gain only a small amount of support, the case against an individual director serving on a board will be highlighted.[9] Furthermore, the top proxy vote service company, ISS, has stated that the new rules are a “superior” way for shareholders to vote and it is a “dramatically easier” and “cheap” way for activist shareholders to launch proxy fights against the incumbent board members they take issue with.[10]

It is still early in this new process, but recent results from proxy votes have shown this to be the trend. On December 16, 2022, Apartment Investment and Management Company (“AIMCO”) held its annual stockholders’ meeting in which Land & Building Investment Management (“L&B”) sought two out of three board seats.[11] This was the first contested election taken through to a vote following the implementation of the universal proxy rules and resulted in L&B winning one of the board seats.[12] The results of this vote show that stockholders were aware of this new rule implementation and used it to vote out an incumbent board member who had served on the board for 18 years.[13]

Companies and experts are still figuring out exactly what to do with this new process. What exactly is going to happen as the new proxy season draws nearer? How do incumbent boards combat this newfound power shareholders will have? There are a lot of changes that will likely be coming to the world of corporate governance, and this is only the beginning.

 

 

 

[1] Martha E. McGarry et al., The Universal Proxy Rules Are in Effect: Key Takeaways from Recent Proxy Contests and What to Watch, MAYER BROWN (Jan. 2023), https://www.mayerbrown.com/en/perspectives-events/publications/2023/01/the-universal-proxy-rules-are-in-effect-key-takeaways-from-recent-proxy-contests-and-what-to-watch?utm_source=mondaq&utm_medium=syndication&utm_term=CorporateCommercial-Law&utm_content=articleoriginal&utm_campaign=article.

[2] Spencer D. Klein & Tyler Miller, Preparing for the Mandatory Universal Proxy Card and Its Potential Impacts on Shareholder Activism and Proxy Contests, MorrisonFoerster (Jan. 31, 2023), https://www.mofo.com/resources/insights/230131-preparing-for-the-mandatory-universal-proxy-card.  

[3] Id.

[4] Id.

[5] McGarry et al., supra note 1.

[6] Id.

[7] Rich Fields & Rusty O’Kelley, Universal Proxy, Increased Activism and Director Vulnerability, HARV. LAW SCH. F. ON CORP. GOV. (Dec. 7, 2022), https://corpgov.law.harvard.edu/2022/12/07/universal-proxy-increased-activism-and-director-vulnerability/.

[8] Id.

[9] Id.

[10] Id.

[11] Id.

[12] Id.

[13] Id.

 

 

 

Image: https://ethicalboardroom.com/wp-content/uploads/2022/06/KaiLiekefett_ProxyVoting-1536×938.jpg

By Eliza Mergenmeier

 

 

Patent trolls have a strong presence in the United States Patent Office, which is a concern for technological innovation.[1] For those who do not know, a patent in the U.S. is a grant to own a twenty-year monopoly over a useful, novel, and non-obvious invention.[2] An owner of a patent must continue paying the fee on the patent for it to be legally enforceable, thus, if an owner fails to make payments, the patent will expire earlier than the twenty-year period.[3] This is when patent trolls come into the picture.

Patent trolls take advantage of companies or inventors struggling to make payments. The trolls will then buy out the struggling company’s patents and exercise ownership over the inventions they did not create.[4] Once the patent troll owns the patent, they will send out letters threatening legal action to people they suspect of infringement.[5] In this letter, the troll typically threatens “legal action unless the alleged infringer agrees to pay a licensing fee,” which can be extremely costly.[6] Essentially, patent trolls are big bullies who take advantage of the little guys and then assert their dominance over others.

Though the issue might not get enough recognition on primetime television, during President Obama’s second term, the former president issued executive actions to prevent the impact of patent trolls.[7] Some features of the executive order include implementing a tactic to increase transparency during patent litigation.[8] Further, the executive order aimed at expanding outreach to patent holders to explain their current issues, including demonstrating data trends and exposing the issues concerning abusive patent litigation.[9]

However, roughly ten years later, the majority of patent lawsuits filed in 2022 were filed by patent trolls.[10] Thus, despite Present Obama’s fervent effort to reduce these numbers, it appears to be a more difficult task. Even though federal legislation is probably the most helpful to combat patent trolls, private companies, such as the Electronic Frontier Foundation (EFF), have formed to protect speech and privacy.[11] The EFF takes on cases they believe will become important precedents for the world of technology.[12] The EFF gets involved in cases to demand more transparency and disclosure from the courts during patent cases because “patent trolls rely on secrecy to perpetuate their business.”[13] Thus, one of their main techniques is requiring disclosure about the funds behind patent litigation.[14]

The United States patent system is rooted in this idea of the inventor as a patent holder; therefore, if patent trolls increase in size, fewer inventors will dominate the patent industry. Trolls are not looking to build upon these inventions and create something useful for the public benefit. Rather, trolls are businesses looking to make quick and easy money. Big businesses already own so much of the industry, and these new tactics only allow more businesses to infiltrate the patent system without doing any grunt work on the front end. People need to be aware and care about these issues because they present problems for the progress of science and technology.

