{"id":1317,"date":"2020-04-21T10:56:57","date_gmt":"2020-04-21T15:56:57","guid":{"rendered":"https:\/\/blogofnotesite.wpengine.com\/?p=1317"},"modified":"2020-04-22T10:51:11","modified_gmt":"2020-04-22T15:51:11","slug":"stay-at-home-videoconferencing-and-a-baptism-of-fire-for-the-california-consumer-privacy-act","status":"publish","type":"post","link":"https:\/\/blog.northwesternlaw.review\/?p=1317","title":{"rendered":"Stay-at-Home, Videoconferencing, and a Baptism of Fire for the California Consumer Privacy Act"},"content":{"rendered":"\n<p>The novel coronavirus COVID-19 has rapidly become <a href=\"https:\/\/www.cnbc.com\/video\/2020\/04\/01\/coronavirus-could-be-worst-public-health-disaster-in-us-history-expert.html\">one of the worst public health crises <\/a>in U.S. history. Yet this is not only a critical moment for health, but also for privacy. With <a href=\"https:\/\/www.businessinsider.com\/us-map-stay-at-home-orders-lockdowns-2020-3\">social isolation orders <\/a>in forty-two states, as well as Washington, D.C., Puerto Rico, and Guam, collaborative technological services\u2014such as such as video conferencing, file sharing, mobile apps, and video games\u2014have taken an even more preeminent role in our <a href=\"https:\/\/www.axios.com\/tech-shapes-a-new-stay-at-home-economy-e6663c4e-fcfb-4b68-8bc9-37e8c2c1f81d.html\">social and work lives<\/a>. The increasing importance of these technologies represents the equally increasing power these services have over our privacy, <a href=\"https:\/\/www.businessinsider.com\/video-conferencing-apps-62-million-downloads-zoom-houseparty-hangouts-teams-2020-3\">both at work and at home<\/a>. Sensitive corporate information, facts about individuals\u2019 well-being, and personal conversations between loved ones are being communicated via these platforms in <a href=\"https:\/\/techcrunch.com\/2020\/04\/09\/microsoft-says-video-calls-in-teams-grew-1000-in-march\">greater quantities than ever before<\/a>. Proper privacy protections have never been more important for U.S. citizens, yet federal data privacy law remains a patchwork of sector-specific laws that fail to cover large swaths of entities that process personal <a href=\"https:\/\/www.cfr.org\/report\/reforming-us-approach-data-protection\">information<\/a>. Instead, it is largely left to states to adopt consumer privacy laws, of which California was the first with its <a href=\"https:\/\/ccpa-info.com\/home\/consumers-right-to-receive-information\/\">California Consumer Privacy Act (CCPA)<\/a> having taken effect in <a href=\"https:\/\/techcrunch.com\/2020\/01\/01\/the-california-consumer-privacy-act-officially-takes-effect-today\/?guccounter=1&amp;guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&amp;guce_referrer_sig=AQAAAN0Si_WQdDR1u-d5hVu_Ei_XPHcl3fVugkdH-hK4_y3Rm3MLLm0rVDO51Fz7T1hNzvy7DHOFt33aVADoYjGOZrYGXc5e8HZ-A0Bu1bXx4sLo9haokyrF7wkROny67rsBJs3U1qvRyI3L9Yqv3O_8euVfztSxlRIHwMFkD001IYY6\">January 2020<\/a>.<\/p>\n\n\n\n<p>The sole consumer privacy act in the <a href=\"https:\/\/www.wired.com\/story\/ccpa-guide-california-privacy-law-takes-effect\">United States<\/a>, the CCPA is now the primary shield against poor data processing practices from online collaborative platforms, foremost among them Zoom Video (Zoom). Zoom\u2019s soaring popularity led to greater scrutiny of its data processing and security practices, with the findings ranging from sending <a href=\"https:\/\/www.jdsupra.com\/legalnews\/zooming-in-on-zoom-s-security-and-74088\">personal information to Facebook<\/a> to allowing uninvited attendees to break into <a href=\"https:\/\/www.computerworld.com\/article\/3537193\/zoom-hit-by-investor-lawsuit-as-security-privacy-concerns-mount.html\">private calls<\/a>, a practice known as \u201cZoom-bombing.\u201d Just a month after the first CCPA case ever was <a href=\"https:\/\/news.bloomberglaw.com\/privacy-and-data-security\/insight-first-ccpa-related-case-foreshadows-five-issues-5\">filed<\/a>, on March 30, 2020, a <a href=\"https:\/\/www.courtlistener.com\/docket\/17026264\/1\/cullen-v-zoom-video-communications-inc\/\">class action suit against Zoom <\/a>was brought before the U.S. District Court for the Northern District of California. The <a href=\"https:\/\/www.courtlistener.com\/docket\/17026264\/1\/cullen-v-zoom-video-communications-inc\/\">class action complaint <\/a>alleges that Zoom violated the CCPA by failing to provide consumers with adequate notice of personal information processing practices and by failing to implement reasonable security measures to prevent the unauthorized disclosure of non-encrypted personal information. The CCPA explicitly requires entities collecting consumers\u2019 personal information to fully disclose the collection of such information and how it will be used, including with which third parties it is <a href=\"https:\/\/ccpa-info.com\/home\/consumers-right-to-receive-information\/\">shared<\/a>. Businesses processing personal data also must implement and maintain reasonable security measures to prevent the inadvertent disclosure of such <a href=\"https:\/\/ccpa-info.com\/home\/1798-150-civil-actions\/\">information<\/a>. Therefore, the CCPA would seem to be a promising constraint on poor data protection practices, both in the conscious use of data as well as maintaining insufficient protection practices.