PRG News Roundup, November 17, 2021

The Knight First Amendment Institute at Columbia University filed an amicus brief in a case challenging a Florida law limiting the power of social media companies to moderate speech on their platforms. The Knight Institute urges the Eleventh Circuit Court of Appeals to affirm the district court’s decision to block the law on the grounds of its constitutionality, including the law’s specific targeting of platforms perceived to have a liberal bias (e.g. Facebook and Twitter), but not of smaller, conservative-leaning platforms. In addition, the law carves out an exception to platforms which own a Florida theme park—a clear reference to Disney. 

The Surveillance Technology Oversight Project (S.T.O.P.), a privacy and civil rights group, and the Harvard Law School Cyberlaw Clinic jointly filed an amicus brief with Massachusetts Supreme Judicial Court, arguing police searches of cell tower data are unconstitutional. The filing came in Commonwealth v. Perry, supporting the defendant Jerron Perry’s appeal of his motion to dismiss evidence obtained through cell tower dumps, which included data on more than 50,000 individuals.

Québec’s updated privacy law imposes additional compliance requirements on businesses. Bill 64 requires companies to conduct privacy impact assessments for the transfer of personal information outside of Québec and appoint designated privacy officers. Québec is one of the few Canadian provinces to have a stand-alone private sector privacy law; among other obligations, it requires businesses to report to the Québec privacy regulator and notify individuals of data breaches where there is risk of “serious prejudice.” The law gives Québec’s Commission d’accès à l’information, the province’s privacy regulator, the ability to fine entities that break the law. The law’s provisions take effect from 2022-2024. 

India’s national cybersecurity coordinator is starting a project to assess privacy and security loopholes in mobile devices and apps. The project is called Indian Citizens Assistance for Mobile Privacy & Security (I-CAMPS), and it will provide a technology platform with an associated mobile application and desktop site to support Indian citizens in mitigating the vulnerabilities in their mobile handsets. Relatedly, India’s new data privacy bill is expected to be placed before parliament in the upcoming winter session. The bill has various provisions addressing privacy holistically, and proposes bringing in a single regulator for data protection in tandem with international laws. 

United States House and Senate bills (S. 2875; H.R. 5440) advancing through Congress would require critical industries to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (“CISA”), which was created in 2018. High-profile cyber incidents, such as the Colonial Pipeline ransomware attack, have lawmakers pushing for mandatory cyber incident reports; the bills would require certain critical infrastructure operators designated by CISA to report incidents no later than 72-hours after the event. If passed, the legislation has the potential to give CISA more regulatory authority.

In apparent contradiction to Meta/Facebook’s announcement this summer that it would limit advertisers’ targeting of minors, the company is accused of continuing to track teens for targeting on its social platforms. This came to light in new research from Fairplay, Global Action Plan and Reset Australia, claiming that the company has retained its algorithms’ abilities to track and target kids. In response, Meta denied using the tracking data it is linking to teens’ accounts to for ad personalization purposes. 

The United States Senate confirmed notable big tech critic and progressive antitrust reformer Jonathan Kanter to lead the Justice Department’s antitrust division. Kanter has a history of representing technology companies, such as Yelp, Microsoft, and Spotify in antitrust suits against big tech competitors. With his confirmation, Kanter will inherit a lawsuit against Google filed during the Trump administration, accusing the company of anticompetitive behavior in the digital advertising market. At this point, it’s unclear if Kanter will recuse himself from the case, given his prior involvement in suits defending Google’s rivals. Relatedly, Federal Trade Commission nominee Alvaro Bedoya signaled support for addressing big tech regulation and privacy reform (specifically discussing facial recognition technology regulation) during a Senate confirmation hearing. If appointed, Bedoya is expected to take over the FTC’s “privacy portfolio.” Bedoya’s nomination is planned to advance to a full Senate vote shortly after Thanksgiving.

(Compiled by Student Fellow Tanner Co)