 

 

 

[1] Patent Trolls, EFF, https://www.eff.org/issues/resources-patent-troll-victims (last visited Feb. 2, 2023).

[2] 35 USC §§ 101­–103.

[3] United States Pat. Trademark Off. https://www.uspto.gov/patents/maintain#:~:text=Maintenance%20fees%20are%20required%20to,or%20for%20statutory%20invention%20registrations.

[4] Supra note 1.

[5] Supra note 1.

[6] Id.

[7] Gene Sperling, Taking on Patent Trolls to Protect American Innovation, Obama White House, (June 4, 2013, 1:55 PM), https://obamawhitehouse.archives.gov/blog/2013/06/04/taking-patent-trolls-protect-american-innovation#:~:text=Summary%3A,to%20encourage%20innovation%20and%20invention.

[8] Id.

[9] Id.

[10] Joe Mullin, Seeing Patent Trolls Clearly: 2022 in Review, EFF, (Jan. 1, 2023). https://www.eff.org/deeplinks/2022/12/seeing-patent-trolls-clearly-2022-review.

[11] Id.

[12] Id.

[13] Id.

[14] Id.

 

Image Source: https://acumass.com/en/patent-trolls-are-on-the-decline/

By Gwyn Powers

 

 

As children, we all heard the saying, “don’t post anything on social media that you wouldn’t want your boss to see.”[1] We know that anything a person posts on Facebook, Twitter, or Instagram has the possibility to be seen by millions of people.[2] However, people make their social media accounts private to limit who can see their posts.[3] Even though a person’s social media post may be private, what privacy rights do employees have for their private social media posts?

Employees have two potential avenues of protection from employers monitoring their employees’ social media activities.[4] The first is a cause of action under a common law intrusion upon seclusion tort claim arguing that the employer intruded on the employee’s private affairs.[5] The plaintiff would have to prove that their employer (1) intentionally intruded on the employee’s solitude, seclusion, or private affairs and (2) that the intrusion would be highly offensive to a reasonable person.[6] Courts have held that if a person posts something on the internet without restricting access to the post, the individual does not have a claim to privacy for that post.[7] However, if an individual takes steps to control who can access their Facebook posts, then a court may find that the person had a reasonable expectation of privacy for their Facebook post.[8] Still, some states do not recognize a common law intrusion on seclusion cause of action but have a privacy statute.[9] For example, the Massachusetts Privacy Act creates a right against a serious interference of their privacy which primarily protects the dissemination of private information.[10] Additionally, some states like Virginia do not recognize an intrusion of seclusion tort claim.[11] Therefore, employees in Virginia would need to find protection for their private social media posts from another source.

The second potential source of protection for an employee’s private social media post is under the Stored Communications Act (SCA).[12] The SCA protects a person’s stored communications, such as a person’s email.[13] While a criminal statute, the SCA does create a civil cause of action.[14] The plaintiff would need to show that the defendant  “(1) intentionally accesses (2) a facility through which an electronic communication service is provided (3) without authorization or by exceed[ing] an authorization given and (4) thereby obtains . . . a wire or electronic communication (5) while that wire or electronic communication is in electronic storage.”[15] However, the SCA does not protect electronic communication that is “readily accessible to the general public.”[16] So, the plaintiff would need to show that their social media post was not accessible to the general public.[17]

Courts have held that posts made on private Facebook accounts, private online bulletin boards, and private websites may be protected under the SCA.[18] This is because the owners of the private sites took steps to control and limit access to their sites, which would make the information not readily accessible to the public.[19] However, courts are not likely to find SCA protections for posts made on private Facebook groups because the initial poster does not have control over who can be a member of the group and see their post.[20] Thus, the poster’s lack of control made the post “readily accessible to the public.”[21]

If an employer accesses an employee’s private social media post, the next step is determining whether the employer has authorization to access the employee’s post.[22] Courts have held that the employer violated the SCA if an employer did not have authorization to private posts and manages to access the private communication.[23] For example, in Pietrylo v. Hillstone, a group of employees created a private MySpace group to vent their problems with restaurant management.[24] A member of the MySpace group felt coerced by management to provide their MySpace login information so the management could access the employee group.[25] The court held that the coercion from the management did not have authorization to access the MySpace group.[26] Several state legislatures have passed statutes prohibiting employers from requiring their employees to provide their social media usernames and passwords.[27] However, these statutes do not prohibit employers from accessing social media posts that are publicly accessible.

