An Excellent Draft Article: "Valuing Social Data"

Professors Amanda Parsons and Salome Viljoen have published a draft on SSRN titled, “Valuing Social Data.”  The draft is excellent, provides numerous insights and includes a very nice literature review. 

Here is the abstract:

Social data production is a unique form of value creation that characterizes informational capitalism. Social data production also presents critical challenges for the various legal regimes that are encountering it. This Article provides legal scholars and policymakers with the tools to comprehend this new form of value creation through two descriptive contributions. First, it presents a theoretical account of social data, a mode of production which is cultivated and exploited for two distinct (albeit related) forms of value: prediction value and exchange value. Second, it creates and defends a taxonomy of three “scripts” that companies follow to build up and leverage prediction value and describes the normative and legal ramifications of these scripts.

The Article then applies these descriptive contributions to demonstrate how legal regimes are failing to effectively regulate social data value creation. Through the examples of tax law and data privacy law, it demonstrates these struggles in both legal regimes that have historically regulated value creation, like tax law, and legal regimes that have been newly tasked with regulating value creation by informational capitalism, like privacy and data protection law.

The Article argues that separately analyzing data’s prediction value and its exchange value may be helpful to understanding the challenges the law faces in governing social data production and the political economy surrounding such production. This improved understanding will equip legal scholars to better confront the harms of law’s failures in the face of informational capitalism, reduce legal arbitrage by powerful actors, and facilitate opportunities to maximize the beneficial potential of social data value.

FTC "Dark Patterns" Privacy Report Released

The FTC has released a report concerning the perhaps poorly named “Dark Patterns.”  Dark patterns are generally deceptive, confusing or misleading systems, tactics and procedures used by website or software developers or operators which may harm consumer privacy interests.  The Press Release for the Report states:

The Federal Trade Commission released a report today showing how companies are increasingly using sophisticated design practices known as “dark patterns” that can trick or manipulate consumers into buying products or services or giving up their privacy. The dark pattern tactics detailed in the report include disguising ads to look like independent content, making it difficult for consumers to cancel subscriptions or charges, burying key terms or junk fees, and tricking consumers into sharing their data. The report highlighted the FTC’s efforts to combat the use of dark patterns in the marketplace and reiterated the agency’s commitment to taking action against tactics designed to trick and trap consumers.

“Our report shows how more and more companies are using digital dark patterns to trick people into buying products and giving away their personal information,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “This report—and our cases—send a clear message that these traps will not be tolerated.”

For years, unscrupulous direct-mail and brick-and-mortar retailers have used design tricks and psychological tactics such as pre-checked boxes, hard-to-find-and read disclosures, and confusing cancellation policies, to get consumers to give up their money or data. As more commerce has moved online, dark patterns have grown in scale and sophistication, allowing companies to develop complex analytical techniques, collect more personal data, and experiment with dark patterns to exploit the most effective ones. The staff report, which stems from a workshop the FTC held in April 2021, examined how dark patterns can obscure, subvert, or impair consumer choice and decision-making and may violate the law.

The report, Bringing Dark Patterns to Light, found dark patterns used in a variety of industries and contexts, including e-commerce, cookie consent banners, children’s apps, and subscription sales. The report focuses on four common dark pattern tactics:

• Misleading Consumers and Disguising Ads: These tactics include advertisements designed to look like independent, editorial content; comparison shopping sites that claim to be neutral but really rank companies based on compensation; and countdown timers designed to make consumers believe they only have a limited time to purchase a product or service when the offer is not actually time-limited. For example, the FTC took action against the operators of a work-from-home scheme for allegedly sending unsolicited emails to consumers that included “from” lines that falsely claimed they were coming from news organizations like CNN or Fox News. The body of these emails included links that sent consumers to additional fake online news stories, and then eventually routed consumers to sales websites that pitched the company’s work-from-home schemes.

• Making it difficult to cancel subscriptions or charges: Another common dark pattern involves tricking someone into paying for goods or services without consent. For example, deceptive subscription sellers may saddle consumers with recurring payments for products and services they never intended to purchase or that they do not wish to continue purchasing. For example, in its case against ABCmouse, the FTC alleged the online learning site made it extremely difficult to cancel free trials and subscription plans despite promising “Easy Cancellation.” Consumers who wanted to cancel their subscriptions were often forced to navigate a difficult-to-find, lengthy, and confusing cancellation path on the company’s website and click through several pages of promotions and links that, when clicked, directed consumers away from the cancellation path. 
• Burying key terms and junk fees: Some dark patterns operate by hiding or obscuring material information from consumers, such as burying key limitations of the product or service in dense terms of service documents that consumers don’t see before purchase. This tactic also includes burying junk fees. Companies advertise only part of a product’s total price to lure consumers in, and do not mention other mandatory charges until late in the buying process. In its case against LendingClub, the FTC alleged that the online lender used prominent visuals to falsely promise loan applicants that they would receive a specific loan amount and pay “no hidden fees” but hid mention of fees behind tooltip buttons and in between more prominent text.

