E-Commerce Law Week, Issue 442

Ninth Circuit Takes A Mulligan on Employee Privacy

The Ninth Circuit last summer held in United States v. Ziegler that an employee had no reasonable expectation of privacy in his workplace computer where the employer had a policy and practice of regularly monitoring employees' computer usage.  Accordingly, it affirmed the district court's denial of the employee's motion to suppress evidence of child pornography seized by police from the employee's workplace hard drive, even though that evidence was obtained by entering the employee's locked private office.  We criticized the court's reasoning at the time, and suggested that the decision would have been on sounder footing if the court had based its judgment the employer's consent to the search.  Well, someone in chambers must be an ECLW fan, because on January 30 the Ninth Circuit panel rescinded its earlier opinion and issued a new one, reaching the same result but on the ground of employer consent.  While some may think this decision is a big win for employee rights, in fact it is probably a more important victory for employers, since it preserves companies' ability to control the terms of access to their network by both employees and the government.

Will Plaintiffs' Bar Soon Be Singing "T-T-T-T-T-T-T-T-TJX" in Breach Cases?

Knowledgeable commentators (yes, we're in a self-congratulatory mood this week) have predicted for a while that the plaintiffs' bar will eventually succeed in a negligence suit based on a company's failure to implement "reasonable" data security.  And it appears that the "breach-chasers" may have finally found the right case.  The data breach involving retail conglomerate TJX Companies, Inc. (the owner of discount chains T.J. Maxx and Marshalls, among others), first announced in mid-January, has so far drawn at least four putative class action suits in federal court in Massachusetts.  While the plaintiffs in past class actions stemming from data breaches have had a difficult time establishing standing (for lack of cognizable harm) and/or damages, the TJX case might not suffer from the same weaknesses.  The breach reportedly was broad in scope -- possibly involving more than 40 million credit and debit cards -- and has resulted in fraudulent debit and credit card purchases.  These factors, combined with the emergence in recent years of a discernible standard of what constitutes "reasonable" security, could make this a precedent-setting case.  If so, tort law in breach cases may "never ever [be] the same place," as the old T.J. Maxx commercial went.  Accordingly, companies will have even more reason to pay close attention to their data security procedures.

FTC to Sony:  No More DRM Baloney

Digital rights management ("DRM") technology is designed to curb copyright infringement by placing technological restrictions on consumers' use of digital copies of music, books, movies and software.  But Sony BMG Music Entertainment used particularly invasive DRM software on its CDs, which created risks to the security, privacy, and integrity of consumers' data, all without consumers' knowledge or consent.  Sony's sale of these CDs has resulted in costly settlements with state attorneys general, federal class action plaintiffs, and, most recently, the Federal Trade Commission.  The lesson:  Protect your copyright, sure.  But be open about what you're doing, and don't use rights management as a cover for marketing.

EU Consumer Protection Authorities Singing the Same iTune?

Apple executives seem likely to hum a happy ditty as they watch their iPod music players chart the same path of huge popularity and market dominance in Europe as they have in the United States.  But their tune is presumably rather less cheerful as they watch the emerging offensive by European consumer protection authorities against various aspects of Apple's iTunes business model.  EU concerns with iTunes were first in the spotlight in the middle of 2006, when the French Parliament passed an "iTunes law" mandating interoperability standards for digital music players.  But the real heat on iTunes is being felt in the New Year, as various EU consumer protection authorities, including Norway, Germany, and Finland, are joining the fray.  Whatever the reasons for these actions, the chorus of European authorities is likely to continue the same hymn for some time, without delivering music to Apple's ears.

Dubai's New Laws Help It Become Technology Hub

The UN has ranked the UAE higher in "e-Government readiness" than any other Arab country, and of the seven UAE emirates, Dubai is the clear leader in Internet business.  Dubai's showcase project is the Dubai Internet City -- a free trade zone which provides extensive physical and IT infrastructure for Internet business -- spearheading its push to become a major player in the IT world.  And foreign technology companies have responded to Dubai's efforts:  3M, Hewlett-Packard, Intel, Microsoft, Nokia, Sun Microsystems, and others recently announced that they are forming the Dubai IT Association, "an industry body that seeks to drive the development of information and communication technology (ICT) in Dubai."  Supporting these initiatives are legislative efforts, including Dubai's new Data Protection Law 2007 and the UAE's Federal Law No. 1 of 2006 (the Electronic Transactions and Commerce Law (summary)), and Federal Law No. 2 of 2006 (the Cyber Crimes Law (summary)).  Although these laws do much to bring Dubai's regulations into line with those in the West, other aspects of Dubai law remain more restrictive.  The Cyber Crime Law, for example, contains restrictions on online speech, although such limits are not unusual in the Middle East.  If the region ever manages to step out of the shadow of its longstanding political troubles, Dubai's IT initiatives could give the emirate greater importance on the global stage.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.