In Ehling, the court stated that “[p]rivacy in social networking is an emerging but underdeveloped area of case law.”[28] As social media continues to be a constant part of our day-to-day life, courts must ensure that the law and protections do not fall too behind technology.

 

 

 

 

[1] Stephanie Smith, 11 Photos you should never post on social media, Business Insider (May 1, 2018, 5:24 PM), https://www.businessinsider.com/photos-you-should-never-ever-post-on-social-media-2018-5.

[2] Press Release, Meta, Reports Third Quarter 2022 Results (Oct. 26, 2022), https://investor.fb.com/investor-news/press-release-details/2022/Meta-Reports-Third-Quarter-2022-Results/default.aspx; Instagram Statistics and Trends, DataReportal, (Aug. 15, 2022), https://datareportal.com/essential-instagram-stats; Twitter Statistics and Trends, DataReportal, (Aug. 15, 2022), https://datareportal.com/essential-twitter-stats.

[3] 8 Reasons to Keep your Social Media Set to Private, Eset (Jun. 16, 2022), https://www.eset.com/uk/about/newsroom/blog/8-reasons-to-keep-your-social-media-set-to-private/.

[4] Marion G. Crain et al., Work Law: Cases and Materials, 407­—09 (4th ed. 2020).

[5] See Ehling v. Monmouth-Ocean Hosp. Serv. Corp., 872 F. Supp. 2d 369, 373 (D. N.J. 2012).

[6] Restatement (Second) of Torts § 652B (Am. L. Inst. 1977).

[7] Ehling, 872 F. Supp. 2d at 373.

[8] Id. at 374.

[9] Portnoy v. Insider, Inc., No. 22-10197-FDS, 2022 U.S. Dist. LEXIS 2020080, at *26 (D. Mass. 2022).

[10] Mass. Ann. Laws Ch. 214, § 1B (LexisNexis 2022).

[11] Cockrum v. Donald J. Trump for President, Inc., 365 F. Supp. 3d 652, 670 (E.D V.A. 2019).

[12] Marion G. Crain et al., Work Law: Cases and Materials, 407­—09 (4th ed. 2020).

[13] 18 U.S.C. § 2701.

[14] 18 U.S.C. § 2707.

[15] Backhaut v. Apple, Inc., 74 F. Supp. 3d 1033, 1041 (N.D. Cal. 2014).

[16] 18 U.S.C. § 2511(2)(g).

[17] See Davis v. HDR Inc., No. CV-21-01903, 2022 U.S. Dist. LEXIS 102949, at *10 (D. Ariz. 2022).

[18] Id.

[19] See id. at *11.

[20] Id. at *22—23.

[21] Id. at *11.

[22] Pietrylo v. Hillstone Rest. Group, No. 06-5754, 2009 U.S. Dist. LEXIS 88702, at *7 (D. N.J. 2009).

[23] Pietrylo, 2009 U.S. Dist. LEXIS 88702, at *8.

[24] Pietrylo v. Hillstone Rest. Group, No. 06-5754, 2008 U.S. Dist. LEXIS 108834, at *1—2 (D. N.J. 2008).

[25] Pietrylo, 2009 U.S. Dist. LEXIS 88702, at *8—9.

[26] Id. at *9.

[27] Va. Code Ann. § 40.1-28.7:5 (2021).

[28] Ehling, 872 F. Supp. 2d at 373.

 

Image Source: Photo Source: https://medium.datadriveninvestor.com/social-networking-harmless-media-or-privacy-intrusion-9b8e30402d5

By Dante Bosnic

 

 

After FTX filed for bankruptcy in the beginning of November, Samuel Bankman-Fried was finally arrested and extradited to the U.S. in late December.[1] In early January, Bankman-Fried appeared in federal court and pled not guilty to eight felony counts, including fraud, conspiracy, and money laundering.[2] If convicted, Bankman-Fried could face over 100 years in prison.[3]

Even worse for the once famed cryptocurrency star, according to a recent statement by the U.S. Attorney of the Southern District of New York, Damien Williams, Caroline Ellison, a former executive of Alameda Research, and Gary Wang, the co-founder of FTX, have agreed to cooperate with authorities to build a case against Bankman-Fried.[4] According to recent court documents, Ellison has agreed to provide investigators with key inside information, including handing over relevant documents, giving crucial eye-witness testimony, and fully disclosing the extent of her crimes as well as the crimes of other defendants.[5]