• Tricking consumers into sharing data: These dark patterns are often presented as giving consumers choices about privacy settings or sharing data but are designed to intentionally steer consumers toward the option that gives away the most personal information. The FTC alleged that smart-TV maker Vizio enabled default settings allowing the company to collect and share consumers’ viewing activity with third parties, only providing a brief notice to some consumers that could easily be missed.

As detailed in the report, the FTC has worked to keep pace with the evolving types of dark patterns used in the marketplace. The Commission has sued companies for requiring users to navigate a maze of screens in order to cancel recurring subscriptions, sneaking unwanted products into consumers’ online shopping carts without their knowledge, and experimenting with deceptive marketing designs. 

The Commission voted 5-0 at an open meeting to authorize the release of the staff report.

U.S. Federal Trade Commission Releases New Safeguards Rule for Non-Banking Financial Institutions

The Federal Trade Commission (FTC) in the United States has changed the regulations concerning the Safeguards Rule relating to cybersecurity standards for non-banking financial institutions.  Essentially, the new Safeguards Rule contains additional specificity regarding what is required to comply with the contextual administrative, physical and technical standards for a compliant information security program.  The new Safeguards Rule will be effective a year from publication in the Federal Register. Notably, the new Safeguards Rule contains significant new definitions. The FTC press release states, in relevant part:  

The FTC’s updated Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security system to keep their customers’ information safe.

“Financial institutions and other entities that collect sensitive consumer data have a responsibility to protect it,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The updates adopted by the Commission to the Safeguards Rule detail common-sense steps that these institutions must implement to protect consumer data from cyberattacks and other threats.”

The changes adopted by the Commission to the Safeguards Rule include more specific criteria for what safeguards financial institutions must implement as part of their information security program such as limiting who can access consumer data and using encryption to secure the data. Under the updated Safeguards Rule, institutions must also explain their information sharing practices, specifically the administrative, technical, and physical safeguards the financial institutions use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customers’ secure information. In addition, financial institutions will be required to designate a single qualified individual to oversee their information security program and report periodically to an organization’s board of directors, or a senior officer in charge of information security.

The Safeguards Rule was mandated by Congress under the 1999 Gramm-Leach-Bliley Act. Today’s updates are the result of years of public input. In 2019, the FTC sought comment on proposed changes to the Safeguards Rule and, in 2020 held a public workshop on the Safeguards Rule.

In addition to the updates, the FTC is seeking comment on whether to make an additional change to the Safeguards Rule to require financial institutions to report certain data breaches and other security events to the Commission. The FTC is issuing a supplemental notice of proposed rulemaking, which will be published in the Federal Register shortly. The public will have 60 days after the notice is published in the Federal Register to submit a comment.

The new Safeguards Rule is available, here. Notably, there is legislation before the U.S. Congress to massively increase the budget of the FTC to deal, in part, with privacy and cybersecurity issues. 

Biden Administration Executive Order on Competition: Some IP Portions

On July 9, 2021, the Biden Administration released an “Executive Order on Promoting Competition in the American Economy” that literally will touch almost every part of the U.S. economy.  The Executive Order can be found, here.  Concerning SEPs the Executive Order states:

To avoid the potential for anticompetitive extension of market power beyond the scope of granted patents, and to protect standard-setting processes from abuse, the Attorney General and the Secretary of Commerce are encouraged to consider whether to revise their position on the intersection of the intellectual property and antitrust laws, including by considering whether to revise the Policy Statement on Remedies for Standards-Essential Patents Subject to Voluntary F/RAND Commitments issued jointly by the Department of Justice, the United States Patent and Trademark Office, and the National Institute of Standards and Technology on December 19, 2019.

The Order further directs the FTC Chair to consider rulemaking in the following areas:

          (i)    unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy;
          (ii)   unfair anticompetitive restrictions on third-party repair or self-repair of items, such as the restrictions imposed by powerful manufacturers that prevent farmers from repairing their own equipment;
          (iii)  unfair anticompetitive conduct or agreements in the prescription drug industries, such as agreements to delay the market entry of generic drugs or biosimilars;
          (iv)   unfair competition in major Internet marketplaces;
. . . and
          (vii)  any other unfair industry-specific practices that substantially inhibit competition.

