Safe Harbor Arrangement
The safe harbor arrangement was developed by the United States Department of Commerce to provide a means for U.S. companies to demonstrate compliance with European Commission directives and thus to simplify relations between them and European businesses. In October 2015, the top European court has ruled that Safe Harbour is invalid. This ruling was due to concerns raised by the revelations of Edward Snowden and a perceived lack of data privacy in the US. Negotiations for “Safe Harbor 2.0” are ongoing.
Recently, lawmakers in several states have proposed legislations to change the way online businesses handle user information. Among those generating significant attention are several Do Not Track legislations and the Right to Know Act (California Bill AB 1291). The California Right to Know Act, if passed, would require every business that keeps user information to provide its user a copy of stored information when requested.The bill faced heavy oppositions from trade groups representing companies such as Google, Microsoft and Facebook, and failed to pass.
Web sites collecting the information of children under the age of 13 must comply with the FTC’s regulation of COPPA; the Children’s Online Privacy Protection Act. Such websites (between social media, general products, apps, etc.) must have user safeguards and consensual agreements in place or face harsh fines, and should archive themselves in line with FTC compliance standards. Evidence and data must be stored from websites collecting such information. Coming into effect in 2000, this regulation exists to ensure transparency surrounding data collection of the information society’s most vulnerable demographic, state that parents may revoke consent from site and information usage, outline site requirements and minimum security standards.
The FTC regulates and enforces COPPA under the designated “Safe Harbor” provision, aggressively attempting to implement it in a trend of making an example of those who don’t by way of excessive fines and damage to reputation, such as Yelp, Hershey, TinyCo. Inc. and more.
The existing 41 year old FERPA privacy statute is in dire need of reform, according to Congress, as its provisions have failed to keep up with the technological developments in the classroom, or in the 21st Century. As it was initially drafted to apply only to educational institutions, current provisions fail to provide adequate protection of student from third party use. A balancing act between restricting the integrity, usage and collection of data while simultaneously providing scope for educational technologies is needed to advance.
SOPIPA (California’s Student Online Personal Information Protection Act) is the latest Californian data-protection legislation is aimed at students and is highly unique and forward thinking in that it expressly restricts use of their educational data from third-parties. SOPIPA is a dynamic landmark attempt to challenge the balancing of protecting children’s sensitive information and security with the advances in online and digital learning technologies. The aim of this student-data-privacy legislation is that it will become an example for other states and school districts as concern and danger of the sharing of under-13’s data by third-party vendors increases at a rapid pace.
The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly referred together as the Electronic Communications Privacy Act (ECPA) of 1986. The ECPA updated the Federal Wiretap Act of 1968, which addressed interception of conversations using “hard” telephone lines, but did not apply to the interception of computer and other digital and electronic communications. Several subsequent pieces of legislation, including The USA PATRIOT Act, clarify and update the ECPA to keep pace with the evolution of new communications technologies and methods, including easing restrictions on law enforcement access to stored communications in some cases.
Do Not Track Legislations
Do Not Track is a term that refers to a series of policy proposals that protects users’ right to choose whether or not to be tracked by third-party websites. It is often called the online version of “Do Not Call”. US Federal legislation has been proposed, but to date, has not passed.
In January 2014, California enacted AB 370, which is an amendment to the California Online Privacy Protection Act (CalOPPA). It added provisions for:
- How the Online Service responds to a browser’s do-not-track signal regarding the collection of information about online activities over time and across third-party online services; and
- Whether third parties may collect information about online activities over time and across different online services.
The ESIGN Act confirmed that electronic signatures have the same legal standing as pen-and-paper signatures, and a contract or record of transactions may not be denied legal effect or ruled unenforceable simply because it is in electronic form. Numerous court cases have fully supported the legal integrity of e-signatures.
The ESIGN Act encourages that consumers have given consent and received any necessary disclosures as part of the electronic contracting process. The consumer is to be provided with a “clear and conspicuous statement” regarding the option to receive the record in a non-electronic form, if any, and the right to withdraw consent at any time.