Along with going after Bankman-Fried, federal prosecutors are investigating an alleged cybercrime that drained more than $370 million out of FTX just hours after the cryptocurrency exchange filed for bankruptcy.[6] According to an individual who is familiar with the case but has been asked not to be identified, U.S. authorities have managed to seize some of the stolen funds. However, the frozen assets represent only a fraction of the $370 million.[7] In interviews before his arrest, Bankman-Fried indicated that the cyberattack may have been an inside job.[8] The conduct could amount to a charge in connection with computer fraud, which carries a maximum sentence of ten years in prison.[9] Regardless, the amount stolen is significantly less than the amount of money Bankman-Fried is accused of misusing while in charge of FTX.[10] According to authorities, Bankman-Fried, who is currently on bail in California, fraudulently raised $1.8 billion from investors and used FTX funds to wage high-risk bets at hedge fund Alameda Research to cover personal expenses.[11]

It also appears that individuals outside of FTX may be culpable as well. According to FTX’s lawyers, some of FTX’s immediate family aren’t cooperating with the investigation.[12] Bankman-Fried’s brother, mother, and father were his “advisors” and should be subpoenaed alongside former company executives.[13] FTX, known in bankruptcy proceedings as the Debtor, alleges that Gabriel Bankman-Fried, Sam Bankman-Fried’s brother, used his lobbying organization, Guarding Against Pandemics, to purchase a multi-million dollar property just a few blocks from the United States Capital.[14] Additionally, Fried’s political action committee, Mind the Gap, allegedly received donations from Sam Bankman-Fried and other FTX staffers. Furthermore, both parents resided in a $16.4 million [Bahamas] house titled in their names, despite understanding that the house was intended to be the company’s property.[15] In an emailed statement, Marissa McBride, Executive Director of Mind the Gap, told CoinDesk that “Sam Bankman-Fried contributed to some of the programs that Mind the Gap recommended to its network, but he did not make any direct contributions to Mind the Gap,” and that the group publicly discloses all contributions received to the Federal Election Commission. Finally, FTX and investigators are questioning Sam Bankman-Fried’s decision to send $400 million to an obscure cryptocurrency firm named Modulo Capital.[16] The young firm, which was founded in March and operated out of the same Bahamian compound where Mr. Bankman-Fried lived, had no track record or public profile.[17] According to the New York Times, prosecutors are investigating if Bankman Fried used FTX’s customers’ funds to invest in Modulo Capital, given that he is also accused of doing the same with Alameda Research.[18]

As it stands, Bankman-Fried has quite a lot on his plate. While the investigation continues, we most likely will not see or hear from him until his trial in October.[19] Depending on how the investigation goes, this could be a very long or short ten months for Samuel Bankman-Fried.

 

 

 

 

 

[1] See Travis Cartwright-Carroll, SBF Extradited, The Nassau Guardian (Dec. 22, 2022), https://thenassauguardian.com/sbf-extradited/.

[2] See Lauren Leffer, Sam Bankman-Fried Pleads ‘Not Guilty’ on All Counts, Gizmodo (Jan. 3, 2023), https://gizmodo.com/sbf-ftx-not-guilty-sam-bankman-fried-crypto-1849943902.

[3] Id.

[4] Mehron Rokhy, FTX Debacle: Two Top-Level Insiders Cooperating With Prosecutors in Criminal Case Against Sam Bankman-Fried, The Daily Hodl (Dec. 22, 2022), https://dailyhodl.com/2022/12/22/ftx-debacle-two-top-level-insiders-cooperating-with-prosecutors-in-criminal-case-against-sam-bankman-fried/.

[5] Id.

[6] Ava Benny-Morrison, U.S. Probes How $372 Million Vanished In Hack After FTX Bankruptcy, Bloomberg (Dec. 27, 2022), https://www.bloomberg.com/news/articles/2022-12-27/us-probes-how-372-million-vanished-in-hack-after-ftx-bankruptcy.

[7] See id.

[8] See id.

[9] Id.

[10] Benny-Morrison, supra note 6.

[11] See id.

[12] See id.

[13] Jack Schickler, Sam Bankman-Fried’s Mother and Brother Not Cooperating With Financial Probe, FTX Lawyers Say, Coindesk, (Jan. 26, 2023), https://www.coindesk.com/policy/2023/01/26/sam-bankman-frieds-mother-and-brother-not-cooperating-in-financial-probe-ftx-lawyers-say/.

[14] Id.

[15] Id.

[16] David Yaffe-Bellany, Matthew Goldstein, and Royston Jones Jr., The Unknown Hedge Fund That Got $400 Million From Sam Bankman-Fried, N.Y. Times (Jan. 24, 2023), https://www.nytimes.com/2023/01/24/business/ftx-sbf-modulo-capital.html.

[17] See id.

[18] See id.

[19] See Soumen Datta, SBF free on bail for 10 months until trial in October as he pleads not guilty, CryptoSlate (Jan. 3, 2023), https://cryptoslate.com/sbf-free-on-bail-for-10-months-until-trial-in-october-as-he-pleads-not-guilty/.

 

Image Source: https://abcnews.go.com/US/ftx-crypto-ceo-sam-bankman-fried-expected-plead/story?id=96107918