Articles Posted in News

by

Over the past two years, privacy legislation and regulation has focused on a variety of issues.  How companies can collect and use sensitive information (healthcare data, geolocation, financial data and the like) and how they respond to consumer requests often take top billing.  But “dark patterns” can impact not only a company’s disclosures, but its business operations generally.

What are Dark Patterns? 

Dark patterns are usually defined as user interfaces that trick or manipulate consumers into making choices that they would not otherwise have made. The California Consumer Privacy Act (CCPA) defines dark patterns as user interfaces that “subvert or impair consumers’ autonomy, decision making, or choice”.  Similarly, the Federal Trade Commission (FTC) defines unlawful dark patterns to include any online “design practices that trick or manipulate users into making decisions they would not otherwise have made and that may cause harm” and considers the use of dark patterns to be an unfair and deceptive trade practice.

Examples of dark patterns include:

  • Unclear choices – Customer choices that are not presented in a clear and balanced way. For example, if a business offers an option to opt-out of sharing personal information, the option should be clear and easy to find.
  • Confusing language – Choices that a business presents in technical or difficult language.
  • Hidden information – Information and key terms buried in fine print or in unexpected places.
  • Making it hard to cancel Businesses should not make it difficult for consumers to cancel subscriptions or charges.

Continue reading

by

The California Invasion of Privacy Act (CIPA) is sparking a surge in lawsuits that could profoundly impact businesses with consumer-facing websites. Once focused on law enforcement’s use of “trap and trace” devices, CIPA is now being applied to website tracking technologies like cookies and pixels, exposing companies to significant legal risks. In the article below, JMBM Partner Stuart K. Tubis delves into the key considerations surrounding this trend, the latest court rulings, and practical steps businesses can take to defend against these claims.

California’s Trap and Trace Pen Register Litigation: Key Considerations & How to Respond to a Lawsuit
by Stuart Tubis

The California Invasion of Privacy Act (CIPA) is driving a wave of litigation that could significantly impact businesses with consumer-facing websites. Hundreds of lawsuits have been filed recently alleging that businesses operating in California violated CIPA due to very common software and business practices found on their websites. Initially intended to regulate law enforcement’s use of “trap and trace” devices, plaintiffs now argue that CIPA’s outdated language applies to website tracking tools, such as cookies, pixels, and beacons.

Background on Trap and Trace Provisions

California’s Penal Code Section 638.51 prohibits installing or using a trap and trace device without a court order. A trap and trace device identifies the origin of incoming signals, similar to caller ID but more advanced. Originally, this provision applied only to law enforcement tracking incoming telephone numbers. However, plaintiffs now claim that common online tools also violate the statute by capturing information like IP addresses, geographic data, and browsing habits—data they argue is akin to “dialing, routing, addressing, or signaling information” regulated under CIPA.

The recent lawsuits target businesses across sectors, asserting that website visitor tracking constitutes illegal data collection. Plaintiffs argue that the law’s broad definitions of “trap and trace” devices include online tracking technologies, even though these provisions were designed decades ago with telephones, not the internet, in mind. Many businesses argue this a misapplication of an old law that has no proper application to the internet. Continue reading

by

Bob Braun was recently quoted in an article distributed by the National Institute of Standards and Technology (NIST), evaluating the organization’s recent publication of a three-part guide to securing guest and credit card data at hotels. “This publication analyzes and addresses the challenges common to almost all hotels in creating secure data systems,” he said. “Hotels would be well-advised to incorporate its recommendations in their information protection protocols.”

The guide, Securing Property Management Systems, uses commercially available technology to implement a range of data security strategies, including zero trust architecture, role-based authentication, and tokenization of credit card data. Hotels are attractive targets for attackers seeking sensitive guest or financial data; one industry report ranked the hospitality industry as the third-most frequently compromised, suffering 13% of all incidents in 2019.

Read the full article here.

All three parts of the guide are available as a downloadable PDF here.

by

LOS ANGELES—Jeffer Mangels Butler & Mitchell LLP (JMBM) is pleased to announce that Michael A. Gold, co-chair of JMBM’s Cybersecurity & Privacy Group, has been recognized by the Daily Journal as one of California’s Top Cyber Lawyers.

As reported by the Daily Journal, his clients include companies that operate within large and complex data environments, particularly those with international operations and regulatory challenges.

In the Daily Journal’s profile, Gold said:

“Threats and exploits and hacks are existential problems for companies when they lead to lawsuits and regulatory investigations. Nobody takes this lightly, and part of my job is to help clients see a path forward.”

Read the full profile here.

Gold has been recognized as one of the “Most Influential Lawyers: Digital Media and E-Commerce Law” by the Los Angeles Business Journal, has been designated a “Top Rated Lawyer in Technology Law” by Martindale Hubbell, and was listed in the Daily Journal’s Top 20 Cyber – Artificial Intelligence Lawyers” in 2018. He is the co-publisher of the blog, Cybersecurity Lawyer Forum, a resource for lawyers, executives, boards of directors and IT professionals.

“Michael remains on the forefront of the dynamic cyber and technology issues that continue to impact businesses worldwide,” said Bruce Jeffer, JMBM’s managing partner. “He is a tremendous asset to our clients and to our firm.”