The Order directs the Secretary of Agriculture to prepare a report concerning IP laws and seeds and other inputs:

to help ensure that the intellectual property system, while incentivizing innovation, does not also unnecessarily reduce competition in seed and other input markets beyond that reasonably contemplated by the Patent Act (see 35 U.S.C. 100 et seq. and 7 U.S.C. 2321 et seq.), in consultation with the Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office, submit a report to the Chair of the White House Competition Council, enumerating and describing any relevant concerns of the Department of Agriculture and strategies for addressing those concerns across intellectual property, antitrust, and other relevant laws.

The Order directs the Secretary for Health and Human Services to address drug access and pricing:

          (iv)    not later than 45 days after the date of this order, submit a report to the Assistant to the President for Domestic Policy and Director of the Domestic Policy Council and to the Chair of the White House Competition Council, with a plan to continue the effort to combat excessive pricing of prescription drugs and enhance domestic pharmaceutical supply chains, to reduce the prices paid by the Federal Government for such drugs, and to address the recurrent problem of price gouging;
          (v)     to lower the prices of and improve access to prescription drugs and biologics, continue to promote generic drug and biosimilar competition, as contemplated by the Drug Competition Action Plan of 2017 and Biosimilar Action Plan of 2018 of the Food and Drug Administration (FDA), including by:
               (A)  continuing to clarify and improve the approval framework for generic drugs and biosimilars to make generic drug and biosimilar approval more transparent, efficient, and predictable, including improving and clarifying the standards for interchangeability of biological products;
               (B)  as authorized by the Advancing Education on Biosimilars Act of 2021 (Public Law 117-8, 135 Stat. 254, 42 U.S.C. 263-1), supporting biosimilar product adoption by providing effective educational materials and communications to improve understanding of biosimilar and interchangeable products among healthcare providers, patients, and caregivers;
               (C)  to facilitate the development and approval of biosimilar and interchangeable products, continuing to update the FDA’s biologics regulations to clarify existing requirements and procedures related to the review and submission of Biologics License Applications by advancing the “Biologics Regulation Modernization” rulemaking (RIN 0910-AI14); and
               (D)  with the Chair of the FTC, identifying and addressing any efforts to impede generic drug and biosimilar competition, including but not limited to false, misleading, or otherwise deceptive statements about generic drug and biosimilar products and their safety or effectiveness;
          (vi)    to help ensure that the patent system, while incentivizing innovation, does not also unjustifiably delay generic drug and biosimilar competition beyond that reasonably contemplated by applicable law, not later than 45 days after the date of this order, through the Commissioner of Food and Drugs, write a letter to the Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office enumerating and describing any relevant concerns of the FDA; 
          (vii)   to support the market entry of lower-cost generic drugs and biosimilars, continue the implementation of the law widely known as the CREATES Act of 2019 (Public Law 116-94, 133 Stat. 3130), by:
               (A)  promptly issuing Covered Product Authorizations (CPAs) to assist product developers with obtaining brand-drug samples; and
               (B)  issuing guidance to provide additional information for industry about CPAs; and
          (viii)  through the Administrator of the Centers for Medicare and Medicaid Services, prepare for Medicare and Medicaid coverage of interchangeable biological products, and for payment models to support increased utilization of generic drugs and biosimilars.

The Order directs the Secretary of Commerce to reconsider proposed regulations concerning technology transfer:

   (r)  The Secretary of Commerce shall:
          (i)    acting through the Director of the National Institute of Standards and Technology (NIST), consider initiating a rulemaking to require agencies to report to NIST, on an annual basis, their contractors’ utilization activities, as reported to the agencies under 35 U.S.C. 202(c)(5);
          (ii)   acting through the Director of NIST, consistent with the policies set forth in section 1 of this order, consider not finalizing any provisions on march-in rights and product pricing in the proposed rule “Rights to Federally Funded Inventions and Licensing of Government Owned Inventions,” 86 Fed. Reg. 35 (Jan. 4, 2021); 

                (iii)  not later than 1 year after the date of this order, in consultation with the Attorney General and the Chair of the Federal Trade Commission, conduct a study, including by conducting an open and transparent stakeholder consultation process, of the mobile application ecosystem, and submit a report to the Chair of the White House Competition Council, regarding findings and recommendations for improving competition, reducing barriers to entry, and maximizing user benefit with respect to the ecosystem.

