< Back to Previous Page
Related Practices

E-Commerce Law Week, Issue 595

February 13, 2010

Immunity For Telecoms May Not Equal Anonymity

The Ninth Circuit has blocked, for now, a court order requiring disclosure of records that would identify the telecommunications companies and their agents that lobbied for an amendment to the Foreign Intelligence Surveillance Act that immunized companies that cooperated with the Bush Administration’s warrantless wiretapping program.  The immunity provision was eventually included in the FISA Amendments Act of 2008, and resulted in the dismissal of lawsuits against the telecoms related to the wiretapping program.  But numerous records of the discussions that led to passage of this provision have been released under the Freedom of Information Act.  What remains undisclosed, for now, are the identities of the telecoms and their agents that actually did the lobbying -- though these must surely rank as some of the world’s most open secrets.

Court Rejects CFAA Claim Based on Deleted Files

The Computer Fraud and Abuse Act (CFAA) is notoriously vague or confusing on some issues, leading to conflicting decisions over when access to a computer is "without authorization" and what constitutes compensable "damage" or "loss."  But once in a while, a court interprets the CFAA in a way that is simply inexplicable.  A district court in Mississippi recently granted a defendant's motion for summary judgment on a CFAA claim brought by a company whose files were allegedly deleted by a disloyal employee who was working for a competitor.  The court held that the plaintiff had failed to allege a cognizable loss because it had not alleged damage to company computers or an interruption of service.  The court ignored language in the CFAA expressly allowing relief for "impairment to the integrity or availability of data … or information," and for the costs of "conducting a damage assessment" and "restoring the data … or information."

EU Revises Model Contract Clauses for Data Transfers

The EU Data Protection Directive restricts transfers of personal data of EU residents to non-EU countries.  A common approach for complying with this obligation is for the EU data transferor and the transferee abroad to adopt model contract clauses approved by the European Commission.  The European Commission earlier this month adopted a decision approving a new set of model contract clauses for the transfer of personal data from a data controller to a foreign processor (controller-to-controller clauses were previously approved).  The new clauses permit the foreign processor to re-transfer data to a sub-processor (the previous version did not permit this), and delete an arbitration provision from the previous version that had never been applied in practice.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2012 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Beijing | Brussels | Century City | Chicago | London | Los Angeles | New York | Phoenix | Washington