E-Commerce Law Week, Issue 469

Opt-in, Opt-out.  Carriers Seek to Sweep The Leg Out from Under New CPNI Privacy Rule

The Federal Communications Commission in April issued an order revising the privacy rules for the handling of Customer Proprietary Network Information (CPNI).  In addition to provisions combating pretexting, the order requires telecommunications carriers and interconnected VoIP providers to obtain customers' assent before sharing CPNI with joint ventures and independent contractors for marketing purposes.  (Such sharing of CPNI is currently governed by an "opt-out" standard.)  As we predicted in April, the National Cable and Telecommunications Association (NCTA) has now filed a petition with the U.S. Court of Appeals for the D.C. Circuit, challenging the opt-in provision as "arbitrary and capricious" and a violation of the First Amendment.  If the NCTA succeeds, carriers and VoIP providers will face one fewer regulatory hurdle.  On the other hand, an FCC win could signal a trend in which regulatory agencies increasingly shift the burden for protecting privacy from consumers to corporations.  But just as The Karate Kid spawned three sequels, this D.C. Circuit challenge will likely not be the final judicial word on the opt-in, opt-out debate.

Canadian Privacy Commissioner Issues Data Breach Notification Guidance

Canada's Office of the Privacy Commissioner has released voluntary guidelines for responding to data breaches involving the personal information of residents of the Great White North.  The guidelines, which are summarized in an accompanying checklist and were drafted in consultation with the private sector, are intended to lead organizations through the "four key steps" of breach response:  containment and preliminary assessment, risk evaluation, notification, and prevention.  The guidelines define a breach as the "unauthorized access to or collection, use, or disclosure of personal information," where such activity is "unauthorized" if it violates the Personal Information Protection and Electronic Documents Act or similar provincial privacy legislation.  Although voluntary, these guidelines could help shape future Canadian breach notification legislation.

UK Government Raises Stakes for Non-European Gambling Websites

The Gambling Act 2005 (Advertising of Foreign Gambling) Regulations 2007 issued earlier this month by the UK government mean that around one thousand online gambling sites are likely to be banned from advertising in the UK beginning in September, when the Gambling Act 2005 comes into force.  Operators from gambling havens such as Costa Rica, the Netherlands Antilles and Belize are apparently the primary target of the UK rules, but the rules have much broader ambit.  This move by the new UK government of Gordon Brown follows a series of hard-hitting measures taken by the authorities in the U.S. and France over the last year in an attempt to crack down on online gambling.  The crackdown under the Regulations may reflect a new government determination to protect UK residents from online gambling.  Or they may be simply a case of regulatory one-upsmanship with the United States and France.  Either way, the Regulations signify an important U-turn from the Blair government's plans to allow online advertising of casinos and betting shops in mainstream media along with the opening of 17 “super casinos” across the UK.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.