<\/p>\n\n\n\n<p>These rights are standard for data protection regimes around the world and are part and parcel of the comprehensive data protection in the European Union, the <a href=\"https:\/\/www.bakerlaw.com\/webfiles\/Privacy\/2018\/Articles\/CCPA-GDPR-Chart.pdf\">General Data Protection Regulation<\/a>. Yet the CCPA is still untested in court and such protections are new to the U.S. legal regime. The courts\u2019 early interpretation of key terms such as \u201cdisclosure\u201d and \u201creasonable security measures\u201d will be critical. The Northern District of California\u2019s ruling in this case, or settlement negotiations between the class and Zoom, will be of the utmost importance for future CCPA litigation and reigning in poor consumer data privacy practices. Although the CCPA only protects California residents, the interstate nature of the Internet would likely cause data processing entities to conform to the highest data privacy standard in the United States. Given the vastly increased use of data-collecting online platforms due to COVID-19 stay-at-home orders, an enormous amount of personal data is on the line. Since California is currently the only state with a comprehensive consumer privacy act, the outcome of the Zoom litigation is particularly acute: if the CCPA proves to be a paper tiger, United States residents will be left nearly defenseless, with only a patchwork of federal and state laws to provide data protection.<\/p>\n\n\n\n<p><em>Michael P. Goodyear is a graduating 3L at the University of Michigan Law School, where he is the editor-in-chief of the Michigan Technology Law Review. His previous and upcoming law journal articles can be found on his SSRN site <\/em><a href=\"https:\/\/papers.ssrn.com\/sol3\/cf_dev\/AbsByAuth.cfm?per_id=4073357\"><em>here<\/em><\/a><em>. After graduation, Michael will work as a litigation associate at a large law firm in New York.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The novel coronavirus COVID-19 has rapidly become one of the worst public health crises in U.S. history. Yet this is not only a critical moment for health, but also for privacy. With social isolation orders in forty-two states, as well as Washington, D.C., Puerto Rico, and Guam, collaborative technological services\u2014such as such as video conferencing, file sharing, mobile apps, and video games\u2014have taken an even more preeminent role in our social and work lives. The increasing importance of these technologies&#8230;<\/p>\n<p class=\"read-more\"><a class=\"btn btn-default\" href=\"https:\/\/blog.northwesternlaw.review\/?p=1317\"> Read More<span class=\"screen-reader-text\">  Read More<\/span><\/a><\/p>\n","protected":false},"author":96,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[122,133],"tags":[126,125,130,114,111,127,128,132,131,124,129],"class_list":["post-1317","post","type-post","status-publish","format-standard","hentry","category-covid-19","category-internet-issues","tag-california-consumer-privacy-act","tag-ccpa","tag-class-action","tag-coronavirus","tag-covid-19","tag-privacy","tag-privacy-law","tag-social-isolation","tag-stay-at-home","tag-zoom","tag-zoom-bombing"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9jSvD-lf","jetpack-related-posts":[{"id":1426,"url":"https:\/\/blog.northwesternlaw.review\/?p=1426","url_meta":{"origin":1317,"position":0},"title":"HOAs and Residents with COVID-19","author":"Dave Fagundes","date":"May 25, 2020","format":false,"excerpt":"The coronavirus quarantine has led many states to issue stay-at-home orders on the plausible theory that doing so will cause individuals to be isolated from others and less likely to catch or spread the virus. Yet for many people, \u201chome\u201d is not a place of complete isolation, but involves shared\u2026","rel":"","context":"In &quot;COVID-19&quot;","block_context":{"text":"COVID-19","link":"https:\/\/blog.northwesternlaw.review\/?cat=122"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1435,"url":"https:\/\/blog.northwesternlaw.review\/?p=1435","url_meta":{"origin":1317,"position":1},"title":"Data Control and Surveillance in the COVID-19 Response","author":"Brian Citro &amp; Kat Albrecht","date":"May 26, 2020","format":false,"excerpt":"In a paper published last month, we argue that the emerging emphasis on digital technologies in the global tuberculosis (TB) response is ushering in a new era of data colonization and surveillance in the name of public health. We assert that, despite some promise, digital adherence technologies