Free Colloquium -- "Technological Progress, COVID-19 and the Future of Globalization"

VIT University Law School in Chennai, India is hosting a Zoom colloquium titled, “Technological Progress, COVID-19 and the Future of Globalization” on June 22 at 6:30 pm Indian Standard Time (6:00 am PST (California); 3:00 pm GMT+2 (Belgium) 9:00 pm GMT+8 (China)). The colloquium participants will offer their preliminary thoughts concerning issues ranging from intellectual property access to vaccine development and manufacturing to investment and the World Trade Organization.  Given the nature of the colloquium, we will not cover all potential issues.  However, a follow-up conference exploring these and additional issues in depth is tentatively scheduled for the Winter of 2020 or Spring of 2021 in Chennai. 

The participants in the Zoom colloquium include: Dean Gandhi Manimuthu (VIT Law); Mark Lemley (Stanford Law); Jim Chen (Michigan State Law); Martin Husovec (Tilburg University); Kirsten Schmalenbach (Univ. of Salzburg Law); Stephan Kirste (Univ. of Salzburg Law); Henrik Andersen (CBS Law); Liu Lina (Xi’an Jiaotong University); Prabash Ranjan (South Asian University); James Nedumpara (Indian Institute of Foreign Trade); Ana Rutchsman (St. Louis Law); Patrick Warto (Univ. of Salzburg Law); and Mike Mireles (Univ. of the Pacific, McGeorge Law).   If you are interested in participating via Zoom, please contact Mike Mireles at msmireles@gmail.com.  There are limited spots available.  Thank you!

Mayer Brown Cybersecurity and Data Privacy Report

The law firm of Mayer Brown has published its 2019 Outlook: Cybersecurity and Data Privacy Report.  The 20 page Report warns that cybersecurity breaches are likely to increase in 2019.  Helpfully, the Report provides an overview of numerous new and potentially forthcoming regulatory changes in the United States and other countries.  For example, the Report covers U.S. Department of Transportation and Federal Drug Administration regulation.  The Report also raises the National Association of Insurance Commissioners model data security law that was adopted by the state of South Carolina, Ohio and Michigan.  The Report also covers some potential differences in law across countries such as maintaining privilege and preserving documents in anticipation of litigation.  On trade secrets, the Report notes:

Trade Secret Theft. Companies should expect the current Administration to remain focused on the threat to American economic prosperity and national security posed by economic espionage in 2019. In 2015, China and the United States publicly committed to not engage in the cyber-enabled theft of intellectual property for commercial gain. Recent statements from senior administration officials and high-profile indictments brought by the Department of Justice indicate the view of some leading government officials that China has failed to adhere to that commitment. For example, the Department of Justice indicted two Chinese nationals associated with the Chinese Ministry of State Security of numerous hacking offensives associated with a global campaign to steal sensitive business information. Congress is also likely to consider legislative responses to trade secret theft and economic espionage. These actions suggest that 2019 is likely to see further disputes with China over cyber theft of trade secrets. Companies—especially those in industries that have previously been targeted by espionage campaigns— are likely to benefit from tracking developments in this space.

President Trump noted that he is continuing to push China on cybersecurity issues concerning trade secret theft in his recent State of the Union address:

We are now making it clear to China that after years of targeting our industries, and stealing our intellectual property, the theft of American jobs and wealth has come to an end.

Therefore, we recently imposed tariffs on $250 billion of Chinese goods -- and now our Treasury is receiving billions of dollars a month from a country that never gave us a dime. But I don't blame China for taking advantage of us -- I blame our leaders and representatives for allowing this travesty to happen. I have great respect for President Xi, and we are now working on a new trade deal with China. But it must include real, structural change to end unfair trade practices, reduce our chronic trade deficit, and protect American jobs.

Mayer Brown has also issued a discussion of the European Union Agency for Network and Information Security ("ENISA") 2018 Threat Landscape Report. 

Madonna seeks giant privacy payout in UK litigation

The Guardian has reported that pop icon Madonna is claiming more than £5 million in damages from the Mail on Sunday newspaper, which admitted a breach of privacy and copyright infringement following its publication of private photographs of her wedding to film director Guy Ritchie. If Madonna succeeds, she will have created a new UK record for a pay-out in a privacy case (the current record is the £60,000 recently awarded to Formula One boss Max Mosle after revelations concerning his sex life were published in the News of the World).

The singer had accused the Mail on Sunday of breaching her privacy and copyright by publishing pictures of her wedding in the Scottish Highlands, eight years after the event, following news that her marriage to Ritchie had broken down. The wedding was said to have been "wholly private" though the photos were said to have been surreptitiously copied by an interior designer at Madonna's home in Beverly Hills.  The paper is said to have paid just £5,000 for them. A decision from Mr Justice Eady is expected in the New Year.

[Thanks, Birgit Clark, for supplying this information].