for TB create\u2026","rel":"","context":"In &quot;COVID-19&quot;","block_context":{"text":"COVID-19","link":"https:\/\/blog.northwesternlaw.review\/?cat=122"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1357,"url":"https:\/\/blog.northwesternlaw.review\/?p=1357","url_meta":{"origin":1317,"position":2},"title":"Surveillance Intrusiveness in a Pandemic","author":"Matthew B. Kugler &amp; Mariana Oliver","date":"April 28, 2020","format":false,"excerpt":"Government surveillance capabilities have always been a matter of public concern, but the current pandemic makes the issue especially salient. We set out to discover what Americans think of government surveillance during this crisis. Americans have been inundated with media reports of novel forms of public health surveillance since the\u2026","rel":"","context":"In &quot;Constitutional Issues&quot;","block_context":{"text":"Constitutional Issues","link":"https:\/\/blog.northwesternlaw.review\/?cat=134"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.northwesternlaw.review\/wp-content\/uploads\/2020\/04\/image.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.northwesternlaw.review\/wp-content\/uploads\/2020\/04\/image.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.northwesternlaw.review\/wp-content\/uploads\/2020\/04\/image.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":1410,"url":"https:\/\/blog.northwesternlaw.review\/?p=1410","url_meta":{"origin":1317,"position":3},"title":"Multi-Level Marketer Social Media Presence During COVID-19 Provokes FTC","author":"Erik Birnel","date":"May 16, 2020","format":false,"excerpt":"MLMs and Why They Matter DoTERRA essential oils and other multi-level marketers (MLMs) are in trouble. Their social media presence during the COVID-19 crisis provoked Federal Trade Commission (FTC) enforcement action in late April. But what exactly are MLMs and why are they particularly relevant during the COVID-19 crisis? MLMs\u2026","rel":"","context":"In &quot;COVID-19&quot;","block_context":{"text":"COVID-19","link":"https:\/\/blog.northwesternlaw.review\/?cat=122"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":703,"url":"https:\/\/blog.northwesternlaw.review\/?p=703","url_meta":{"origin":1317,"position":4},"title":"Article III Standing in Biometric Privacy Suits","author":"Arian Soroush","date":"March 30, 2018","format":false,"excerpt":"As the use of biometric technology has grown increasingly prevalent in our everyday lives, the legal issues surrounding its use have rapidly developed. Ranging from facial recognition technology employed by social media providers to fingerprint technology adopted by employers, biometric technology has important societal implications. While many find ease and\u2026","rel":"","context":"In &quot;Board member contribution&quot;","block_context":{"text":"Board member contribution","link":"https:\/\/blog.northwesternlaw.review\/?cat=55"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogofnotesite.wpengine.com\/wp-content\/uploads\/2018\/03\/6689264031_4c7516b3e1_b-1024x683.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogofnotesite.wpengine.com\/wp-content\/uploads\/2018\/03\/6689264031_4c7516b3e1_b-1024x683.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogofnotesite.wpengine.com\/wp-content\/uploads\/2018\/03\/6689264031_4c7516b3e1_b-1024x683.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":58,"url":"https:\/\/blog.northwesternlaw.review\/?p=58","url_meta":{"origin":1317,"position":5},"title":"BIPA and Its Federal Problems","author":"Alexander Ogren","date":"November 8, 2017","format":false,"excerpt":"It's not fun to have your credit card or identity stolen. It takes time, money, and mental energy to right yourself. Now, instead of just using cards as the gatekeepers, many companies are using customers\u2019 biometric information, such as fingerprints and facial geometry scans,\u00a0to\u00a0control access to private information. But unlike\u2026","rel":"","context":"In &quot;Board member contribution&quot;","block_context":{"text":"Board member contribution","link":"https:\/\/blog.northwesternlaw.review\/?cat=55"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogofnotesite.wpengine.com\/wp-content\/uploads\/2017\/11\/4599271172_8d08e52340_b-1024x685.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogofnotesite.wpengine.com\/wp-content\/uploads\/2017\/11\/4599271172_8d08e52340_b-1024x685.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogofnotesite.wpengine.com\/wp-content\/uploads\/2017\/11\/4599271172_8d08e52340_b-1024x685.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=\/wp\/v2\/posts\/1317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1317"}],"version-history":[{"count":0,"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=\/wp\/v2\/posts\/1317\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.northwesternlaw.review\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}